[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] x86/ucode: Exclude Zen6 from entrysign mitigations

Family 0x1a covers both Zen5 and Zen6, but the latter is not believed to be
vulnerable to entrysign.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>

This does want backporting, but it depends on 8e4775d118c327 which collects
leaf 7a1 early enough to be used in this way.  So, it should hold off for the
moment until the FRED backports are finalised.
---
 xen/arch/x86/cpu/microcode/amd.c | 6 ++++--
 xen/arch/x86/include/asm/amd.h   | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c
index 90f10ac8be37..2ba1fa825f2f 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -20,6 +20,7 @@
 #include <xen/mm.h> /* TODO: Fix asm/tlbflush.h breakage */
 #include <xen/sha2.h>
 
+#include <asm/amd.h>
 #include <asm/msr.h>
 
 #include "private.h"
@@ -576,7 +577,7 @@ void __init ucode_probe_amd(struct microcode_ops *ops)
      */
     if ( IS_ENABLED(CONFIG_MICROCODE_LOADING) &&
          boot_cpu_data.family >= 0x17 && boot_cpu_data.family <= 0x1a &&
-         !opt_digest_check )
+         !is_zen6_uarch() && !opt_digest_check )
     {
         printk(XENLOG_WARNING
                "Microcode patch additional digest checks disabled\n");
@@ -618,7 +619,8 @@ void __init amd_check_entrysign(void)
     if ( !IS_ENABLED(CONFIG_MICROCODE_LOADING)  ||
          boot_cpu_data.vendor != X86_VENDOR_AMD ||
          boot_cpu_data.family < 0x17            ||
-         boot_cpu_data.family > 0x1a )
+         boot_cpu_data.family > 0x1a            ||
+         is_zen6_uarch() )
         return;
 
     /*
diff --git a/xen/arch/x86/include/asm/amd.h b/xen/arch/x86/include/asm/amd.h
index 4036dd549835..d21df0741a32 100644
--- a/xen/arch/x86/include/asm/amd.h
+++ b/xen/arch/x86/include/asm/amd.h
@@ -59,6 +59,8 @@
  * For Zen3 and Zen4 (Fam19h) the heuristic is the presence of AutoIBRS, as
  * it's Zen4-specific.
  *
+ * For Zen5 and Zen6 (Fam1ah) the heuristic is the presence of FRED.
+ *
  * The caller is required to perform the appropriate vendor/family checks
  * first.
  */
@@ -66,6 +68,8 @@
 #define is_zen2_uarch()   boot_cpu_has(X86_FEATURE_AMD_STIBP)
 #define is_zen3_uarch() (!boot_cpu_has(X86_FEATURE_AUTO_IBRS))
 #define is_zen4_uarch()   boot_cpu_has(X86_FEATURE_AUTO_IBRS)
+#define is_zen5_uarch() (!boot_cpu_has(X86_FEATURE_FRED))
+#define is_zen6_uarch()   boot_cpu_has(X86_FEATURE_FRED)
 
 struct cpuinfo_x86;
 int cpu_has_amd_erratum(const struct cpuinfo_x86 *cpu, int osvw_id, ...);
-- 
2.39.5

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.