Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759373AbcLPH25 (ORCPT ); Fri, 16 Dec 2016 02:28:57 -0500 Received: from mx2.suse.de ([195.135.220.15]:50691 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753341AbcLPH2t (ORCPT ); Fri, 16 Dec 2016 02:28:49 -0500 Subject: Re: Can't boot as Xen dom0 due to commit fe055896 To: Borislav Petkov , Boris Ostrovsky References: <73a4d64b-b139-6579-a560-92311641d6c7@suse.com> <20161215164635.thm7ruio2ddnxszw@pd.tnic> <20161215171755.xpfuax7a6q3jofet@pd.tnic> <20161215173609.ornfok6lk5oro2pj@pd.tnic> Cc: Linux Kernel Mailing List , xen-devel From: Juergen Gross Message-ID: Date: Fri, 16 Dec 2016 08:28:46 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <20161215173609.ornfok6lk5oro2pj@pd.tnic> Content-Type: multipart/mixed; boundary="------------DC1DDCAC39AE2B6B0F82DC88" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2674 Lines: 89 This is a multi-part message in MIME format. --------------DC1DDCAC39AE2B6B0F82DC88 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 15/12/16 18:36, Borislav Petkov wrote: > On Thu, Dec 15, 2016 at 12:27:49PM -0500, Boris Ostrovsky wrote: >> It will probably fix it but I don't think we want this: it's a >> build-time solution. Most kernels have XEN on even though they are >> booted bare-metal. > > Lemme tell you want I want: a way to detect I'm running on xen. Does > CPUID(4) work really early, at load_ucode_bsp() time? > > IOW, can I use some of the functionality hypervisor_cpuid_base() uses to > detect xen and stop loading any further? What you really need is to avoid being called on a Xen pv guest. And this is easy by using xen_domain(). Not trying to load ucode in _any_ guest is an optimization only. The attached patch works for me in dom0, bare metal and Xen HVM guest. Juergen --------------DC1DDCAC39AE2B6B0F82DC88 Content-Type: text/x-patch; name="0001-x86-microcode-don-t-try-to-load-microcode-when-runni.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-x86-microcode-don-t-try-to-load-microcode-when-runni.pa"; filename*1="tch" >From 0b56d1f86679c5dc435ab6d96eb2f68b666271bb Mon Sep 17 00:00:00 2001 From: Juergen Gross Date: Fri, 16 Dec 2016 07:18:34 +0100 Subject: [PATCH] x86/microcode: don't try to load microcode when running as a xen pv guest As a Xen pv guest some mechanisms to do microcode loading or verification might not work. As the hypervisor is responsible for loading the microcode just skip microcode loading in case of running under Xen. Signed-off-by: Juergen Gross --- arch/x86/kernel/cpu/microcode/core.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 6996413..8dfc8bd 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -32,6 +32,8 @@ #include #include +#include + #include #include #include @@ -91,6 +93,9 @@ static bool __init check_loader_disabled_bsp(void) if (cmdline_find_option_bool(cmdline, option)) *res = true; + if (xen_domain()) + *res = true; + return *res; } @@ -143,6 +148,9 @@ void __init load_ucode_bsp(void) static bool check_loader_disabled_ap(void) { + if (xen_domain()) + return true; + #ifdef CONFIG_X86_32 return *((bool *)__pa_nodebug(&dis_ucode_ldr)); #else -- 2.10.2 --------------DC1DDCAC39AE2B6B0F82DC88--