Received: by 10.223.185.116 with SMTP id b49csp2386175wrg; Thu, 15 Feb 2018 10:49:13 -0800 (PST) X-Google-Smtp-Source: AH8x227VsnGqZr8BYcMbHnHmOZfsfHKL4/yQ3qEuRtBNlJhOlJsf4yax4BWTOXIzJT+uw8PEf20P X-Received: by 10.99.110.131 with SMTP id j125mr2970668pgc.382.1518720552937; Thu, 15 Feb 2018 10:49:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518720552; cv=none; d=google.com; s=arc-20160816; b=ZY2y7zjJkJvpqtImx7TRs138FbtCp1mGCxkIHKHWUbK7juUcHNQX19I2jRAqnj7D0M u7Fy2J8yr09stwBEylC7TrufRqkZyIvmhHvqhOokL4Slu6YNKNsG+4z/S+In+47oFzI1 26zIexovYnS4yFwYsgVJZ10hF4Rxvmwvx9TYje/aeaTHiMYV/C5KhbVeD3m64f3fnSEL W88XQ9bXKzQrLv+pH8dyTWbVff+f4qC4c7lCiYCrU5xdOOaTKhYigY8tXBTji0urqsvv llqWIroD99v5nDUjJfFMN6ieNnTxFL3d99WxExalgCo4F5kU9KpilxYRb92HACpAHza9 ICrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=CjAuNo8pHmUMa3buOnrD02IWtMqgzfC8PuGFF1Q2E/A=; b=PY861A06bWHdgxYPTzbUKOGvBQrxBQX/NrSZsJfmG/4IFmDozVem/ABXQNPWbylrUM 1JNpMytaWSe0H5HAeZn5YX+mo/AkIvveAGEf8dlJaOdHXUM4YUdc6htK4Sih6bC6UC3z fP7ziC8KhPNVkIR+XIJPHkaGD2wu+YMO8OkMCXVpRx+qXZ8IMwl8Z4WZp88VS5Qn0XaL QXZlykrZsPV7aTSoAXoL7Dc2hL9O0iNkAzrq0GeGSD4qK8HiJssp06b/vx+UWmSwaxxj owROZsREuHCRwJFbOBdEXQ1Ua5Xd1jkKGqIKlsqF0BC3tO/3mSmsjrrjieyWN2hutekM V4xA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y7-v6si1422556plk.707.2018.02.15.10.48.58; Thu, 15 Feb 2018 10:49:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1162353AbeBOPWN (ORCPT + 99 others); Thu, 15 Feb 2018 10:22:13 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:49368 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1162270AbeBOPWE (ORCPT ); Thu, 15 Feb 2018 10:22:04 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id EE2B2E06; Thu, 15 Feb 2018 15:22:03 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Borislav Petkov , Juergen Gross , Boris Ostrovsky , Thomas Gleixner , Rolf Neugebauer Subject: [PATCH 4.4 037/108] x86/microcode/AMD: Do not load when running on a hypervisor Date: Thu, 15 Feb 2018 16:16:34 +0100 Message-Id: <20180215151227.581698482@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180215151222.267507937@linuxfoundation.org> References: <20180215151222.267507937@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Borislav Petkov commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream with minor adjustments. Doing so is completely void of sense for multiple reasons so prevent it. Set dis_ucode_ldr to true and thus disable the microcode loader by default to address xen pv guests which execute the AP path but not the BSP path. By having it turned off by default, the APs won't run into the loader either. Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the xen pv one. That one gets the aforementioned "fix". Also, improve the detection method by caching the final decision whether to continue loading in dis_ucode_ldr and do it once on the BSP. The APs then simply test that value. Signed-off-by: Borislav Petkov Tested-by: Juergen Gross Tested-by: Boris Ostrovsky Acked-by: Juergen Gross Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de Signed-off-by: Thomas Gleixner Signed-off-by: Rolf Neugebauer Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -44,7 +44,7 @@ static struct microcode_ops *microcode_ops; -static bool dis_ucode_ldr; +static bool dis_ucode_ldr = true; static int __init disable_loader(char *str) { @@ -81,6 +81,7 @@ struct cpu_info_ctx { static bool __init check_loader_disabled_bsp(void) { + u32 a, b, c, d; #ifdef CONFIG_X86_32 const char *cmdline = (const char *)__pa_nodebug(boot_command_line); const char *opt = "dis_ucode_ldr"; @@ -93,8 +94,23 @@ static bool __init check_loader_disabled bool *res = &dis_ucode_ldr; #endif - if (cmdline_find_option_bool(cmdline, option)) - *res = true; + if (!have_cpuid_p()) + return *res; + + a = 1; + c = 0; + native_cpuid(&a, &b, &c, &d); + + /* + * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not + * completely accurate as xen pv guests don't see that CPUID bit set but + * that's good enough as they don't land on the BSP path anyway. + */ + if (c & BIT(31)) + return *res; + + if (cmdline_find_option_bool(cmdline, option) <= 0) + *res = false; return *res; } @@ -126,9 +142,6 @@ void __init load_ucode_bsp(void) if (check_loader_disabled_bsp()) return; - if (!have_cpuid_p()) - return; - vendor = x86_vendor(); family = x86_family(); @@ -162,9 +175,6 @@ void load_ucode_ap(void) if (check_loader_disabled_ap()) return; - if (!have_cpuid_p()) - return; - vendor = x86_vendor(); family = x86_family();