--- /dev/null
+From a15a753539eca8ba243d576f02e7ca9c4b7d7042 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Sun, 18 Dec 2016 17:44:13 +0100
+Subject: x86/microcode/AMD: Do not load when running on a hypervisor
+
+From: Borislav Petkov <bp@suse.de>
+
+commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream.
+
+Doing so is completely void of sense for multiple reasons so prevent
+it. Set dis_ucode_ldr to true and thus disable the microcode loader by
+default to address xen pv guests which execute the AP path but not the
+BSP path.
+
+By having it turned off by default, the APs won't run into the loader
+either.
+
+Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the
+xen pv one. That one gets the aforementioned "fix".
+
+Also, improve the detection method by caching the final decision whether
+to continue loading in dis_ucode_ldr and do it once on the BSP. The APs
+then simply test that value.
+
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Tested-by: Juergen Gross <jgross@suse.com>
+Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Acked-by: Juergen Gross <jgross@suse.com>
+Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Rolf Neugebauer <rolf.neugebauer@docker.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++---------
+ 1 file changed, 19 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/kernel/cpu/microcode/core.c
++++ b/arch/x86/kernel/cpu/microcode/core.c
+@@ -43,7 +43,7 @@
+ #define MICROCODE_VERSION "2.01"
+
+ static struct microcode_ops *microcode_ops;
+-static bool dis_ucode_ldr;
++static bool dis_ucode_ldr = true;
+
+ /*
+ * Synchronization.
+@@ -73,6 +73,7 @@ struct cpu_info_ctx {
+ static bool __init check_loader_disabled_bsp(void)
+ {
+ static const char *__dis_opt_str = "dis_ucode_ldr";
++ u32 a, b, c, d;
+
+ #ifdef CONFIG_X86_32
+ const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
+@@ -85,8 +86,23 @@ static bool __init check_loader_disabled
+ bool *res = &dis_ucode_ldr;
+ #endif
+
+- if (cmdline_find_option_bool(cmdline, option))
+- *res = true;
++ if (!have_cpuid_p())
++ return *res;
++
++ a = 1;
++ c = 0;
++ native_cpuid(&a, &b, &c, &d);
++
++ /*
++ * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
++ * completely accurate as xen pv guests don't see that CPUID bit set but
++ * that's good enough as they don't land on the BSP path anyway.
++ */
++ if (c & BIT(31))
++ return *res;
++
++ if (cmdline_find_option_bool(cmdline, option) <= 0)
++ *res = false;
+
+ return *res;
+ }
+@@ -118,9 +134,6 @@ void __init load_ucode_bsp(void)
+ if (check_loader_disabled_bsp())
+ return;
+
+- if (!have_cpuid_p())
+- return;
+-
+ vendor = x86_cpuid_vendor();
+ family = x86_cpuid_family();
+
+@@ -154,9 +167,6 @@ void load_ucode_ap(void)
+ if (check_loader_disabled_ap())
+ return;
+
+- if (!have_cpuid_p())
+- return;
+-
+ vendor = x86_cpuid_vendor();
+ family = x86_cpuid_family();
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
