--- /dev/null
+From a15a753539eca8ba243d576f02e7ca9c4b7d7042 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Sun, 18 Dec 2016 17:44:13 +0100
+Subject: x86/microcode/AMD: Do not load when running on a hypervisor
+
+From: Borislav Petkov <bp@suse.de>
+
+commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream with minor
+adjustments.
+
+Doing so is completely void of sense for multiple reasons so prevent
+it. Set dis_ucode_ldr to true and thus disable the microcode loader by
+default to address xen pv guests which execute the AP path but not the
+BSP path.
+
+By having it turned off by default, the APs won't run into the loader
+either.
+
+Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the
+xen pv one. That one gets the aforementioned "fix".
+
+Also, improve the detection method by caching the final decision whether
+to continue loading in dis_ucode_ldr and do it once on the BSP. The APs
+then simply test that value.
+
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Tested-by: Juergen Gross <jgross@suse.com>
+Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Acked-by: Juergen Gross <jgross@suse.com>
+Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++---------
+ 1 file changed, 19 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/kernel/cpu/microcode/core.c
++++ b/arch/x86/kernel/cpu/microcode/core.c
+@@ -44,7 +44,7 @@
+
+ static struct microcode_ops *microcode_ops;
+
+-static bool dis_ucode_ldr;
++static bool dis_ucode_ldr = true;
+
+ static int __init disable_loader(char *str)
+ {
+@@ -81,6 +81,7 @@ struct cpu_info_ctx {
+
+ static bool __init check_loader_disabled_bsp(void)
+ {
++ u32 a, b, c, d;
+ #ifdef CONFIG_X86_32
+ const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
+ const char *opt = "dis_ucode_ldr";
+@@ -93,8 +94,23 @@ static bool __init check_loader_disabled
+ bool *res = &dis_ucode_ldr;
+ #endif
+
+- if (cmdline_find_option_bool(cmdline, option))
+- *res = true;
++ if (!have_cpuid_p())
++ return *res;
++
++ a = 1;
++ c = 0;
++ native_cpuid(&a, &b, &c, &d);
++
++ /*
++ * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
++ * completely accurate as xen pv guests don't see that CPUID bit set but
++ * that's good enough as they don't land on the BSP path anyway.
++ */
++ if (c & BIT(31))
++ return *res;
++
++ if (cmdline_find_option_bool(cmdline, option) <= 0)
++ *res = false;
+
+ return *res;
+ }
+@@ -126,9 +142,6 @@ void __init load_ucode_bsp(void)
+ if (check_loader_disabled_bsp())
+ return;
+
+- if (!have_cpuid_p())
+- return;
+-
+ vendor = x86_vendor();
+ family = x86_family();
+
+@@ -162,9 +175,6 @@ void load_ucode_ap(void)
+ if (check_loader_disabled_ap())
+ return;
+
+- if (!have_cpuid_p())
+- return;
+-
+ vendor = x86_vendor();
+ family = x86_family();
+
--- /dev/null
+From 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Thu, 12 Oct 2017 13:23:16 +0200
+Subject: x86/microcode: Do the family check first
+
+From: Borislav Petkov <bp@suse.de>
+
+commit 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 upstream with adjustments.
+
+On CPUs like AMD's Geode, for example, we shouldn't even try to load
+microcode because they do not support the modern microcode loading
+interface.
+
+However, we do the family check *after* the other checks whether the
+loader has been disabled on the command line or whether we're running in
+a guest.
+
+So move the family checks first in order to exit early if we're being
+loaded on an unsupported family.
+
+Reported-and-tested-by: Sven Glodowski <glodi1@arcor.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: <stable@vger.kernel.org> # 4.11..
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396
+Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@alien8.de
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/microcode/core.c | 27 ++++++++++++++++++---------
+ 1 file changed, 18 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/kernel/cpu/microcode/core.c
++++ b/arch/x86/kernel/cpu/microcode/core.c
+@@ -94,9 +94,6 @@ static bool __init check_loader_disabled
+ bool *res = &dis_ucode_ldr;
+ #endif
+
+- if (!have_cpuid_p())
+- return *res;
+-
+ a = 1;
+ c = 0;
+ native_cpuid(&a, &b, &c, &d);
+@@ -138,8 +135,9 @@ void __init load_ucode_bsp(void)
+ {
+ int vendor;
+ unsigned int family;
++ bool intel = true;
+
+- if (check_loader_disabled_bsp())
++ if (!have_cpuid_p())
+ return;
+
+ vendor = x86_vendor();
+@@ -147,16 +145,27 @@ void __init load_ucode_bsp(void)
+
+ switch (vendor) {
+ case X86_VENDOR_INTEL:
+- if (family >= 6)
+- load_ucode_intel_bsp();
++ if (family < 6)
++ return;
+ break;
++
+ case X86_VENDOR_AMD:
+- if (family >= 0x10)
+- load_ucode_amd_bsp(family);
++ if (family < 0x10)
++ return;
++ intel = false;
+ break;
++
+ default:
+- break;
++ return;
+ }
++
++ if (check_loader_disabled_bsp())
++ return;
++
++ if (intel)
++ load_ucode_intel_bsp();
++ else
++ load_ucode_amd_bsp(family);
+ }
+
+ static bool check_loader_disabled_ap(void)
projects / thirdparty / kernel / stable-queue.git / commitdiff
