From: Greg Kroah-Hartman Date: Wed, 7 Feb 2018 14:35:17 +0000 (-0800) Subject: 4.9-stable patches X-Git-Tag: v3.18.94~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7fa6f9923659894f2aa05b00c1ab55920ec19665;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch --- diff --git a/queue-4.9/series b/queue-4.9/series index 3d24d02235c..52cf6c81fed 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -37,3 +37,4 @@ cls_u32-add-missing-rcu-annotation.patch ipv6-fix-so_reuseport-udp-socket-with-implicit-sk_ipv6only.patch soreuseport-fix-mem-leak-in-reuseport_add_sock.patch x86-asm-fix-inline-asm-call-constraints-for-gcc-4.4.patch +x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch diff --git a/queue-4.9/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch b/queue-4.9/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch new file mode 100644 index 00000000000..5a2b835ed6f --- /dev/null +++ b/queue-4.9/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch @@ -0,0 +1,102 @@ +From a15a753539eca8ba243d576f02e7ca9c4b7d7042 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Sun, 18 Dec 2016 17:44:13 +0100 +Subject: x86/microcode/AMD: Do not load when running on a hypervisor + +From: Borislav Petkov + +commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream. + +Doing so is completely void of sense for multiple reasons so prevent +it. Set dis_ucode_ldr to true and thus disable the microcode loader by +default to address xen pv guests which execute the AP path but not the +BSP path. + +By having it turned off by default, the APs won't run into the loader +either. + +Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the +xen pv one. That one gets the aforementioned "fix". + +Also, improve the detection method by caching the final decision whether +to continue loading in dis_ucode_ldr and do it once on the BSP. The APs +then simply test that value. + +Signed-off-by: Borislav Petkov +Tested-by: Juergen Gross +Tested-by: Boris Ostrovsky +Acked-by: Juergen Gross +Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de +Signed-off-by: Thomas Gleixner +Cc: Rolf Neugebauer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++--------- + 1 file changed, 19 insertions(+), 9 deletions(-) + +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -43,7 +43,7 @@ + #define MICROCODE_VERSION "2.01" + + static struct microcode_ops *microcode_ops; +-static bool dis_ucode_ldr; ++static bool dis_ucode_ldr = true; + + /* + * Synchronization. +@@ -73,6 +73,7 @@ struct cpu_info_ctx { + static bool __init check_loader_disabled_bsp(void) + { + static const char *__dis_opt_str = "dis_ucode_ldr"; ++ u32 a, b, c, d; + + #ifdef CONFIG_X86_32 + const char *cmdline = (const char *)__pa_nodebug(boot_command_line); +@@ -85,8 +86,23 @@ static bool __init check_loader_disabled + bool *res = &dis_ucode_ldr; + #endif + +- if (cmdline_find_option_bool(cmdline, option)) +- *res = true; ++ if (!have_cpuid_p()) ++ return *res; ++ ++ a = 1; ++ c = 0; ++ native_cpuid(&a, &b, &c, &d); ++ ++ /* ++ * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not ++ * completely accurate as xen pv guests don't see that CPUID bit set but ++ * that's good enough as they don't land on the BSP path anyway. ++ */ ++ if (c & BIT(31)) ++ return *res; ++ ++ if (cmdline_find_option_bool(cmdline, option) <= 0) ++ *res = false; + + return *res; + } +@@ -118,9 +134,6 @@ void __init load_ucode_bsp(void) + if (check_loader_disabled_bsp()) + return; + +- if (!have_cpuid_p()) +- return; +- + vendor = x86_cpuid_vendor(); + family = x86_cpuid_family(); + +@@ -154,9 +167,6 @@ void load_ucode_ap(void) + if (check_loader_disabled_ap()) + return; + +- if (!have_cpuid_p()) +- return; +- + vendor = x86_cpuid_vendor(); + family = x86_cpuid_family(); +