From: Borislav Petkov (AMD) Date: Mon, 6 Oct 2025 15:50:10 +0000 (+0200) Subject: x86/microcode/AMD: Allow loader debugging to be enabled on baremetal too X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac44a110c18ad7bd9de0b809e861479ba97157d2;p=thirdparty%2Fkernel%2Flinux.git x86/microcode/AMD: Allow loader debugging to be enabled on baremetal too Debugging the loader on baremetal does make sense, so enable it there too. Signed-off-by: Borislav Petkov (AMD) Link: https://patch.msgid.link/20260108165028.27417-1-bp@kernel.org --- diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 80527299f859a..c10593768984d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1366,10 +1366,12 @@ config MICROCODE_DBG default n depends on MICROCODE help - Enable code which allows for debugging the microcode loader in - a guest. Meaning the patch loading is simulated but everything else + Enable code which allows to debug the microcode loader. When running + in a guest the patch loading is simulated but everything else related to patch parsing and handling is done as on baremetal with - the purpose of debugging solely the software side of things. + the purpose of debugging solely the software side of things. On + baremetal, it simply dumps additional debugging information during + normal operation. You almost certainly want to say n here. diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 46673530bc6f0..caa0f595abcf0 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -322,7 +322,7 @@ static u32 get_patch_level(void) { u32 rev, dummy __always_unused; - if (IS_ENABLED(CONFIG_MICROCODE_DBG)) { + if (IS_ENABLED(CONFIG_MICROCODE_DBG) && hypervisor_present) { int cpu = smp_processor_id(); if (!microcode_rev[cpu]) { @@ -714,7 +714,7 @@ static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev, invlpg(p_addr_end); } - if (IS_ENABLED(CONFIG_MICROCODE_DBG)) + if (IS_ENABLED(CONFIG_MICROCODE_DBG) && hypervisor_present) microcode_rev[smp_processor_id()] = mc->hdr.patch_id; /* verify patch application was successful */ diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 68049f171860e..651202e6fefbe 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -57,6 +57,8 @@ bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV); u32 base_rev; u32 microcode_rev[NR_CPUS] = {}; +bool hypervisor_present; + /* * Synchronization. * @@ -117,7 +119,13 @@ bool __init microcode_loader_disabled(void) * Disable when: * * 1) The CPU does not support CPUID. - * + */ + if (!cpuid_feature()) { + dis_ucode_ldr = true; + return dis_ucode_ldr; + } + + /* * 2) Bit 31 in CPUID[1]:ECX is clear * The bit is reserved for hypervisor use. This is still not * completely accurate as XEN PV guests don't see that CPUID bit @@ -127,9 +135,9 @@ bool __init microcode_loader_disabled(void) * 3) Certain AMD patch levels are not allowed to be * overwritten. */ - if (!cpuid_feature() || - ((native_cpuid_ecx(1) & BIT(31)) && - !IS_ENABLED(CONFIG_MICROCODE_DBG)) || + hypervisor_present = native_cpuid_ecx(1) & BIT(31); + + if ((hypervisor_present && !IS_ENABLED(CONFIG_MICROCODE_DBG)) || amd_check_current_patch_level()) dis_ucode_ldr = true; diff --git a/arch/x86/kernel/cpu/microcode/internal.h b/arch/x86/kernel/cpu/microcode/internal.h index a10b547eda1e4..3b93c0676b4fc 100644 --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -48,6 +48,7 @@ extern struct early_load_data early_data; extern struct ucode_cpu_info ucode_cpu_info[]; extern u32 microcode_rev[NR_CPUS]; extern u32 base_rev; +extern bool hypervisor_present; struct cpio_data find_microcode_in_initrd(const char *path);