- Linux-stable-mirror - lists.linaro.org

Re: [Linux-stable-mirror] [STABLE 4.9.y PATCH 0/9] Backport of KVM Speculation Control support

by Greg KH

On Tue, Feb 06, 2018 at 09:05:46PM +0000, Woodhouse, David wrote: > > > On Tue, 2018-02-06 at 19:01 +0100, Paolo Bonzini wrote: > > On 06/02/2018 18:29, David Woodhouse wrote: > > > I've put together a linux-4.9.y branch at > > > http://git.infradead.org/retpoline-stable.git/shortlog/refs/heads/linux-4.9… > > > > > > Most of it is fairly straightforward, apart from the IBPB on context > > > switch for which Tim has already posted a candidate. I wanted some more > > > review on my backports of the KVM bits though, including some extra > > > historical patches I pulled in. > > > > Looks good! Thanks for the work, > > > > Paolo > > Thanks. In that case, Greg, the full set is lined up in > http://git.infradead.org/retpoline-stable.git/shortlog/refs/heads/linux-4.9… > or git://git.infradead.org/retpoline-stable linux-4.9.y Many thanks for all of this work. I've now queued up all of these. greg k-h

7 years, 3 months

2
4
0 0

[Linux-stable-mirror] Patch "KVM: nVMX: kmap() can't fail" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KVM: nVMX: kmap() can't fail to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-nvmx-kmap-can-t-fail.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 42cf014d38d8822cce63703a467e00f65d000952 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 25 Jan 2017 11:58:57 +0100 Subject: KVM: nVMX: kmap() can't fail From: David Hildenbrand <david(a)redhat.com> commit 42cf014d38d8822cce63703a467e00f65d000952 upstream. kmap() can't fail, therefore it will always return a valid pointer. Let's just get rid of the unnecessary checks. Signed-off-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kvm/vmx.c | 9 --------- 1 file changed, 9 deletions(-) --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -4756,10 +4756,6 @@ static int vmx_complete_nested_posted_in return 0; vapic_page = kmap(vmx->nested.virtual_apic_page); - if (!vapic_page) { - WARN_ON(1); - return -ENOMEM; - } __kvm_apic_update_irr(vmx->nested.pi_desc->pir, vapic_page); kunmap(vmx->nested.virtual_apic_page); @@ -9584,11 +9580,6 @@ static inline bool nested_vmx_merge_msr_ if (!page) return false; msr_bitmap_l1 = (unsigned long *)kmap(page); - if (!msr_bitmap_l1) { - nested_release_page_clean(page); - WARN_ON(1); - return false; - } memset(msr_bitmap_l0, 0xff, PAGE_SIZE); Patches currently in stable-queue which might be from david(a)redhat.com are queue-4.9/kvm-nvmx-eliminate-vmcs02-pool.patch queue-4.9/kvm-nvmx-vmx_complete_nested_posted_interrupt-can-t-fail.patch queue-4.9/kvm-nvmx-kmap-can-t-fail.patch

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.14.y] crypto: tcrypt - fix S/G table for test_aead_speed()

by Horia Geantă

From: Robert Baronescu <robert.baronescu(a)nxp.com> commit 5c6ac1d4f8fbdbed65dbeb8cf149d736409d16a1 upstream. In case buffer length is a multiple of PAGE_SIZE, the S/G table is incorrectly generated. Fix this by handling buflen = k * PAGE_SIZE separately. Signed-off-by: Robert Baronescu <robert.baronescu(a)nxp.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Horia Geantă <horia.geanta(a)nxp.com> --- crypto/tcrypt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index f5f58a6eee5d..e339960dcac7 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -221,11 +221,13 @@ static void sg_init_aead(struct scatterlist *sg, char *xbuf[XBUFSIZE], } sg_init_table(sg, np + 1); - np--; + if (rem) + np--; for (k = 0; k < np; k++) sg_set_buf(&sg[k + 1], xbuf[k], PAGE_SIZE); - sg_set_buf(&sg[k + 1], xbuf[k], rem); + if (rem) + sg_set_buf(&sg[k + 1], xbuf[k], rem); } static void test_aead_speed(const char *algo, int enc, unsigned int secs, -- 2.12.0.264.gd6db3f216544

7 years, 3 months

2
4
0 0

[Linux-stable-mirror] [PATCH] mpls, nospec: Sanitize array index in mpls_label_ok()

by Dan Williams

mpls_label_ok() validates that the 'platform_label' array index from a userspace netlink message payload is valid. Under speculation the mpls_label_ok() result may not resolve in the CPU pipeline until after the index is used to access an array element. Sanitize the index to zero to prevent userspace-controlled arbitrary out-of-bounds speculation, a precursor for a speculative execution side channel vulnerability. Cc: <stable(a)vger.kernel.org> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- net/mpls/af_mpls.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c index 8ca9915befc8..aae3565c3a92 100644 --- a/net/mpls/af_mpls.c +++ b/net/mpls/af_mpls.c @@ -8,6 +8,7 @@ #include <linux/ipv6.h> #include <linux/mpls.h> #include <linux/netconf.h> +#include <linux/nospec.h> #include <linux/vmalloc.h> #include <linux/percpu.h> #include <net/ip.h> @@ -935,24 +936,27 @@ static int mpls_nh_build_multi(struct mpls_route_config *cfg, return err; } -static bool mpls_label_ok(struct net *net, unsigned int index, +static bool mpls_label_ok(struct net *net, unsigned int *index, struct netlink_ext_ack *extack) { + bool is_ok = true; + /* Reserved labels may not be set */ - if (index < MPLS_LABEL_FIRST_UNRESERVED) { + if (*index < MPLS_LABEL_FIRST_UNRESERVED) { NL_SET_ERR_MSG(extack, "Invalid label - must be MPLS_LABEL_FIRST_UNRESERVED or higher"); - return false; + is_ok = false; } /* The full 20 bit range may not be supported. */ - if (index >= net->mpls.platform_labels) { + if (is_ok && *index >= net->mpls.platform_labels) { NL_SET_ERR_MSG(extack, "Label >= configured maximum in platform_labels"); - return false; + is_ok = false; } - return true; + *index = array_index_nospec(*index, net->mpls.platform_labels); + return is_ok; } static int mpls_route_add(struct mpls_route_config *cfg, @@ -975,7 +979,7 @@ static int mpls_route_add(struct mpls_route_config *cfg, index = find_free_label(net); } - if (!mpls_label_ok(net, index, extack)) + if (!mpls_label_ok(net, &index, extack)) goto errout; /* Append makes no sense with mpls */ @@ -1052,7 +1056,7 @@ static int mpls_route_del(struct mpls_route_config *cfg, index = cfg->rc_label; - if (!mpls_label_ok(net, index, extack)) + if (!mpls_label_ok(net, &index, extack)) goto errout; mpls_route_update(net, index, NULL, &cfg->rc_nlinfo); @@ -1810,7 +1814,7 @@ static int rtm_to_route_config(struct sk_buff *skb, goto errout; if (!mpls_label_ok(cfg->rc_nlinfo.nl_net, - cfg->rc_label, extack)) + &cfg->rc_label, extack)) goto errout; break; } @@ -2137,7 +2141,7 @@ static int mpls_getroute(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, goto errout; } - if (!mpls_label_ok(net, in_label, extack)) { + if (!mpls_label_ok(net, &in_label, extack)) { err = -EINVAL; goto errout; }

7 years, 3 months

2
1
0 0

Re: [Linux-stable-mirror] [PATCH 4/4] clk: bcm2835: Make sure the PLL is gated before changing its rate

by Boris Brezillon

On Thu, 08 Feb 2018 15:20:16 +0000 Eric Anholt <eric(a)anholt.net> wrote: > Boris Brezillon <boris.brezillon(a)bootlin.com> writes: > > > All bcm2835 PLLs should be gated before their rate can be changed. > > Setting CLK_SET_RATE_GATE will let the core enforce that, but this is > > not enough to make the code work in all situations. Indeed, the > > CLK_SET_RATE_GATE flag prevents a user from changing the rate while > > the clock is enabled, but this check only guarantees there's no Linux > > users. In our case, the clock might have been enabled by the > > bootloader/FW, and, because we have CLK_IGNORE_UNUSED set, Linux never > > disables the PLL. So we have to make sure the PLL is actually disabled > > before changing the rate. > > > > Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks") > > Cc: <stable(a)vger.kernel.org> > > Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> > > --- > > drivers/clk/bcm/clk-bcm2835.c | 14 +++++++++++++- > > 1 file changed, 13 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c > > index 6c5d4a8e426c..051ce769c109 100644 > > --- a/drivers/clk/bcm/clk-bcm2835.c > > +++ b/drivers/clk/bcm/clk-bcm2835.c > > @@ -678,6 +678,18 @@ static int bcm2835_pll_set_rate(struct clk_hw *hw, > > u32 ana[4]; > > int i; > > > > + /* > > + * Normally, the CLK_SET_RATE_GATE flag prevents a user from changing > > + * the rate while the clock is enabled, but this check only makes sure > > + * there's no Linux users. > > + * In our case, the clock might have been enabled by the bootloader/FW, > > + * and, since CLK_IGNORE_UNUSED flag is set, Linux never disables it. > > + * So we have to make sure the clk is actually disabled before changing > > + * the rate. > > + */ > > + if (bcm2835_pll_is_on(hw)) > > + bcm2835_pll_off(hw); > > + > > I'm not sure this improves the situation. If the PLL was on, then > presumably there's a divider using it and a CM clock using that, so > we'll probably end up driving some glitches on them. Hm, yes, but if someone is trying to change the rate of the PLL, and the core doesn't know other clks depend on this PLL (which is the case if we reach this point), we're already in big trouble. > > Does the common clk framework have a way to disable unused clocks from > the leaf clocks up to this root, before the general > disable-unused-clocks path happens late in the boot process? Not that I know of. What do you have in mind? -- Boris Brezillon, Bootlin (formerly Free Electrons) Embedded Linux and Kernel engineering http://bootlin.com

7 years, 3 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 3/4] clk: bcm2835: De-assert/assert PLL reset signal when appropriate

by Boris Brezillon

On Thu, 08 Feb 2018 15:15:42 +0000 Eric Anholt <eric(a)anholt.net> wrote: > Boris Brezillon <boris.brezillon(a)bootlin.com> writes: > > > In order to enable a PLL, not only the PLL has to be powered up and > > locked, but you also have to de-assert the reset signal. The last part > > was missing. Add it so PLLs that were not enabled by the FW/bootloader > > can be enabled from Linux. > > > > Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks") > > Cc: <stable(a)vger.kernel.org> > > Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> > > --- > > drivers/clk/bcm/clk-bcm2835.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/drivers/clk/bcm/clk-bcm2835.c b/drivers/clk/bcm/clk-bcm2835.c > > index a07f6451694a..6c5d4a8e426c 100644 > > --- a/drivers/clk/bcm/clk-bcm2835.c > > +++ b/drivers/clk/bcm/clk-bcm2835.c > > @@ -602,6 +602,9 @@ static void bcm2835_pll_off(struct clk_hw *hw) > > const struct bcm2835_pll_data *data = pll->data; > > > > spin_lock(&cprman->regs_lock); > > + cprman_write(cprman, data->a2w_ctrl_reg, > > + cprman_read(cprman, data->a2w_ctrl_reg) & > > + ~A2W_PLL_CTRL_PRST_DISABLE); > > cprman_write(cprman, data->cm_ctrl_reg, > > cprman_read(cprman, data->cm_ctrl_reg) | > > CM_PLL_ANARST); > > For turning off, the FW just does the equivalent of: > > cprman_write(cprman, data->cm_ctrl_reg, CM_PLL_ANARST); > cprman_write(cprman, data->a2w_ctrl_reg, A2W_PLL_CTRL_PWRDN); > > How about we do that, instead? Agreed. > > > @@ -640,6 +643,10 @@ static int bcm2835_pll_on(struct clk_hw *hw) > > cpu_relax(); > > } > > > > + cprman_write(cprman, data->a2w_ctrl_reg, > > + cprman_read(cprman, data->a2w_ctrl_reg) | > > + A2W_PLL_CTRL_PRST_DISABLE); > > + > > return 0; > > } > > I agree with this hunk -- they drop PRST at the very end, after lock. -- Boris Brezillon, Bootlin (formerly Free Electrons) Embedded Linux and Kernel engineering http://bootlin.com

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] [PATCH 1/2] x86/microcode/AMD: Do not load when running on a hypervisor

by Rolf Neugebauer

From: Borislav Petkov <bp(a)suse.de> commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream with minor adjustments. Doing so is completely void of sense for multiple reasons so prevent it. Set dis_ucode_ldr to true and thus disable the microcode loader by default to address xen pv guests which execute the AP path but not the BSP path. By having it turned off by default, the APs won't run into the loader either. Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the xen pv one. That one gets the aforementioned "fix". Also, improve the detection method by caching the final decision whether to continue loading in dis_ucode_ldr and do it once on the BSP. The APs then simply test that value. Signed-off-by: Borislav Petkov <bp(a)suse.de> Tested-by: Juergen Gross <jgross(a)suse.com> Tested-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Acked-by: Juergen Gross <jgross(a)suse.com> Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # 4.4.x Signed-off-by: Rolf Neugebauer <rolf.neugebauer(a)docker.com> --- arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index b3e94ef461fd..1b3e0aa4c511 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -44,7 +44,7 @@ static struct microcode_ops *microcode_ops; -static bool dis_ucode_ldr; +static bool dis_ucode_ldr = true; static int __init disable_loader(char *str) { @@ -81,6 +81,7 @@ struct cpu_info_ctx { static bool __init check_loader_disabled_bsp(void) { + u32 a, b, c, d; #ifdef CONFIG_X86_32 const char *cmdline = (const char *)__pa_nodebug(boot_command_line); const char *opt = "dis_ucode_ldr"; @@ -93,8 +94,23 @@ static bool __init check_loader_disabled_bsp(void) bool *res = &dis_ucode_ldr; #endif - if (cmdline_find_option_bool(cmdline, option)) - *res = true; + if (!have_cpuid_p()) + return *res; + + a = 1; + c = 0; + native_cpuid(&a, &b, &c, &d); + + /* + * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not + * completely accurate as xen pv guests don't see that CPUID bit set but + * that's good enough as they don't land on the BSP path anyway. + */ + if (c & BIT(31)) + return *res; + + if (cmdline_find_option_bool(cmdline, option) <= 0) + *res = false; return *res; } @@ -126,9 +142,6 @@ void __init load_ucode_bsp(void) if (check_loader_disabled_bsp()) return; - if (!have_cpuid_p()) - return; - vendor = x86_vendor(); family = x86_family(); @@ -162,9 +175,6 @@ void load_ucode_ap(void) if (check_loader_disabled_ap()) return; - if (!have_cpuid_p()) - return; - vendor = x86_vendor(); family = x86_family(); -- 2.16.0

7 years, 3 months

2
2
0 0

[Linux-stable-mirror] Patch "x86/microcode: Do the family check first" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/microcode: Do the family check first to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-microcode-do-the-family-check-first.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 Mon Sep 17 00:00:00 2001 From: Borislav Petkov <bp(a)suse.de> Date: Thu, 12 Oct 2017 13:23:16 +0200 Subject: x86/microcode: Do the family check first From: Borislav Petkov <bp(a)suse.de> commit 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 upstream with adjustments. On CPUs like AMD's Geode, for example, we shouldn't even try to load microcode because they do not support the modern microcode loading interface. However, we do the family check *after* the other checks whether the loader has been disabled on the command line or whether we're running in a guest. So move the family checks first in order to exit early if we're being loaded on an unsupported family. Reported-and-tested-by: Sven Glodowski <glodi1(a)arcor.de> Signed-off-by: Borislav Petkov <bp(a)suse.de> Cc: <stable(a)vger.kernel.org> # 4.11.. Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396 Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@alien8.de Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Rolf Neugebauer <rolf.neugebauer(a)docker.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/microcode/core.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -86,9 +86,6 @@ static bool __init check_loader_disabled bool *res = &dis_ucode_ldr; #endif - if (!have_cpuid_p()) - return *res; - a = 1; c = 0; native_cpuid(&a, &b, &c, &d); @@ -130,8 +127,9 @@ void __init load_ucode_bsp(void) { int vendor; unsigned int family; + bool intel = true; - if (check_loader_disabled_bsp()) + if (!have_cpuid_p()) return; vendor = x86_cpuid_vendor(); @@ -139,16 +137,27 @@ void __init load_ucode_bsp(void) switch (vendor) { case X86_VENDOR_INTEL: - if (family >= 6) - load_ucode_intel_bsp(); + if (family < 6) + return; break; + case X86_VENDOR_AMD: - if (family >= 0x10) - load_ucode_amd_bsp(family); + if (family < 0x10) + return; + intel = false; break; + default: - break; + return; } + + if (check_loader_disabled_bsp()) + return; + + if (intel) + load_ucode_intel_bsp(); + else + load_ucode_amd_bsp(family); } static bool check_loader_disabled_ap(void) Patches currently in stable-queue which might be from bp(a)suse.de are queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.9/x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.9/x86-nospec-fix-header-guards-names.patch queue-4.9/x86-alternative-print-unadorned-pointers.patch queue-4.9/x86-microcode-do-the-family-check-first.patch queue-4.9/x86-spectre-fix-spelling-mistake-vunerable-vulnerable.patch queue-4.9/x86-pti-mark-constant-arrays-as-__initconst.patch queue-4.9/x86-bugs-drop-one-mitigation-from-dmesg.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/microcode: Do the family check first" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/microcode: Do the family check first to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-microcode-do-the-family-check-first.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 Mon Sep 17 00:00:00 2001 From: Borislav Petkov <bp(a)suse.de> Date: Thu, 12 Oct 2017 13:23:16 +0200 Subject: x86/microcode: Do the family check first From: Borislav Petkov <bp(a)suse.de> commit 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 upstream with adjustments. On CPUs like AMD's Geode, for example, we shouldn't even try to load microcode because they do not support the modern microcode loading interface. However, we do the family check *after* the other checks whether the loader has been disabled on the command line or whether we're running in a guest. So move the family checks first in order to exit early if we're being loaded on an unsupported family. Reported-and-tested-by: Sven Glodowski <glodi1(a)arcor.de> Signed-off-by: Borislav Petkov <bp(a)suse.de> Cc: <stable(a)vger.kernel.org> # 4.11.. Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396 Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@alien8.de Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Rolf Neugebauer <rolf.neugebauer(a)docker.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/microcode/core.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -94,9 +94,6 @@ static bool __init check_loader_disabled bool *res = &dis_ucode_ldr; #endif - if (!have_cpuid_p()) - return *res; - a = 1; c = 0; native_cpuid(&a, &b, &c, &d); @@ -138,8 +135,9 @@ void __init load_ucode_bsp(void) { int vendor; unsigned int family; + bool intel = true; - if (check_loader_disabled_bsp()) + if (!have_cpuid_p()) return; vendor = x86_vendor(); @@ -147,16 +145,27 @@ void __init load_ucode_bsp(void) switch (vendor) { case X86_VENDOR_INTEL: - if (family >= 6) - load_ucode_intel_bsp(); + if (family < 6) + return; break; + case X86_VENDOR_AMD: - if (family >= 0x10) - load_ucode_amd_bsp(family); + if (family < 0x10) + return; + intel = false; break; + default: - break; + return; } + + if (check_loader_disabled_bsp()) + return; + + if (intel) + load_ucode_intel_bsp(); + else + load_ucode_amd_bsp(family); } static bool check_loader_disabled_ap(void) Patches currently in stable-queue which might be from bp(a)suse.de are queue-4.4/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.4/x86-microcode-do-the-family-check-first.patch

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] Patch "x86/microcode/AMD: Do not load when running on a hypervisor" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/microcode/AMD: Do not load when running on a hypervisor to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a15a753539eca8ba243d576f02e7ca9c4b7d7042 Mon Sep 17 00:00:00 2001 From: Borislav Petkov <bp(a)suse.de> Date: Sun, 18 Dec 2016 17:44:13 +0100 Subject: x86/microcode/AMD: Do not load when running on a hypervisor From: Borislav Petkov <bp(a)suse.de> commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream with minor adjustments. Doing so is completely void of sense for multiple reasons so prevent it. Set dis_ucode_ldr to true and thus disable the microcode loader by default to address xen pv guests which execute the AP path but not the BSP path. By having it turned off by default, the APs won't run into the loader either. Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the xen pv one. That one gets the aforementioned "fix". Also, improve the detection method by caching the final decision whether to continue loading in dis_ucode_ldr and do it once on the BSP. The APs then simply test that value. Signed-off-by: Borislav Petkov <bp(a)suse.de> Tested-by: Juergen Gross <jgross(a)suse.com> Tested-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Acked-by: Juergen Gross <jgross(a)suse.com> Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Rolf Neugebauer <rolf.neugebauer(a)docker.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -44,7 +44,7 @@ static struct microcode_ops *microcode_ops; -static bool dis_ucode_ldr; +static bool dis_ucode_ldr = true; static int __init disable_loader(char *str) { @@ -81,6 +81,7 @@ struct cpu_info_ctx { static bool __init check_loader_disabled_bsp(void) { + u32 a, b, c, d; #ifdef CONFIG_X86_32 const char *cmdline = (const char *)__pa_nodebug(boot_command_line); const char *opt = "dis_ucode_ldr"; @@ -93,8 +94,23 @@ static bool __init check_loader_disabled bool *res = &dis_ucode_ldr; #endif - if (cmdline_find_option_bool(cmdline, option)) - *res = true; + if (!have_cpuid_p()) + return *res; + + a = 1; + c = 0; + native_cpuid(&a, &b, &c, &d); + + /* + * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not + * completely accurate as xen pv guests don't see that CPUID bit set but + * that's good enough as they don't land on the BSP path anyway. + */ + if (c & BIT(31)) + return *res; + + if (cmdline_find_option_bool(cmdline, option) <= 0) + *res = false; return *res; } @@ -126,9 +142,6 @@ void __init load_ucode_bsp(void) if (check_loader_disabled_bsp()) return; - if (!have_cpuid_p()) - return; - vendor = x86_vendor(); family = x86_family(); @@ -162,9 +175,6 @@ void load_ucode_ap(void) if (check_loader_disabled_ap()) return; - if (!have_cpuid_p()) - return; - vendor = x86_vendor(); family = x86_family(); Patches currently in stable-queue which might be from bp(a)suse.de are queue-4.4/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.4/x86-microcode-do-the-family-check-first.patch

7 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror