On Mon, Jul 21, 2025 at 07:07:12PM -0400, Michael Zhivich wrote:
Note: I believe this change only applies to stable backports.
Right, I need to go look in detail which of the 5.10-6.12 stable trees which got this variant, do have CONFIG_INIT_STACK_NONE.
For kernels compiled with CONFIG_INIT_STACK_NONE=y, the value of __reserved bitfield in zen_patch_rev union on the stack may be garbage. If so, it will prevent correct microcode check when consulting p.ucode_rev, resulting in incorrect mitigation selection.
Uuuh, nasty. Good catch.
Signed-off-by: Michael Zhivich mzhivich@akamai.com Fixes: 7a0395f6607a ("x86/bugs: Add a Transient Scheduler Attacks mitigation")
arch/x86/kernel/cpu/amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index efd42ee9d1cc..91b21814ce8c 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -371,7 +371,7 @@ static void bsp_determine_snp(struct cpuinfo_x86 *c) static bool amd_check_tsa_microcode(void) { struct cpuinfo_x86 *c = &boot_cpu_data;
- union zen_patch_rev p;
- union zen_patch_rev p = {0};
Instead of doing this...
u32 min_rev = 0; p.ext_fam = c->x86 - 0xf;
... you should assign __reserved here to 0 too and put a comment above it why we're doing that.
This will save us the init writes to 0 which get overwritten with the actual f/m/s anyway.
Thx.