This is a note to let you know that I've just added the patch titled
x86/microcode: Do the family check first
to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: x86-microcode-do-the-family-check-first.patch and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 Mon Sep 17 00:00:00 2001
From: Borislav Petkov bp@suse.de Date: Thu, 12 Oct 2017 13:23:16 +0200 Subject: x86/microcode: Do the family check first
From: Borislav Petkov bp@suse.de
commit 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 upstream with adjustments.
On CPUs like AMD's Geode, for example, we shouldn't even try to load microcode because they do not support the modern microcode loading interface.
However, we do the family check *after* the other checks whether the loader has been disabled on the command line or whether we're running in a guest.
So move the family checks first in order to exit early if we're being loaded on an unsupported family.
Reported-and-tested-by: Sven Glodowski glodi1@arcor.de Signed-off-by: Borislav Petkov bp@suse.de Cc: stable@vger.kernel.org # 4.11.. Cc: Linus Torvalds torvalds@linux-foundation.org Cc: Peter Zijlstra peterz@infradead.org Cc: Thomas Gleixner tglx@linutronix.de Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396 Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@alien8.de Signed-off-by: Ingo Molnar mingo@kernel.org Signed-off-by: Rolf Neugebauer rolf.neugebauer@docker.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- arch/x86/kernel/cpu/microcode/core.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-)
--- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -86,9 +86,6 @@ static bool __init check_loader_disabled bool *res = &dis_ucode_ldr; #endif
- if (!have_cpuid_p()) - return *res; - a = 1; c = 0; native_cpuid(&a, &b, &c, &d); @@ -130,8 +127,9 @@ void __init load_ucode_bsp(void) { int vendor; unsigned int family; + bool intel = true;
- if (check_loader_disabled_bsp()) + if (!have_cpuid_p()) return;
vendor = x86_cpuid_vendor(); @@ -139,16 +137,27 @@ void __init load_ucode_bsp(void)
switch (vendor) { case X86_VENDOR_INTEL: - if (family >= 6) - load_ucode_intel_bsp(); + if (family < 6) + return; break; + case X86_VENDOR_AMD: - if (family >= 0x10) - load_ucode_amd_bsp(family); + if (family < 0x10) + return; + intel = false; break; + default: - break; + return; } + + if (check_loader_disabled_bsp()) + return; + + if (intel) + load_ucode_intel_bsp(); + else + load_ucode_amd_bsp(family); }
static bool check_loader_disabled_ap(void)
Patches currently in stable-queue which might be from bp@suse.de are
queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.9/x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.9/x86-nospec-fix-header-guards-names.patch queue-4.9/x86-alternative-print-unadorned-pointers.patch queue-4.9/x86-microcode-do-the-family-check-first.patch queue-4.9/x86-spectre-fix-spelling-mistake-vunerable-vulnerable.patch queue-4.9/x86-pti-mark-constant-arrays-as-__initconst.patch queue-4.9/x86-bugs-drop-one-mitigation-from-dmesg.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch
linux-stable-mirror@lists.linaro.org