[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] x86/ucode: Exclude Zen6 from entrysign mitigations

commit bd15fdedafb3a414aeafa918a9212148ac22ebb5
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Mar 16 10:34:23 2026 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Mar 19 13:20:30 2026 +0000

    x86/ucode: Exclude Zen6 from entrysign mitigations
    
    Family 0x1a covers both Zen5 and Zen6, but the latter is not believed to be
    vulnerable to entrysign.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/cpu/microcode/amd.c | 6 ++++--
 xen/arch/x86/include/asm/amd.h   | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c
index 90f10ac8be..2ba1fa825f 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -20,6 +20,7 @@
 #include <xen/mm.h> /* TODO: Fix asm/tlbflush.h breakage */
 #include <xen/sha2.h>
 
+#include <asm/amd.h>
 #include <asm/msr.h>
 
 #include "private.h"
@@ -576,7 +577,7 @@ void __init ucode_probe_amd(struct microcode_ops *ops)
      */
     if ( IS_ENABLED(CONFIG_MICROCODE_LOADING) &&
          boot_cpu_data.family >= 0x17 && boot_cpu_data.family <= 0x1a &&
-         !opt_digest_check )
+         !is_zen6_uarch() && !opt_digest_check )
     {
         printk(XENLOG_WARNING
                "Microcode patch additional digest checks disabled\n");
@@ -618,7 +619,8 @@ void __init amd_check_entrysign(void)
     if ( !IS_ENABLED(CONFIG_MICROCODE_LOADING)  ||
          boot_cpu_data.vendor != X86_VENDOR_AMD ||
          boot_cpu_data.family < 0x17            ||
-         boot_cpu_data.family > 0x1a )
+         boot_cpu_data.family > 0x1a            ||
+         is_zen6_uarch() )
         return;
 
     /*
diff --git a/xen/arch/x86/include/asm/amd.h b/xen/arch/x86/include/asm/amd.h
index 4036dd5498..d21df0741a 100644
--- a/xen/arch/x86/include/asm/amd.h
+++ b/xen/arch/x86/include/asm/amd.h
@@ -59,6 +59,8 @@
  * For Zen3 and Zen4 (Fam19h) the heuristic is the presence of AutoIBRS, as
  * it's Zen4-specific.
  *
+ * For Zen5 and Zen6 (Fam1ah) the heuristic is the presence of FRED.
+ *
  * The caller is required to perform the appropriate vendor/family checks
  * first.
  */
@@ -66,6 +68,8 @@
 #define is_zen2_uarch()   boot_cpu_has(X86_FEATURE_AMD_STIBP)
 #define is_zen3_uarch() (!boot_cpu_has(X86_FEATURE_AUTO_IBRS))
 #define is_zen4_uarch()   boot_cpu_has(X86_FEATURE_AUTO_IBRS)
+#define is_zen5_uarch() (!boot_cpu_has(X86_FEATURE_FRED))
+#define is_zen6_uarch()   boot_cpu_has(X86_FEATURE_FRED)
 
 struct cpuinfo_x86;
 int cpu_has_amd_erratum(const struct cpuinfo_x86 *cpu, int osvw_id, ...);
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.