|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.20] x86/ucode: Exclude Zen6 from entrysign mitigations
commit 4d25f6e10ebb154575b7c7494c2c416142fb2a78
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Mar 16 10:34:23 2026 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Mon Mar 23 12:12:37 2026 +0000
x86/ucode: Exclude Zen6 from entrysign mitigations
Family 0x1a covers both Zen5 and Zen6, but the latter is not believed to be
vulnerable to entrysign.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
(cherry picked from commit bd15fdedafb3a414aeafa918a9212148ac22ebb5)
---
xen/arch/x86/cpu/common.c | 4 +++-
xen/arch/x86/cpu/microcode/amd.c | 6 ++++--
xen/arch/x86/include/asm/amd.h | 4 ++++
xen/include/public/arch-x86/cpufeatureset.h | 1 +
4 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index eb8f4ef8fe..4efa4fed32 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -382,7 +382,9 @@ void __init early_cpu_init(bool verbose)
c->x86_capability[FEATURESET_m10Ah]);
if (max_subleaf >= 1)
- cpuid_count(7, 1, &eax, &ebx, &ecx,
+ cpuid_count(7, 1,
+ &c->x86_capability[FEATURESET_7a1],
+ &ebx, &ecx,
&c->x86_capability[FEATURESET_7d1]);
}
diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c
index 995a050e52..eeb2a75fbe 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -20,6 +20,7 @@
#include <xen/mm.h> /* TODO: Fix asm/tlbflush.h breakage */
#include <xen/sha2.h>
+#include <asm/amd.h>
#include <asm/msr.h>
#include "private.h"
@@ -568,7 +569,7 @@ void __init ucode_probe_amd(struct microcode_ops *ops)
* CPUs. Taint Xen if digest checking is turned off.
*/
if ( boot_cpu_data.x86 >= 0x17 && boot_cpu_data.x86 <= 0x1a &&
- !opt_digest_check )
+ !is_zen6_uarch() && !opt_digest_check )
{
printk(XENLOG_WARNING
"Microcode patch additional digest checks disabled\n");
@@ -609,7 +610,8 @@ void __init amd_check_entrysign(void)
if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
boot_cpu_data.x86 < 0x17 ||
- boot_cpu_data.x86 > 0x1a )
+ boot_cpu_data.x86 > 0x1a ||
+ is_zen6_uarch() )
return;
/*
diff --git a/xen/arch/x86/include/asm/amd.h b/xen/arch/x86/include/asm/amd.h
index 9c9599a622..7566526ea4 100644
--- a/xen/arch/x86/include/asm/amd.h
+++ b/xen/arch/x86/include/asm/amd.h
@@ -149,6 +149,8 @@
* For Zen3 and Zen4 (Fam19h) the heuristic is the presence of AutoIBRS, as
* it's Zen4-specific.
*
+ * For Zen5 and Zen6 (Fam1ah) the heuristic is the presence of FRED.
+ *
* The caller is required to perform the appropriate vendor/family checks
* first.
*/
@@ -156,6 +158,8 @@
#define is_zen2_uarch() boot_cpu_has(X86_FEATURE_AMD_STIBP)
#define is_zen3_uarch() (!boot_cpu_has(X86_FEATURE_AUTO_IBRS))
#define is_zen4_uarch() boot_cpu_has(X86_FEATURE_AUTO_IBRS)
+#define is_zen5_uarch() (!boot_cpu_has(X86_FEATURE_FRED))
+#define is_zen6_uarch() boot_cpu_has(X86_FEATURE_FRED)
struct cpuinfo_x86;
int cpu_has_amd_erratum(const struct cpuinfo_x86 *cpu, int osvw_id, ...);
diff --git a/xen/include/public/arch-x86/cpufeatureset.h
b/xen/include/public/arch-x86/cpufeatureset.h
index 4f94342ad6..618674123b 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -307,6 +307,7 @@ XEN_CPUFEATURE(CMPCCXADD, 10*32+ 7) /*a CMPccXADD
Instructions */
XEN_CPUFEATURE(FZRM, 10*32+10) /*A Fast Zero-length REP MOVSB */
XEN_CPUFEATURE(FSRS, 10*32+11) /*A Fast Short REP STOSB */
XEN_CPUFEATURE(FSRCS, 10*32+12) /*A Fast Short REP CMPSB/SCASB */
+XEN_CPUFEATURE(FRED, 10*32+17) /* Fast Return and Event Delivery */
XEN_CPUFEATURE(WRMSRNS, 10*32+19) /*S WRMSR Non-Serialising */
XEN_CPUFEATURE(AMX_FP16, 10*32+21) /* AMX FP16 instruction */
XEN_CPUFEATURE(AVX_IFMA, 10*32+23) /*A AVX-IFMA Instructions */
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.20
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |