[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/AMD: extend Zenbleed check to models "good" ucode isn't known for


  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 22 Aug 2023 15:53:30 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VIO/0woE3ROzSflQqHF58TwkUs1PXZSon8/dyJQgys0=; b=bjBODkMEc0Yvp3zV4+RevKwjippP8hMEmPrIFiQg/GHpMOqBAT7KPd2nxmnE5fFzjlMGeYUjBpVLESPZD7g4uU6n/4OMJTjhZlidj6vuW5zYA/lSWjv1l7+qPOrsg+Yyf/hXNS/BUfpyBY5b+sDEYN9I52xjjfvZWF5mX5JD5/4tBj+QUnZnAsQChcqTfCo+wNxiqvvZCBi2RELjgkeo4xGbnxcdQSn8L+XaMa1grubRJXA225VXIL8WWL6aHJFDfj84xEKsjMGJvlF2HuiFZ2zlV68Z0jpSXYCDp3GzblhTf4k552MOsrITFGosrEPWROUvatta2WEvsuK8NwE2Pw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HyBBoN/C/KJMJ827tjDfGbZZHTXzHZ9djqw5H1rhiEQsxQbjKkSzSMVbe4QI+p10qFRG4PhZczR08mpmgBuWMLutoGqQolaXdT96ej9ApMxa2DWswom/yS0UnOb/R6BRipjrWI8W8HMXVZS3D/2TXRdGXppJSenCGaW5WTnOVkVM+1Zb2VsDFOjeEFXcYuwbOcx8Z/svethQRlde/OQo+EY6rIuMw2QS5WuQkSL6HIvgj6eUv8F8Jh+4phEjhXxd+rNtv9F2b2g4ngtnHtTU9LxFoMHGZo8jQ0hARlGTgWKJk7wNsRkl0j3MMvjQT1XyzQtVbhtDBXT+GqUTtBNGlQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 22 Aug 2023 14:53:54 +0000
  • Ironport-data: A9a23:i0+BsqjOg/cgEsg25FYQGGfpX161QhEKZh0ujC45NGQN5FlHY01je htvXz+BaK6CY2D8c4x0PYm290hV65SGyYBiGwBvrn1mFyMb9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrWCYmYpHlUMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsx+qyr0N8klgZmP6sT7AWEzyN94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tQldAEnPzGcqNuY0Z2/S+5en/R8I5jSadZ3VnFIlVk1DN4AaLWaGeDv2oUd2z09wMdTAfzZe swVLyJ1awjNaAFOPVFRD48imOCvhT/0dDgwRFC9/PJrpTSMilIvluS3WDbWUoXiqcF9t0CUv G/ZuU/+BQkXLoe3wjuZ6HO8wOTImEsXXapLTuXhqqI13gD7Kmo7ITAxBEfquOOAgGWmaswcC FMw6AcihP1nnKCsZpynN/Gim1aGtBMBX9tbE8Uh9RqAjKHT5m6xFmUCCzJMdtEinMs3XiAxk E+EmcvzAj5iu6HTTmiSnp+LqRuiNC5TKnUNDRLoViMA6tjn5YQs1BTGS485FLbv1oGvXzbt3 zqNsS4ywa0JitIG3Lm6+laBhC+wop/OTUg+4QC/sn+Z0z6VrbWNP+SAgWU3J94ZRGpFZjFtZ EQ5pvU=
  • Ironport-hdrordr: A9a23:9scwBa+r6ewtqSmXY3Buk+DWI+orL9Y04lQ7vn2ZKCY4TiX8ra uTdZsguiMc5Ax+ZJhDo7C90di7IE80nKQdieN9AV7IZniEhILHFvAG0aLShxHmBi3i5qp8+M 5bAsxD4QTLfDpHsfo=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22/08/2023 3:22 pm, Jan Beulich wrote:
> Reportedly the AMD Custom APU 0405 found on SteamDeck, models 0x90 and
> 0x91, (quoting the respective Linux commit) is similarly affected. Put
> another instance of our Zen1 vs Zen2 distinction checks in
> amd_check_zenbleed(), forcing use of the chickenbit irrespective of
> ucode version (building upon real hardware never surfacing a version of
> 0xffffffff).
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> --- a/xen/arch/x86/cpu/amd.c
> +++ b/xen/arch/x86/cpu/amd.c
> @@ -936,10 +936,14 @@ void amd_check_zenbleed(void)
>       case 0xa0 ... 0xaf: good_rev = 0x08a00008; break;
>       default:
>               /*
> -              * With the Fam17h check above, parts getting here are Zen1.
> -              * They're not affected.
> +              * With the Fam17h check above, most parts getting here are
> +              * Zen1.  They're not affected.  Assume Zen2 ones making it
> +              * here are affected regardless of microcode version.

It's not really "assume Zen2 are vulnerable".  All Zen2 *are*
vulnerable, but we keep on finding new CPUs that AMD did for special
circumstances and haven't documented in their model lists.

Furthermore, there needs to be another sentence:

"Because we still don't have an correct authoritative list of Zen1 vs
Zen2 by model number, use STIBP as a heuristic to distinguish."

Or something like this.  It is important to state that STIBP is our
model-heuristic here.

With some kind of note explaining what's going on, Reviewed-by: Andrew
Cooper <andrew.cooper3@xxxxxxxxxx>

>                */
> -             return;
> +             if (!boot_cpu_has(X86_FEATURE_AMD_STIBP))
> +                     return;
> +             good_rev = ~0u;

While I hate to review like this, someone is going to come along and
swap this u for U for MISRA reasons.  Probably best to adjust it now.

~Andrew

> +             break;
>       }
>  
>       rdmsrl(MSR_AMD64_DE_CFG, val);




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.