Xen project Mailing List

Re: [PATCH] x86/AMD: extend Zenbleed check to models "good" ucode isn't known for

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 22 Aug 2023 17:00:32 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t8ltrA6vXnHwqwFuksLnw1O3/O93cqzqGv8V5sm8PRg=; b=jJe0miHUgJawNlOeoU5ChkgDN9Z9rFmuKEvRFA6F8GfXTT7nsP5Lqy5yegM+/euvdYKEsX9wwFSG7XhRfcoYQguhHYc+ii6wAbT6gsYGux5AjpASXAjo9cmVcFkWAVtVB17BeAjxiVoQmTsZhq3kE+0KqQBmMDLs562VB/b8w6X9/KzvhmTyzQ9CAXUuEHNYRXKCiTCODINPwqkjz+Oq1SdPrqA2c884ZfE0mhpV02uTaUD7W2Z91ktYpZlsE7WaZJzJT4KpYif+Iz2TfFDBUfuFPzh9rRLlMCLCi869cjTBHet+1ILk49y00skMrxiu2cNOiTgmfgly4DsJzzCwMA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RRDzgFX8QLBBv9nBkywzOn8Z2faBgaqCn7Lur3/Tywt32lsc+ZDnp2BkaVeIKqn2rI2CUX+IPfPuJ6RNr/C4DE5awIWykelY1l7EncM/HuP71o8u/x+BfWxy8Ox2gr5eYKfP3zBdS3EFSli7P0Qg3UN3VxSnEOYPlu0h5keMHYVYpV76xfD3A6bgc9oCh7FNBEimSOHl8ebcF+sthz+5c4z1FHa2ZslonrRh0Lt30gnHr5h5BOZ7Q9eqljtLFqho2pkqfPJifyWIxSIU47UR9kpP6fQnBPh7huhZMPMpV/qWO93DW8YSMhgyp7qSC16XDu8BmRnNatmnzpyB5FT/XA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 22 Aug 2023 15:00:45 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.08.2023 16:53, Andrew Cooper wrote: > On 22/08/2023 3:22 pm, Jan Beulich wrote: >> Reportedly the AMD Custom APU 0405 found on SteamDeck, models 0x90 and >> 0x91, (quoting the respective Linux commit) is similarly affected. Put >> another instance of our Zen1 vs Zen2 distinction checks in >> amd_check_zenbleed(), forcing use of the chickenbit irrespective of >> ucode version (building upon real hardware never surfacing a version of >> 0xffffffff). >> >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> >> >> --- a/xen/arch/x86/cpu/amd.c >> +++ b/xen/arch/x86/cpu/amd.c >> @@ -936,10 +936,14 @@ void amd_check_zenbleed(void) >> case 0xa0 ... 0xaf: good_rev = 0x08a00008; break; >> default: >> /* >> - * With the Fam17h check above, parts getting here are Zen1. >> - * They're not affected. >> + * With the Fam17h check above, most parts getting here are >> + * Zen1. They're not affected. Assume Zen2 ones making it >> + * here are affected regardless of microcode version. > > It's not really "assume Zen2 are vulnerable". But that's also not what the comment says. It says "regardless of microcode version". > All Zen2 *are* > vulnerable, but we keep on finding new CPUs that AMD did for special > circumstances and haven't documented in their model lists. > > Furthermore, there needs to be another sentence: > > "Because we still don't have an correct authoritative list of Zen1 vs > Zen2 by model number, use STIBP as a heuristic to distinguish." > > Or something like this. It is important to state that STIBP is our > model-heuristic here. Will add. > With some kind of note explaining what's going on, Reviewed-by: Andrew > Cooper <andrew.cooper3@xxxxxxxxxx> Thanks. >> */ >> - return; >> + if (!boot_cpu_has(X86_FEATURE_AMD_STIBP)) >> + return; >> + good_rev = ~0u; > > While I hate to review like this, someone is going to come along and > swap this u for U for MISRA reasons. Probably best to adjust it now. Oh, right, will do. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.