[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/4] x86: Split out AMD-specific code to be executed without ucode loading

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
  • Date: Wed, 12 Nov 2025 17:22:14 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/b7AVkE9aycwDP7HcBPMZRjIqnxoGF/E1DlqBnoWYQ4=; b=SF9pFSQEXQh46VN68Q6gxoFsQ7uATQmd0lt4fN4Kiuv+FihLl5IR51GpRQC3RR06jvCRR272JHofDhA8B48IDG0G5QiaG3diYNWiWOUk+QuvDAu3i0pa28gOU0iCc+rorjJIthbFgnHWjBkd2sQ1IL7+k2452mI8MRQ+BMHy2NyrzfAsqXaIPkzBMQZ0Htf09ecByxsk11gLJxq9AfLoRPqrvu7UfCWeuY0zmBu29lnTSjezdu/24+Bs2WuuXW5bOO23HsLdz5gMrZuEDDYHpMnNPbYRW8NUHYv1qzyPzob9/g2Fbk4SZ5K1uYAibhgMsDt3drtidFNTVO7o7Hszvw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QmPN4YBt7yNXE+jjPnx8iDtyXkGr47xIjDbH0mFNUXyOM8aBfhb8FY9ifrmIRvCwYaEKkL/q1dVVRQ79orkeVRwYWwcwc/CBLM+1Udv2pIFQNhTMSvbpcRh/cOWj4j9Zw3aKbMamRpKIelm4dqaq06Cq65wHuG58nIkunIMSOFzUhLLhob0mcKbeJ+a09Q7uFx7nUL1ZbovQe+wqN/CEky2+VeIRPjRGeVLbdxGrXDLS37zTJ/4jnOpnC1FqkbgZXSLfR6EGofxz8Izd9L4NJ4o/geK27JOyarq99F5Pk3LJ4ValE3KHmke5LrcjUWrc4wTjifArG1dTpmWQLSmVQw==
  • Cc: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 12 Nov 2025 16:22:48 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Some code must be executed even with microcode loading disabled to find
out the current microcode revision. This is important to determine active
erratas and such.

With the intent of stripping microcode loading via Kconfig, move such
essential AMD-specific code to an amd-base.c file.

Not a functional change.

Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
---
 xen/arch/x86/cpu/microcode/Makefile   |  1 +
 xen/arch/x86/cpu/microcode/amd-base.c | 50 ++++++++++++++++++++++++
 xen/arch/x86/cpu/microcode/amd.c      | 55 +++------------------------
 xen/arch/x86/cpu/microcode/amd.h      | 15 ++++++++
 4 files changed, 72 insertions(+), 49 deletions(-)
 create mode 100644 xen/arch/x86/cpu/microcode/amd-base.c
 create mode 100644 xen/arch/x86/cpu/microcode/amd.h

diff --git a/xen/arch/x86/cpu/microcode/Makefile 
b/xen/arch/x86/cpu/microcode/Makefile
index 30d600544f..00aa0f24e4 100644
--- a/xen/arch/x86/cpu/microcode/Makefile
+++ b/xen/arch/x86/cpu/microcode/Makefile
@@ -1,3 +1,4 @@
 obj-$(CONFIG_AMD) += amd.o
+obj-$(CONFIG_AMD) += amd-base.o
 obj-y += core.o
 obj-$(CONFIG_INTEL) += intel.o
diff --git a/xen/arch/x86/cpu/microcode/amd-base.c 
b/xen/arch/x86/cpu/microcode/amd-base.c
new file mode 100644
index 0000000000..f8f5fac1e1
--- /dev/null
+++ b/xen/arch/x86/cpu/microcode/amd-base.c
@@ -0,0 +1,50 @@
+#include <xen/init.h>
+
+#include <asm/msr.h>
+#include <asm/processor.h>
+#include <asm/x86-vendors.h>
+
+#include "amd.h"
+
+#define pr_debug(x...) ((void)0)
+
+static void cf_check collect_cpu_info(void)
+{
+    struct cpu_signature *csig = &this_cpu(cpu_sig);
+
+    memset(csig, 0, sizeof(*csig));
+
+    csig->sig = cpuid_eax(1);
+    rdmsrl(MSR_AMD_PATCHLEVEL, csig->rev);
+
+    pr_debug("microcode: CPU%d collect_cpu_info: patch_id=%#x\n",
+             smp_processor_id(), csig->rev);
+}
+
+static const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = {
+    .cpu_request_microcode            = amd_cpu_request_microcode,
+    .collect_cpu_info                 = collect_cpu_info,
+    .apply_microcode                  = amd_apply_microcode,
+    .compare                          = amd_compare,
+    .cpio_path                        = amd_cpio_path,
+};
+
+void __init ucode_probe_amd(struct microcode_ops *ops)
+{
+    /*
+     * The Entrysign vulnerability (SB-7033, CVE-2024-36347) affects Zen1-5
+     * CPUs.  Taint Xen if digest checking is turned off.
+     */
+    if ( boot_cpu_data.family >= 0x17 && boot_cpu_data.family <= 0x1a &&
+         !opt_digest_check )
+    {
+        printk(XENLOG_WARNING
+               "Microcode patch additional digest checks disabled\n");
+        add_taint(TAINT_CPU_OUT_OF_SPEC);
+    }
+
+    if ( boot_cpu_data.family < 0x10 )
+        return;
+
+    *ops = amd_ucode_ops;
+}
diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c
index 550b8c1e57..c6d61fd38c 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -22,9 +22,7 @@
 
 #include <asm/msr.h>
 
-#include "private.h"
-
-#define pr_debug(x...) ((void)0)
+#include "amd.h"
 
 struct equiv_cpu_entry {
     uint32_t installed_cpu;
@@ -153,19 +151,6 @@ static bool check_digest(const struct container_microcode 
*mc)
     return true;
 }
 
-static void cf_check collect_cpu_info(void)
-{
-    struct cpu_signature *csig = &this_cpu(cpu_sig);
-
-    memset(csig, 0, sizeof(*csig));
-
-    csig->sig = cpuid_eax(1);
-    rdmsrl(MSR_AMD_PATCHLEVEL, csig->rev);
-
-    pr_debug("microcode: CPU%d collect_cpu_info: patch_id=%#x\n",
-             smp_processor_id(), csig->rev);
-}
-
 static bool verify_patch_size(uint32_t patch_size)
 {
     uint32_t max_size;
@@ -264,7 +249,7 @@ static bool microcode_fits_cpu(const struct microcode_patch 
*patch)
     return equiv.id == patch->processor_rev_id;
 }
 
-static int cf_check amd_compare(
+int cf_check amd_compare(
     const struct microcode_patch *old, const struct microcode_patch *new)
 {
     /* Both patches to compare are supposed to be applicable to local CPU. */
@@ -310,8 +295,8 @@ static bool check_min_rev(const struct microcode_patch 
*patch)
     return this_cpu(cpu_sig).rev >= patch->min_rev;
 }
 
-static int cf_check apply_microcode(const struct microcode_patch *patch,
-                                    unsigned int flags)
+int cf_check amd_apply_microcode(const struct microcode_patch *patch,
+                                 unsigned int flags)
 {
     int hw_err, result;
     unsigned int cpu = smp_processor_id();
@@ -424,7 +409,7 @@ static int scan_equiv_cpu_table(const struct 
container_equiv_table *et)
     return -ESRCH;
 }
 
-static struct microcode_patch *cf_check cpu_request_microcode(
+struct microcode_patch *cf_check amd_cpu_request_microcode(
     const void *buf, size_t size, bool make_copy)
 {
     const struct microcode_patch *saved = NULL;
@@ -559,37 +544,9 @@ static struct microcode_patch *cf_check 
cpu_request_microcode(
     return patch;
 }
 
-static const char __initconst amd_cpio_path[] =
+const char __initconst amd_cpio_path[] =
     "kernel/x86/microcode/AuthenticAMD.bin";
 
-static const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = {
-    .cpu_request_microcode            = cpu_request_microcode,
-    .collect_cpu_info                 = collect_cpu_info,
-    .apply_microcode                  = apply_microcode,
-    .compare                          = amd_compare,
-    .cpio_path                        = amd_cpio_path,
-};
-
-void __init ucode_probe_amd(struct microcode_ops *ops)
-{
-    /*
-     * The Entrysign vulnerability (SB-7033, CVE-2024-36347) affects Zen1-5
-     * CPUs.  Taint Xen if digest checking is turned off.
-     */
-    if ( boot_cpu_data.family >= 0x17 && boot_cpu_data.family <= 0x1a &&
-         !opt_digest_check )
-    {
-        printk(XENLOG_WARNING
-               "Microcode patch additional digest checks disabled\n");
-        add_taint(TAINT_CPU_OUT_OF_SPEC);
-    }
-
-    if ( boot_cpu_data.family < 0x10 )
-        return;
-
-    *ops = amd_ucode_ops;
-}
-
 #if 0 /* Manual CONFIG_SELF_TESTS */
 static void __init __constructor test_digests_sorted(void)
 {
diff --git a/xen/arch/x86/cpu/microcode/amd.h b/xen/arch/x86/cpu/microcode/amd.h
new file mode 100644
index 0000000000..1df1b61adb
--- /dev/null
+++ b/xen/arch/x86/cpu/microcode/amd.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef ASM_X86_MICROCODE_AMD_H
+#define ASM_X86_MICROCODE_AMD_H
+
+#include "private.h"
+
+int cf_check amd_compare(const struct microcode_patch *old,
+                         const struct microcode_patch *new);
+int cf_check amd_apply_microcode(const struct microcode_patch *patch,
+                                 unsigned int flags);
+struct microcode_patch *cf_check amd_cpu_request_microcode(
+    const void *buf, size_t size, bool make_copy);
+extern const char amd_cpio_path[];
+
+#endif /* ASM_X86_MICROCODE_AMD_H */
-- 
2.43.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.