111 lines
3.9 KiB
Diff
111 lines
3.9 KiB
Diff
From e298b1596a0ace2d3b272747a645856f6eb61128 Mon Sep 17 00:00:00 2001
|
|
From: Ashok Raj <ashok.raj@intel.com>
|
|
Date: Mon, 9 Jan 2023 07:35:50 -0800
|
|
Subject: [PATCH 13/36] x86/microcode: Add a parameter to microcode_check() to
|
|
store CPU capabilities
|
|
|
|
Add a parameter to store CPU capabilities before performing a microcode
|
|
update so that CPU capabilities can be compared before and after update.
|
|
|
|
[ bp: Massage. ]
|
|
|
|
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
|
|
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
|
Link: https://lore.kernel.org/r/20230109153555.4986-2-ashok.raj@intel.com
|
|
(cherry picked from commit ab31c74455c64e69342ddab21fd9426fcbfefde7)
|
|
|
|
CVE: CVE-2023-20593
|
|
Signed-off-by: Mridula Shastry <mridula.c.shastry@oracle.com>
|
|
Reviewed-by: Todd Vierling <todd.vierling@oracle.com>
|
|
---
|
|
arch/x86/include/asm/processor.h | 2 +-
|
|
arch/x86/kernel/cpu/common.c | 21 +++++++++++++--------
|
|
arch/x86/kernel/cpu/microcode/core.c | 3 ++-
|
|
3 files changed, 16 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
|
|
index 605740dfd017..9968d456d7e8 100644
|
|
--- a/arch/x86/include/asm/processor.h
|
|
+++ b/arch/x86/include/asm/processor.h
|
|
@@ -919,7 +919,7 @@ bool xen_set_default_idle(void);
|
|
|
|
void stop_this_cpu(void *dummy);
|
|
void df_debug(struct pt_regs *regs, long error_code);
|
|
-void microcode_check(void);
|
|
+void microcode_check(struct cpuinfo_x86 *prev_info);
|
|
|
|
enum l1tf_mitigations {
|
|
L1TF_MITIGATION_OFF,
|
|
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
|
index 7be057c7531c..437fe55acce8 100644
|
|
--- a/arch/x86/kernel/cpu/common.c
|
|
+++ b/arch/x86/kernel/cpu/common.c
|
|
@@ -2146,30 +2146,35 @@ void cpu_init_secondary(void)
|
|
#endif
|
|
|
|
#ifdef CONFIG_MICROCODE_LATE_LOADING
|
|
-/*
|
|
+/**
|
|
+ * microcode_check() - Check if any CPU capabilities changed after an update.
|
|
+ * @prev_info: CPU capabilities stored before an update.
|
|
+ *
|
|
* The microcode loader calls this upon late microcode load to recheck features,
|
|
* only when microcode has been updated. Caller holds microcode_mutex and CPU
|
|
* hotplug lock.
|
|
+ *
|
|
+ * Return: None
|
|
*/
|
|
-void microcode_check(void)
|
|
+void microcode_check(struct cpuinfo_x86 *prev_info)
|
|
{
|
|
- struct cpuinfo_x86 info;
|
|
-
|
|
perf_check_microcode();
|
|
|
|
/* Reload CPUID max function as it might've changed. */
|
|
- info.cpuid_level = cpuid_eax(0);
|
|
+ prev_info->cpuid_level = cpuid_eax(0);
|
|
|
|
/*
|
|
* Copy all capability leafs to pick up the synthetic ones so that
|
|
* memcmp() below doesn't fail on that. The ones coming from CPUID will
|
|
* get overwritten in get_cpu_cap().
|
|
*/
|
|
- memcpy(&info.x86_capability, &boot_cpu_data.x86_capability, sizeof(info.x86_capability));
|
|
+ memcpy(&prev_info->x86_capability, &boot_cpu_data.x86_capability,
|
|
+ sizeof(prev_info->x86_capability));
|
|
|
|
- get_cpu_cap(&info);
|
|
+ get_cpu_cap(prev_info);
|
|
|
|
- if (!memcmp(&info.x86_capability, &boot_cpu_data.x86_capability, sizeof(info.x86_capability)))
|
|
+ if (!memcmp(&prev_info->x86_capability, &boot_cpu_data.x86_capability,
|
|
+ sizeof(prev_info->x86_capability)))
|
|
return;
|
|
|
|
pr_warn("x86/CPU: CPU features have changed after loading microcode, but might not take effect.\n");
|
|
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
|
|
index 36f78ceca5f2..41a90074df21 100644
|
|
--- a/arch/x86/kernel/cpu/microcode/core.c
|
|
+++ b/arch/x86/kernel/cpu/microcode/core.c
|
|
@@ -457,6 +457,7 @@ wait_for_siblings:
|
|
static int microcode_reload_late(void)
|
|
{
|
|
int old = boot_cpu_data.microcode, ret;
|
|
+ struct cpuinfo_x86 prev_info;
|
|
|
|
pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
|
|
pr_err("You should switch to early loading, if possible.\n");
|
|
@@ -466,7 +467,7 @@ static int microcode_reload_late(void)
|
|
|
|
ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask);
|
|
if (ret == 0)
|
|
- microcode_check();
|
|
+ microcode_check(&prev_info);
|
|
|
|
pr_info("Reload completed, microcode revision: 0x%x -> 0x%x\n",
|
|
old, boot_cpu_data.microcode);
|
|
--
|
|
2.39.3
|
|
|