forked from rpms/kernel
176 lines
5.5 KiB
Diff
176 lines
5.5 KiB
Diff
|
From 661c6baa7f0dd4ef365c1cfd5aee9e999304fab2 Mon Sep 17 00:00:00 2001
|
||
|
From: "Borislav Petkov (AMD)" <bp@alien8.de>
|
||
|
Date: Sat, 15 Jul 2023 13:41:28 +0200
|
||
|
Subject: [PATCH 35/36] x86/cpu/amd: Add a Zenbleed fix
|
||
|
|
||
|
Add a fix for the Zen2 VZEROUPPER data corruption bug where under
|
||
|
certain circumstances executing VZEROUPPER can cause register
|
||
|
corruption or leak data.
|
||
|
|
||
|
The optimal fix is through microcode but in the case the proper
|
||
|
microcode revision has not been applied, enable a fallback fix using
|
||
|
a chicken bit.
|
||
|
|
||
|
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
|
||
|
(cherry picked from commit 522b1d69219d8f083173819fde04f994aa051a98)
|
||
|
|
||
|
CVE: CVE-2023-20593
|
||
|
Signed-off-by: Mridula Shastry <mridula.c.shastry@oracle.com>
|
||
|
Reviewed-by: Todd Vierling <todd.vierling@oracle.com>
|
||
|
---
|
||
|
arch/x86/include/asm/microcode.h | 1 +
|
||
|
arch/x86/include/asm/microcode_amd.h | 2 +
|
||
|
arch/x86/include/asm/msr-index.h | 2 +
|
||
|
arch/x86/kernel/cpu/amd.c | 60 ++++++++++++++++++++++++++++
|
||
|
arch/x86/kernel/cpu/common.c | 2 +
|
||
|
5 files changed, 67 insertions(+)
|
||
|
|
||
|
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
|
||
|
index 629330986955..2e23f658c69b 100644
|
||
|
--- a/arch/x86/include/asm/microcode.h
|
||
|
+++ b/arch/x86/include/asm/microcode.h
|
||
|
@@ -5,6 +5,7 @@
|
||
|
#include <asm/cpu.h>
|
||
|
#include <linux/earlycpio.h>
|
||
|
#include <linux/initrd.h>
|
||
|
+#include <asm/microcode_amd.h>
|
||
|
|
||
|
struct ucode_patch {
|
||
|
struct list_head plist;
|
||
|
diff --git a/arch/x86/include/asm/microcode_amd.h b/arch/x86/include/asm/microcode_amd.h
|
||
|
index a645b25ee442..403a8e76b310 100644
|
||
|
--- a/arch/x86/include/asm/microcode_amd.h
|
||
|
+++ b/arch/x86/include/asm/microcode_amd.h
|
||
|
@@ -48,11 +48,13 @@ extern void __init load_ucode_amd_bsp(unsigned int family);
|
||
|
extern void load_ucode_amd_ap(unsigned int family);
|
||
|
extern int __init save_microcode_in_initrd_amd(unsigned int family);
|
||
|
void reload_ucode_amd(unsigned int cpu);
|
||
|
+extern void amd_check_microcode(void);
|
||
|
#else
|
||
|
static inline void __init load_ucode_amd_bsp(unsigned int family) {}
|
||
|
static inline void load_ucode_amd_ap(unsigned int family) {}
|
||
|
static inline int __init
|
||
|
save_microcode_in_initrd_amd(unsigned int family) { return -EINVAL; }
|
||
|
static inline void reload_ucode_amd(unsigned int cpu) {}
|
||
|
+static inline void amd_check_microcode(void) {}
|
||
|
#endif
|
||
|
#endif /* _ASM_X86_MICROCODE_AMD_H */
|
||
|
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
|
||
|
index bf54eb786776..bc38cbf0ac20 100644
|
||
|
--- a/arch/x86/include/asm/msr-index.h
|
||
|
+++ b/arch/x86/include/asm/msr-index.h
|
||
|
@@ -498,6 +498,8 @@
|
||
|
#define MSR_AMD_PPIN 0xc00102f1
|
||
|
#define MSR_AMD64_LS_CFG 0xc0011020
|
||
|
#define MSR_AMD64_DC_CFG 0xc0011022
|
||
|
+#define MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT 9
|
||
|
+
|
||
|
#define MSR_AMD64_BU_CFG2 0xc001102a
|
||
|
#define MSR_AMD64_IBSFETCHCTL 0xc0011030
|
||
|
#define MSR_AMD64_IBSFETCHLINAD 0xc0011031
|
||
|
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
|
||
|
index c2979e3bed04..384e484cbbdc 100644
|
||
|
--- a/arch/x86/kernel/cpu/amd.c
|
||
|
+++ b/arch/x86/kernel/cpu/amd.c
|
||
|
@@ -69,6 +69,11 @@ static const int amd_erratum_383[] =
|
||
|
static const int amd_erratum_1054[] =
|
||
|
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0, 0, 0x2f, 0xf));
|
||
|
|
||
|
+static const int amd_zenbleed[] =
|
||
|
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x30, 0x0, 0x4f, 0xf),
|
||
|
+ AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf),
|
||
|
+ AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf));
|
||
|
+
|
||
|
static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum)
|
||
|
{
|
||
|
int osvw_id = *erratum++;
|
||
|
@@ -957,6 +962,47 @@ static void init_amd_zn(struct cpuinfo_x86 *c)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+static bool cpu_has_zenbleed_microcode(void)
|
||
|
+{
|
||
|
+ u32 good_rev = 0;
|
||
|
+
|
||
|
+ switch (boot_cpu_data.x86_model) {
|
||
|
+ case 0x30 ... 0x3f: good_rev = 0x0830107a; break;
|
||
|
+ case 0x60 ... 0x67: good_rev = 0x0860010b; break;
|
||
|
+ case 0x68 ... 0x6f: good_rev = 0x08608105; break;
|
||
|
+ case 0x70 ... 0x7f: good_rev = 0x08701032; break;
|
||
|
+ case 0xa0 ... 0xaf: good_rev = 0x08a00008; break;
|
||
|
+
|
||
|
+ default:
|
||
|
+ return false;
|
||
|
+ break;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (boot_cpu_data.microcode < good_rev)
|
||
|
+ return false;
|
||
|
+
|
||
|
+ return true;
|
||
|
+}
|
||
|
+
|
||
|
+static void zenbleed_check(struct cpuinfo_x86 *c)
|
||
|
+{
|
||
|
+ if (!cpu_has_amd_erratum(c, amd_zenbleed))
|
||
|
+ return;
|
||
|
+
|
||
|
+ if (cpu_has(c, X86_FEATURE_HYPERVISOR))
|
||
|
+ return;
|
||
|
+
|
||
|
+ if (!cpu_has(c, X86_FEATURE_AVX))
|
||
|
+ return;
|
||
|
+
|
||
|
+ if (!cpu_has_zenbleed_microcode()) {
|
||
|
+ pr_notice_once("Zenbleed: please update your microcode for the most optimal fix\n");
|
||
|
+ msr_set_bit(MSR_AMD64_DE_CFG, MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT);
|
||
|
+ } else {
|
||
|
+ msr_clear_bit(MSR_AMD64_DE_CFG, MSR_AMD64_DE_CFG_ZEN2_FP_BACKUP_FIX_BIT);
|
||
|
+ }
|
||
|
+}
|
||
|
+
|
||
|
static void init_amd(struct cpuinfo_x86 *c)
|
||
|
{
|
||
|
early_init_amd(c);
|
||
|
@@ -1057,6 +1103,8 @@ static void init_amd(struct cpuinfo_x86 *c)
|
||
|
if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) &&
|
||
|
cpu_has(c, X86_FEATURE_AUTOIBRS))
|
||
|
WARN_ON_ONCE(msr_set_bit(MSR_EFER, _EFER_AUTOIBRS));
|
||
|
+
|
||
|
+ zenbleed_check(c);
|
||
|
}
|
||
|
|
||
|
#ifdef CONFIG_X86_32
|
||
|
@@ -1205,3 +1253,15 @@ u32 amd_get_highest_perf(void)
|
||
|
return 255;
|
||
|
}
|
||
|
EXPORT_SYMBOL_GPL(amd_get_highest_perf);
|
||
|
+
|
||
|
+static void zenbleed_check_cpu(void *unused)
|
||
|
+{
|
||
|
+ struct cpuinfo_x86 *c = &cpu_data(smp_processor_id());
|
||
|
+
|
||
|
+ zenbleed_check(c);
|
||
|
+}
|
||
|
+
|
||
|
+void amd_check_microcode(void)
|
||
|
+{
|
||
|
+ on_each_cpu(zenbleed_check_cpu, NULL, 1);
|
||
|
+}
|
||
|
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
|
||
|
index c5c08a3ace2a..61039cf3d6eb 100644
|
||
|
--- a/arch/x86/kernel/cpu/common.c
|
||
|
+++ b/arch/x86/kernel/cpu/common.c
|
||
|
@@ -2187,6 +2187,8 @@ void microcode_check(struct cpuinfo_x86 *prev_info)
|
||
|
|
||
|
perf_check_microcode();
|
||
|
|
||
|
+ amd_check_microcode();
|
||
|
+
|
||
|
store_cpu_caps(&curr_info);
|
||
|
|
||
|
if (!memcmp(&prev_info->x86_capability, &curr_info.x86_capability,
|
||
|
--
|
||
|
2.39.3
|
||
|
|