From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 3851096315 for ; Mon, 15 Apr 2024 14:57:02 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0B331A143 for ; Mon, 15 Apr 2024 14:57:02 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 15 Apr 2024 14:57:01 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 0237D44380 for ; Mon, 15 Apr 2024 14:57:01 +0200 (CEST) From: Folke Gleumes To: pve-devel@lists.proxmox.com Date: Mon, 15 Apr 2024 14:56:49 +0200 Message-Id: <20240415125650.2469464-1-f.gleumes@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.014 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2024 12:57:02 -0000 The original fix disabled the xsaves feature for zen1/2. The issue has since been fixed in the cpus microcode and this patch keeps the feature enabled if the microcode version is recent enough to contain the fix. Signed-off-by: Folke Gleumes --- Tested this on an AMD Epyc 7302P v2. ...-improve-the-erratum-1386-workaround.patch | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 patches/kernel/0013-improve-the-erratum-1386-workaround.patch diff --git a/patches/kernel/0013-improve-the-erratum-1386-workaround.patch b/patches/kernel/0013-improve-the-erratum-1386-workaround.patch new file mode 100644 index 0000000..969c10c --- /dev/null +++ b/patches/kernel/0013-improve-the-erratum-1386-workaround.patch @@ -0,0 +1,82 @@ +From 29ba89f1895285f06c333546882e0c5ae9a6df23 Mon Sep 17 00:00:00 2001 +From: "Borislav Petkov (AMD)" +Date: Sun, 24 Mar 2024 20:51:35 +0100 +Subject: x86/CPU/AMD: Improve the erratum 1386 workaround + +Disable XSAVES only on machines which haven't loaded the microcode +revision containing the erratum fix. + +This will come in handy when running archaic OSes as guests. OSes whose +brilliant programmers thought that CPUID is overrated and one should not +query it but use features directly, ala shoot first, ask questions +later... but only if you're alive after the shooting. + +Signed-off-by: Borislav Petkov (AMD) +Tested-by: "Maciej S. Szmigiero" +Cc: Boris Ostrovsky +Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local +--- + arch/x86/include/asm/cpu_device_id.h | 8 ++++++++ + arch/x86/kernel/cpu/amd.c | 12 ++++++++++++ + 2 files changed, 20 insertions(+) + +diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h +index eb8fcede9e3bf4..bf4e065cf1e2fc 100644 +--- a/arch/x86/include/asm/cpu_device_id.h ++++ b/arch/x86/include/asm/cpu_device_id.h +@@ -190,6 +190,14 @@ struct x86_cpu_desc { + .x86_microcode_rev = (revision), \ + } + ++#define AMD_CPU_DESC(fam, model, stepping, revision) { \ ++ .x86_family = (fam), \ ++ .x86_vendor = X86_VENDOR_AMD, \ ++ .x86_model = (model), \ ++ .x86_stepping = (stepping), \ ++ .x86_microcode_rev = (revision), \ ++} ++ + extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match); + extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table); + +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index 6d8677e80ddbb1..873f0fdc2ef8a4 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -802,6 +803,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c) + clear_rdrand_cpuid_bit(c); + } + ++static const struct x86_cpu_desc erratum_1386_microcode[] = { ++ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e), ++ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052), ++}; ++ + static void fix_erratum_1386(struct cpuinfo_x86 *c) + { + /* +@@ -811,7 +817,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c) + * + * Affected parts all have no supervisor XSAVE states, meaning that + * the XSAVEC instruction (which works fine) is equivalent. ++ * ++ * Clear the feature flag only on microcode revisions which ++ * don't have the fix. + */ ++ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode)) ++ return; ++ + clear_cpu_cap(c, X86_FEATURE_XSAVES); + } + +-- +cgit 1.2.3-korg + -- 2.39.2