[pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround

[Folke Gleumes <f.gleumes@proxmox.com>]

The original fix disabled the xsaves feature for zen1/2. The issue has
since been fixed in the cpus microcode and this patch keeps the feature enabled
if the microcode version is recent enough to contain the fix.
The patch had to be altered slightly to apply cleanly on 6.5, but no
changes content-wise.

Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
---

Tested this on an AMD Epyc 7302P v2.
This patch is intended for the bookworm-6.5 branch.

 ...-Improve-the-erratum-1386-workaround.patch | 83 +++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch

diff --git a/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch b/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
new file mode 100644
index 0000000..86b1222
--- /dev/null
+++ b/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
@@ -0,0 +1,83 @@
+From fe4261ef5f99878f60290709d10d44bba326f95f Mon Sep 17 00:00:00 2001
+From: "Borislav Petkov (AMD)" <bp@alien8.de>
+Date: Sun, 24 Mar 2024 20:51:35 +0100
+Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
+
+Disable XSAVES only on machines which haven't loaded the microcode
+revision containing the erratum fix.
+
+This will come in handy when running archaic OSes as guests. OSes whose
+brilliant programmers thought that CPUID is overrated and one should not
+query it but use features directly, ala shoot first, ask questions
+later... but only if you're alive after the shooting.
+
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+[ FG: port to 6.5 ]
+Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
+Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
+---
+ arch/x86/include/asm/cpu_device_id.h |  8 ++++++++
+ arch/x86/kernel/cpu/amd.c            | 11 +++++++++++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
+index eb8fcede9e3b..bf4e065cf1e2 100644
+--- a/arch/x86/include/asm/cpu_device_id.h
++++ b/arch/x86/include/asm/cpu_device_id.h
+@@ -190,6 +190,14 @@ struct x86_cpu_desc {
+ 	.x86_microcode_rev	= (revision),			\
+ }
+ 
++#define AMD_CPU_DESC(fam, model, stepping, revision) {		\
++	.x86_family		= (fam),			\
++	.x86_vendor		= X86_VENDOR_AMD,		\
++	.x86_model		= (model),			\
++	.x86_stepping		= (stepping),			\
++	.x86_microcode_rev	= (revision),			\
++}
++
+ extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
+ extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
+ 
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
+index 9390074ddb25..8201271f6505 100644
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -13,6 +13,7 @@
+ #include <asm/apic.h>
+ #include <asm/cacheinfo.h>
+ #include <asm/cpu.h>
++#include <asm/cpu_device_id.h>
+ #include <asm/spec-ctrl.h>
+ #include <asm/smp.h>
+ #include <asm/numa.h>
+@@ -945,6 +946,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
+ 	clear_rdrand_cpuid_bit(c);
+ }
+ 
++static const struct x86_cpu_desc erratum_1386_microcode[] = {
++	AMD_CPU_DESC(0x17,  0x1, 0x2, 0x0800126e),
++	AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
++};
++
+ void init_spectral_chicken(struct cpuinfo_x86 *c)
+ {
+ #ifdef CONFIG_CPU_UNRET_ENTRY
+@@ -972,7 +978,12 @@ void init_spectral_chicken(struct cpuinfo_x86 *c)
+ 	 *
+ 	 * Affected parts all have no supervisor XSAVE states, meaning that
+ 	 * the XSAVEC instruction (which works fine) is equivalent.
++	 * Clear the feature flag only on microcode revisions which
++	 * don't have the fix.
+ 	 */
++	if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
++		return;
++
+ 	clear_cpu_cap(c, X86_FEATURE_XSAVES);
+ }
+ 
+-- 
+2.39.2
+
-- 
2.39.2