* [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround
@ 2024-04-15 12:56 Folke Gleumes
2024-04-15 12:56 ` Folke Gleumes
2024-04-17 14:51 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 2 replies; 3+ messages in thread
From: Folke Gleumes @ 2024-04-15 12:56 UTC (permalink / raw)
To: pve-devel
The original fix disabled the xsaves feature for zen1/2. The issue has
since been fixed in the cpus microcode and this patch keeps the feature enabled
if the microcode version is recent enough to contain the fix.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
---
Tested this on an AMD Epyc 7302P v2.
...-improve-the-erratum-1386-workaround.patch | 82 +++++++++++++++++++
1 file changed, 82 insertions(+)
create mode 100644 patches/kernel/0013-improve-the-erratum-1386-workaround.patch
diff --git a/patches/kernel/0013-improve-the-erratum-1386-workaround.patch b/patches/kernel/0013-improve-the-erratum-1386-workaround.patch
new file mode 100644
index 0000000..969c10c
--- /dev/null
+++ b/patches/kernel/0013-improve-the-erratum-1386-workaround.patch
@@ -0,0 +1,82 @@
+From 29ba89f1895285f06c333546882e0c5ae9a6df23 Mon Sep 17 00:00:00 2001
+From: "Borislav Petkov (AMD)" <bp@alien8.de>
+Date: Sun, 24 Mar 2024 20:51:35 +0100
+Subject: x86/CPU/AMD: Improve the erratum 1386 workaround
+
+Disable XSAVES only on machines which haven't loaded the microcode
+revision containing the erratum fix.
+
+This will come in handy when running archaic OSes as guests. OSes whose
+brilliant programmers thought that CPUID is overrated and one should not
+query it but use features directly, ala shoot first, ask questions
+later... but only if you're alive after the shooting.
+
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
+---
+ arch/x86/include/asm/cpu_device_id.h | 8 ++++++++
+ arch/x86/kernel/cpu/amd.c | 12 ++++++++++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
+index eb8fcede9e3bf4..bf4e065cf1e2fc 100644
+--- a/arch/x86/include/asm/cpu_device_id.h
++++ b/arch/x86/include/asm/cpu_device_id.h
+@@ -190,6 +190,14 @@ struct x86_cpu_desc {
+ .x86_microcode_rev = (revision), \
+ }
+
++#define AMD_CPU_DESC(fam, model, stepping, revision) { \
++ .x86_family = (fam), \
++ .x86_vendor = X86_VENDOR_AMD, \
++ .x86_model = (model), \
++ .x86_stepping = (stepping), \
++ .x86_microcode_rev = (revision), \
++}
++
+ extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
+ extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
+
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
+index 6d8677e80ddbb1..873f0fdc2ef8a4 100644
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -13,6 +13,7 @@
+ #include <asm/apic.h>
+ #include <asm/cacheinfo.h>
+ #include <asm/cpu.h>
++#include <asm/cpu_device_id.h>
+ #include <asm/spec-ctrl.h>
+ #include <asm/smp.h>
+ #include <asm/numa.h>
+@@ -802,6 +803,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
+ clear_rdrand_cpuid_bit(c);
+ }
+
++static const struct x86_cpu_desc erratum_1386_microcode[] = {
++ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
++ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
++};
++
+ static void fix_erratum_1386(struct cpuinfo_x86 *c)
+ {
+ /*
+@@ -811,7 +817,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
+ *
+ * Affected parts all have no supervisor XSAVE states, meaning that
+ * the XSAVEC instruction (which works fine) is equivalent.
++ *
++ * Clear the feature flag only on microcode revisions which
++ * don't have the fix.
+ */
++ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
++ return;
++
+ clear_cpu_cap(c, X86_FEATURE_XSAVES);
+ }
+
+--
+cgit 1.2.3-korg
+
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround
2024-04-15 12:56 [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround Folke Gleumes
@ 2024-04-15 12:56 ` Folke Gleumes
2024-04-17 14:51 ` [pve-devel] applied: " Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Folke Gleumes @ 2024-04-15 12:56 UTC (permalink / raw)
To: pve-devel
The original fix disabled the xsaves feature for zen1/2. The issue has
since been fixed in the cpus microcode and this patch keeps the feature enabled
if the microcode version is recent enough to contain the fix.
The patch had to be altered slightly to apply cleanly on 6.5, but no
changes content-wise.
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
---
Tested this on an AMD Epyc 7302P v2.
This patch is intended for the bookworm-6.5 branch.
...-Improve-the-erratum-1386-workaround.patch | 83 +++++++++++++++++++
1 file changed, 83 insertions(+)
create mode 100644 patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
diff --git a/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch b/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
new file mode 100644
index 0000000..86b1222
--- /dev/null
+++ b/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch
@@ -0,0 +1,83 @@
+From fe4261ef5f99878f60290709d10d44bba326f95f Mon Sep 17 00:00:00 2001
+From: "Borislav Petkov (AMD)" <bp@alien8.de>
+Date: Sun, 24 Mar 2024 20:51:35 +0100
+Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround
+
+Disable XSAVES only on machines which haven't loaded the microcode
+revision containing the erratum fix.
+
+This will come in handy when running archaic OSes as guests. OSes whose
+brilliant programmers thought that CPUID is overrated and one should not
+query it but use features directly, ala shoot first, ask questions
+later... but only if you're alive after the shooting.
+
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+[ FG: port to 6.5 ]
+Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
+Tested-by: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
+Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local
+---
+ arch/x86/include/asm/cpu_device_id.h | 8 ++++++++
+ arch/x86/kernel/cpu/amd.c | 11 +++++++++++
+ 2 files changed, 19 insertions(+)
+
+diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
+index eb8fcede9e3b..bf4e065cf1e2 100644
+--- a/arch/x86/include/asm/cpu_device_id.h
++++ b/arch/x86/include/asm/cpu_device_id.h
+@@ -190,6 +190,14 @@ struct x86_cpu_desc {
+ .x86_microcode_rev = (revision), \
+ }
+
++#define AMD_CPU_DESC(fam, model, stepping, revision) { \
++ .x86_family = (fam), \
++ .x86_vendor = X86_VENDOR_AMD, \
++ .x86_model = (model), \
++ .x86_stepping = (stepping), \
++ .x86_microcode_rev = (revision), \
++}
++
+ extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match);
+ extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
+
+diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
+index 9390074ddb25..8201271f6505 100644
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -13,6 +13,7 @@
+ #include <asm/apic.h>
+ #include <asm/cacheinfo.h>
+ #include <asm/cpu.h>
++#include <asm/cpu_device_id.h>
+ #include <asm/spec-ctrl.h>
+ #include <asm/smp.h>
+ #include <asm/numa.h>
+@@ -945,6 +946,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
+ clear_rdrand_cpuid_bit(c);
+ }
+
++static const struct x86_cpu_desc erratum_1386_microcode[] = {
++ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e),
++ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052),
++};
++
+ void init_spectral_chicken(struct cpuinfo_x86 *c)
+ {
+ #ifdef CONFIG_CPU_UNRET_ENTRY
+@@ -972,7 +978,12 @@ void init_spectral_chicken(struct cpuinfo_x86 *c)
+ *
+ * Affected parts all have no supervisor XSAVE states, meaning that
+ * the XSAVEC instruction (which works fine) is equivalent.
++ * Clear the feature flag only on microcode revisions which
++ * don't have the fix.
+ */
++ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode))
++ return;
++
+ clear_cpu_cap(c, X86_FEATURE_XSAVES);
+ }
+
+--
+2.39.2
+
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] applied: [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround
2024-04-15 12:56 [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround Folke Gleumes
2024-04-15 12:56 ` Folke Gleumes
@ 2024-04-17 14:51 ` Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2024-04-17 14:51 UTC (permalink / raw)
To: Proxmox VE development discussion, Folke Gleumes
Am 15/04/2024 um 14:56 schrieb Folke Gleumes:
> The original fix disabled the xsaves feature for zen1/2. The issue has
> since been fixed in the cpus microcode and this patch keeps the feature enabled
> if the microcode version is recent enough to contain the fix.
>
> Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
> ---
>
> Tested this on an AMD Epyc 7302P v2.
>
> ...-improve-the-erratum-1386-workaround.patch | 82 +++++++++++++++++++
> 1 file changed, 82 insertions(+)
> create mode 100644 patches/kernel/0013-improve-the-erratum-1386-workaround.patch
>
>
applied both patches, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-04-17 14:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-15 12:56 [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround Folke Gleumes
2024-04-15 12:56 ` Folke Gleumes
2024-04-17 14:51 ` [pve-devel] applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox