From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 40F1C96316 for ; Mon, 15 Apr 2024 14:57:02 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0FE6EA144 for ; Mon, 15 Apr 2024 14:57:02 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 15 Apr 2024 14:57:01 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 06F29449F7 for ; Mon, 15 Apr 2024 14:57:01 +0200 (CEST) From: Folke Gleumes To: pve-devel@lists.proxmox.com Date: Mon, 15 Apr 2024 14:56:50 +0200 Message-Id: <20240415125650.2469464-2-f.gleumes@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240415125650.2469464-1-f.gleumes@proxmox.com> References: <20240415125650.2469464-1-f.gleumes@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.014 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH kernel 1/1] cherry-pick improved erratum 1386 workaround X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2024 12:57:02 -0000 The original fix disabled the xsaves feature for zen1/2. The issue has since been fixed in the cpus microcode and this patch keeps the feature enabled if the microcode version is recent enough to contain the fix. The patch had to be altered slightly to apply cleanly on 6.5, but no changes content-wise. Signed-off-by: Folke Gleumes --- Tested this on an AMD Epyc 7302P v2. This patch is intended for the bookworm-6.5 branch. ...-Improve-the-erratum-1386-workaround.patch | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch diff --git a/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch b/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch new file mode 100644 index 0000000..86b1222 --- /dev/null +++ b/patches/kernel/0017-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch @@ -0,0 +1,83 @@ +From fe4261ef5f99878f60290709d10d44bba326f95f Mon Sep 17 00:00:00 2001 +From: "Borislav Petkov (AMD)" +Date: Sun, 24 Mar 2024 20:51:35 +0100 +Subject: [PATCH] x86/CPU/AMD: Improve the erratum 1386 workaround + +Disable XSAVES only on machines which haven't loaded the microcode +revision containing the erratum fix. + +This will come in handy when running archaic OSes as guests. OSes whose +brilliant programmers thought that CPUID is overrated and one should not +query it but use features directly, ala shoot first, ask questions +later... but only if you're alive after the shooting. + +Signed-off-by: Borislav Petkov (AMD) +[ FG: port to 6.5 ] +Signed-off-by: Folke Gleumes +Tested-by: "Maciej S. Szmigiero" +Cc: Boris Ostrovsky +Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.local +--- + arch/x86/include/asm/cpu_device_id.h | 8 ++++++++ + arch/x86/kernel/cpu/amd.c | 11 +++++++++++ + 2 files changed, 19 insertions(+) + +diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h +index eb8fcede9e3b..bf4e065cf1e2 100644 +--- a/arch/x86/include/asm/cpu_device_id.h ++++ b/arch/x86/include/asm/cpu_device_id.h +@@ -190,6 +190,14 @@ struct x86_cpu_desc { + .x86_microcode_rev = (revision), \ + } + ++#define AMD_CPU_DESC(fam, model, stepping, revision) { \ ++ .x86_family = (fam), \ ++ .x86_vendor = X86_VENDOR_AMD, \ ++ .x86_model = (model), \ ++ .x86_stepping = (stepping), \ ++ .x86_microcode_rev = (revision), \ ++} ++ + extern const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match); + extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table); + +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index 9390074ddb25..8201271f6505 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -945,6 +946,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c) + clear_rdrand_cpuid_bit(c); + } + ++static const struct x86_cpu_desc erratum_1386_microcode[] = { ++ AMD_CPU_DESC(0x17, 0x1, 0x2, 0x0800126e), ++ AMD_CPU_DESC(0x17, 0x31, 0x0, 0x08301052), ++}; ++ + void init_spectral_chicken(struct cpuinfo_x86 *c) + { + #ifdef CONFIG_CPU_UNRET_ENTRY +@@ -972,7 +978,12 @@ void init_spectral_chicken(struct cpuinfo_x86 *c) + * + * Affected parts all have no supervisor XSAVE states, meaning that + * the XSAVEC instruction (which works fine) is equivalent. ++ * Clear the feature flag only on microcode revisions which ++ * don't have the fix. + */ ++ if (x86_cpu_has_min_microcode_rev(erratum_1386_microcode)) ++ return; ++ + clear_cpu_cap(c, X86_FEATURE_XSAVES); + } + +-- +2.39.2 + -- 2.39.2