Keeps around the microcode revision reading logic, as that's security sensitive to detect out-of-date patforms and report them.
Move cpu_sig to base.c, because that's externally visible symbol outside the microcode subsystem and we need it always accesible. Signed-off-by: Alejandro Vallejo <[email protected]> --- xen/arch/x86/Kconfig | 12 ++++++++++++ xen/arch/x86/cpu/microcode/Makefile | 6 +++--- xen/arch/x86/cpu/microcode/amd-base.c | 9 +++++++-- xen/arch/x86/cpu/microcode/base.c | 21 +++++++++++---------- xen/arch/x86/cpu/microcode/core.c | 1 - xen/arch/x86/cpu/microcode/intel-base.c | 6 ++++-- xen/arch/x86/efi/efi-boot.h | 2 +- xen/arch/x86/platform_hypercall.c | 2 ++ 8 files changed, 40 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 3f0f3a0f3a..948dd00dbc 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -330,8 +330,20 @@ config REQUIRE_NX was unavailable. However, if enabled, Xen will no longer boot on any CPU which is lacking NX support. +config UCODE + bool "Microcode loading" + default y + help + Support updating the microcode revision of available CPUs with a newer + vendor-provided microcode blob. Microcode updates address some classes of + silicon defects. It's a very common delivery mechanism for fixes or + workarounds for speculative execution vulnerabilities. + + If unsure, say Y + config UCODE_SCAN_DEFAULT bool "Scan for microcode by default" + depends on UCODE help During boot, Xen can scan the multiboot images for a CPIO archive containing CPU microcode to be loaded, which is Linux's mechanism for diff --git a/xen/arch/x86/cpu/microcode/Makefile b/xen/arch/x86/cpu/microcode/Makefile index 765195ada3..4ec38b56a2 100644 --- a/xen/arch/x86/cpu/microcode/Makefile +++ b/xen/arch/x86/cpu/microcode/Makefile @@ -1,6 +1,6 @@ -obj-$(CONFIG_AMD) += amd.o +obj-$(filter $(CONFIG_AMD),$(CONFIG_UCODE)) += amd.o obj-$(CONFIG_AMD) += amd-base.o obj-y += base.o -obj-y += core.o -obj-$(CONFIG_INTEL) += intel.o +obj-$(CONFIG_UCODE) += core.o +obj-$(filter $(CONFIG_INTEL),$(CONFIG_UCODE)) += intel.o obj-$(CONFIG_INTEL) += intel-base.o diff --git a/xen/arch/x86/cpu/microcode/amd-base.c b/xen/arch/x86/cpu/microcode/amd-base.c index f8f5fac1e1..4e705fe602 100644 --- a/xen/arch/x86/cpu/microcode/amd-base.c +++ b/xen/arch/x86/cpu/microcode/amd-base.c @@ -22,19 +22,23 @@ static void cf_check collect_cpu_info(void) } static const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = { - .cpu_request_microcode = amd_cpu_request_microcode, .collect_cpu_info = collect_cpu_info, +#ifdef CONFIG_UCODE + .cpu_request_microcode = amd_cpu_request_microcode, .apply_microcode = amd_apply_microcode, .compare = amd_compare, .cpio_path = amd_cpio_path, +#endif /* CONFIG_UCODE */ }; void __init ucode_probe_amd(struct microcode_ops *ops) { /* * The Entrysign vulnerability (SB-7033, CVE-2024-36347) affects Zen1-5 - * CPUs. Taint Xen if digest checking is turned off. + * CPUs. Taint Xen if digest checking is turned off and microcode loading is + * compiled in. */ +#ifdef CONFIG_UCODE if ( boot_cpu_data.family >= 0x17 && boot_cpu_data.family <= 0x1a && !opt_digest_check ) { @@ -42,6 +46,7 @@ void __init ucode_probe_amd(struct microcode_ops *ops) "Microcode patch additional digest checks disabled\n"); add_taint(TAINT_CPU_OUT_OF_SPEC); } +#endif /* CONFIG_UCODE */ if ( boot_cpu_data.family < 0x10 ) return; diff --git a/xen/arch/x86/cpu/microcode/base.c b/xen/arch/x86/cpu/microcode/base.c index 895ee78d2e..3e0b5a7447 100644 --- a/xen/arch/x86/cpu/microcode/base.c +++ b/xen/arch/x86/cpu/microcode/base.c @@ -13,6 +13,7 @@ #include "private.h" struct microcode_ops __ro_after_init ucode_ops; +DEFINE_PER_CPU(struct cpu_signature, cpu_sig); int microcode_update_one(void) { @@ -23,6 +24,9 @@ int microcode_update_one(void) if ( ucode_ops.collect_cpu_info ) alternative_vcall(ucode_ops.collect_cpu_info); + if ( !IS_ENABLED(CONFIG_UCODE) ) + return 0; + return _microcode_update_one(); } @@ -30,16 +34,10 @@ int __init early_microcode_init(struct boot_info *bi) { const struct cpuinfo_x86 *c = &boot_cpu_data; - switch ( c->vendor ) - { - case X86_VENDOR_AMD: + if ( IS_ENABLED(CONFIG_AMD) && c->vendor == X86_VENDOR_AMD ) ucode_probe_amd(&ucode_ops); - break; - - case X86_VENDOR_INTEL: + else if ( IS_ENABLED(CONFIG_INTEL) && c->vendor == X86_VENDOR_INTEL ) ucode_probe_intel(&ucode_ops); - break; - } if ( !ucode_ops.collect_cpu_info ) { @@ -60,10 +58,13 @@ int __init early_microcode_init(struct boot_info *bi) * * Take the hint in either case and ignore the microcode interface. */ - if ( !ucode_ops.apply_microcode || this_cpu(cpu_sig).rev == ~0 ) + if ( !IS_ENABLED(CONFIG_UCODE) || !ucode_ops.apply_microcode || + this_cpu(cpu_sig).rev == ~0 ) { printk(XENLOG_INFO "Microcode loading disabled due to: %s\n", - ucode_ops.apply_microcode ? "rev = ~0" : "HW toggle"); + !IS_ENABLED(CONFIG_UCODE) ? "not compiled-in" : + ucode_ops.apply_microcode ? "rev = ~0" : + "HW toggle"); ucode_ops.apply_microcode = NULL; return -ENODEV; } diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 553a0ced15..d6ba250dca 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -164,7 +164,6 @@ custom_param("ucode", parse_ucode); static DEFINE_SPINLOCK(microcode_mutex); -DEFINE_PER_CPU(struct cpu_signature, cpu_sig); /* Store error code of the work done in NMI handler */ static DEFINE_PER_CPU(int, loading_err); diff --git a/xen/arch/x86/cpu/microcode/intel-base.c b/xen/arch/x86/cpu/microcode/intel-base.c index 4fcacaa192..18fdb4e7fc 100644 --- a/xen/arch/x86/cpu/microcode/intel-base.c +++ b/xen/arch/x86/cpu/microcode/intel-base.c @@ -32,17 +32,19 @@ static void cf_check collect_cpu_info(void) } static const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = { + .collect_cpu_info = collect_cpu_info, +#ifdef CONFIG_UCODE .cpu_request_microcode = intel_cpu_request_microcode, .apply_microcode = intel_apply_microcode, - .collect_cpu_info = collect_cpu_info, .compare = intel_compare, .cpio_path = intel_cpio_path, +#endif /* CONFIG_UCODE */ }; void __init ucode_probe_intel(struct microcode_ops *ops) { *ops = intel_ucode_ops; - if ( !intel_can_load_microcode() ) + if ( IS_ENABLED(CONFIG_UCODE) && !intel_can_load_microcode() ) ops->apply_microcode = NULL; } diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h index 0194720003..9ec9291681 100644 --- a/xen/arch/x86/efi/efi-boot.h +++ b/xen/arch/x86/efi/efi-boot.h @@ -295,7 +295,7 @@ static void __init efi_arch_cfg_file_late(const EFI_LOADED_IMAGE *image, { union string name; - if ( read_section(image, L"ucode", &ucode, NULL) ) + if ( !IS_ENABLED(CONFIG_UCODE) || read_section(image, L"ucode", &ucode, NULL) ) return; name.s = get_value(&cfg, section, "ucode"); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 79bb99e0b6..b2527bca93 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -307,6 +307,7 @@ ret_t do_platform_op( break; } +#ifdef CONFIG_UCODE case XENPF_microcode_update: { XEN_GUEST_HANDLE(const_void) data; @@ -327,6 +328,7 @@ ret_t do_platform_op( op->u.microcode2.flags); break; } +#endif /* CONFIG_UCODE */ case XENPF_platform_quirk: { -- 2.43.0
