[PATCH OLK-5.10 0/2] CVE-2024-53114 - Kernel - mailweb.openeuler.org

newer
[PATCH OLK-6.6] x86/CPU/AMD: Clear...

[PATCH OLK-5.10 0/2] CVE-2024-53114

older
[openeuler:OLK-5.10] BUILD...

Heyuan Wang

11 Dec 2024 11 Dec '24

11:46 a.m.

CVE-2024-53114 Borislav Petkov (AMD) (1): x86/CPU/AMD: Do the common init on future Zens too Mario Limonciello (1): x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client arch/x86/kernel/cpu/amd.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) -- 2.25.1

Reply

Sign in to reply online Use email software

Show replies by date

patchwork bot

11 Dec 11 Dec

11:41 a.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/14133 邮件列表地址：https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/D... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/14133 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/D...

Reply

Sign in to reply online Use email software

Heyuan Wang

11:46 a.m.

New subject: [PATCH OLK-5.10 1/2] x86/CPU/AMD: Do the common init on future Zens too

From: "Borislav Petkov (AMD)" <bp@alien8.de> mainline inclusion from mainline-v6.9-rc1 commit 03ceaf678d444e67fb9c1a372458ba869aa37a60 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8IUH CVE: CVE-2024-53114 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- There's no need to enable the common Zen init stuff for each new family - just do it by default on everything >= 0x17 family. Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lore.kernel.org/r/20240201161024.30839-1-bp@alien8.de Signed-off-by: Heyuan Wang <wangheyuan2@h-partners.com> --- arch/x86/kernel/cpu/amd.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 688c9ca69852..f394aa7bee8a 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1020,7 +1020,6 @@ static void init_amd_zen_common(void) static void init_amd_zen1(struct cpuinfo_x86 *c) { - init_amd_zen_common(); fix_erratum_1386(c); /* Fix up CPUID bits, but only if not virtualised. */ @@ -1075,7 +1074,6 @@ static void zen2_zenbleed_check(struct cpuinfo_x86 *c) static void init_amd_zen2(struct cpuinfo_x86 *c) { - init_amd_zen_common(); init_spectral_chicken(c); fix_erratum_1386(c); zen2_zenbleed_check(c); @@ -1083,8 +1081,6 @@ static void init_amd_zen2(struct cpuinfo_x86 *c) static void init_amd_zen3(struct cpuinfo_x86 *c) { - init_amd_zen_common(); - if (!cpu_has(c, X86_FEATURE_HYPERVISOR)) { /* * Zen3 (Fam19 model < 0x10) parts are not susceptible to @@ -1098,15 +1094,12 @@ static void init_amd_zen3(struct cpuinfo_x86 *c) static void init_amd_zen4(struct cpuinfo_x86 *c) { - init_amd_zen_common(); - if (!cpu_has(c, X86_FEATURE_HYPERVISOR)) msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT); } static void init_amd_zen5(struct cpuinfo_x86 *c) { - init_amd_zen_common(); } static void init_amd(struct cpuinfo_x86 *c) @@ -1140,6 +1133,13 @@ static void init_amd(struct cpuinfo_x86 *c) case 0x16: init_amd_jg(c); break; } + /* + * Save up on some future enablement work and do common Zen + * settings. + */ + if (c->x86 >= 0x17) + init_amd_zen_common(); + if (boot_cpu_has(X86_FEATURE_ZEN1)) init_amd_zen1(c); else if (boot_cpu_has(X86_FEATURE_ZEN2)) -- 2.25.1

Reply

Sign in to reply online Use email software

Heyuan Wang

11:47 a.m.

New subject: [PATCH OLK-5.10 2/2] x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client

From: Mario Limonciello <mario.limonciello@amd.com> mainline inclusion from mainline-v6.12 commit a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8IUH CVE: CVE-2024-53114 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren't intended to be advertised on Zen4 client so clear the capability. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: stable@vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=219009 Signed-off-by: Heyuan Wang <wangheyuan2@h-partners.com> --- arch/x86/kernel/cpu/amd.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index f394aa7bee8a..e4c915a5f578 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1096,6 +1096,17 @@ static void init_amd_zen4(struct cpuinfo_x86 *c) { if (!cpu_has(c, X86_FEATURE_HYPERVISOR)) msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_SHARED_BTB_FIX_BIT); + + /* + * These Zen4 SoCs advertise support for virtualized VMLOAD/VMSAVE + * in some BIOS versions but they can lead to random host reboots. + */ + switch (c->x86_model) { + case 0x18 ... 0x1f: + case 0x60 ... 0x7f: + clear_cpu_cap(c, X86_FEATURE_V_VMSAVE_VMLOAD); + break; + } } static void init_amd_zen5(struct cpuinfo_x86 *c) -- 2.25.1

Reply

Sign in to reply online Use email software

76

Age (days ago)

76

Last active (days ago)

3 comments

2 participants

tags

participants (2)

Heyuan Wang
patchwork bot