From nobody Wed Oct 29 21:57:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1761603472; cv=none;
	d=zohomail.com; s=zohoarc;
	b=UWOROpZABh3lmrvN84MfTszRhp7p1m10P+U61/4sCpZiRybCAsl7IJNIKVcp63HgrXBSplrrXDQed2jyuv4E5cfXibixUekCRhs66vmhPiG4a3vTN2JjS6b83fzWHncUaC6VnCazE3/pY8VFE7FIlbb0WzDSd0+yvURjJLNpyQM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1761603472;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=VE3mMInBfN23ll5cf6fJavclqS1vi+3CRHMmk9cq9v0=;
	b=UOSf+tNS/Gz9nDCTjXwaG4si+McpDRg9cCzt4ug3eYi5JU71MCGE11Wr1y9DRhIM30Z/1ZX2k7PkfIOtRmVY46+a7M4VOTWeo/aJmjSDR5elRkYeuJ6h6xcHfP4SdkdsIJz+h3yDfS0/8xOqVZGjVOk5ZcpUpYFInYKcWVgc7gk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1761603472072579.7265331557203;
 Mon, 27 Oct 2025 15:17:52 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1151820.1482355 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWZ-0000u4-Cb; Mon, 27 Oct 2025 22:17:11 +0000
Received: by outflank-mailman (output) from mailman id 1151820.1482355;
 Mon, 27 Oct 2025 22:17:11 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWZ-0000tY-8V; Mon, 27 Oct 2025 22:17:11 +0000
Received: by outflank-mailman (input) for mailman id 1151820;
 Mon, 27 Oct 2025 22:17:10 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=kuhB=5E=citrix.com=andrew.cooper3@srs-se1.protection.inumbo.net>)
 id 1vDVWY-0000qq-KB
 for xen-devel@lists.xenproject.org; Mon, 27 Oct 2025 22:17:10 +0000
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com
 [2a00:1450:4864:20::32e])
 by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id ae31aa1a-b382-11f0-9d16-b5c5bf9af7f9;
 Mon, 27 Oct 2025 23:17:09 +0100 (CET)
Received: by mail-wm1-x32e.google.com with SMTP id
 5b1f17b1804b1-47109187c32so28219825e9.2
 for <xen-devel@lists.xenproject.org>; Mon, 27 Oct 2025 15:17:10 -0700 (PDT)
Received: from localhost.localdomain (host-78-149-11-196.as13285.net.
 [78.149.11.196]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-475de57b156sm148785595e9.13.2025.10.27.15.17.08
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Oct 2025 15:17:08 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: ae31aa1a-b382-11f0-9d16-b5c5bf9af7f9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1761603429; x=1762208229;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=VE3mMInBfN23ll5cf6fJavclqS1vi+3CRHMmk9cq9v0=;
        b=XaMrKvBS4jAeD6AjzW8KlDjDOH0PwMRuxPVpLDzGvtLN2Lmj/IlZ7OwNyYHbeEixMr
         YwOUVhL43EvUbFDd1nsnYvMLgOq/GwGGP469Hk3ThJi014Euayct+mn5YX+x+RB5ISLC
         LjfGYnVZ7aCAOe+HNC6LgLgOP1i/IYfzrVVy4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761603429; x=1762208229;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VE3mMInBfN23ll5cf6fJavclqS1vi+3CRHMmk9cq9v0=;
        b=c+v3Ho6Th5f+WtpLhEdQBCdRrngsvlbX7izPhRwhLbi6I2EsnuspNE4OVUWQqSeWqa
         28Ulz2e9V22SqiJFC85WQ39LUjBxfsBxhG86dfl4U9aGBp+RS9z3Rn1oGlUiurOR06UF
         Ri4EqsNSnrbOPOicp2I7GjXESk55iIb/fyjSryEtK0kzBjN1OHUhrBRW1M4fxnFRlkJg
         mO2Ky3vDvvq8/fc5X/2+HRyRhd561ODV79eBCLGQnZcbzGWI/h35k26GRcIm9kq02mrr
         eNZ0Jne7WtR/6b+PI6Bepy9vse0C+IiTLScZVZt9QHPrQecaYFZ9pr4KDVX7s1p5wrlD
         GZVA==
X-Gm-Message-State: AOJu0Yw+eJi3CErNyABWyFxsKcDPi0zuiie5oGLFvOispiC2WtnFEjiP
	0Ns03Ewjaz96+JB6xdVetEHqGqiJWX+1noDRDfSEGrdCcBsP/0e3Ul5Kb+dTnwMvfXg0ngYxZjq
	U7jynKYWzHA==
X-Gm-Gg: ASbGncuQTsEeiCGWKFDB27CDzgewzjxY+fMticT/7T3Md9XQZO5Jg/1DLeKN7Lm53HU
	n1vl/fsB9/njqIFFSnJULUUO5OhoadSVwk3AlXbvdoUg4LNJG2fPiv57qeFSQrFnlbBr4N8gazS
	sJHYm2h6DcYlkmxI/PPLPZitkUK3wDgmHbvmu3Cxhxh4k3YY6C1R57NMNhC5vLgvEtg5ZmRF8Vx
	G8MHcJbCmkLD6/lU69lY7oNMdPgWdDX47RpnXItUQpep7J4RpEKkDNIl25imoZo0dABcu4fzJ/U
	+YYBRJSj/OTKzpQe2yTN08jDc/shxbXxgjkQw/HCXAzaDBlPHqqCUhRUBWR3jXccuLLvYdTfwa1
	8VSw3hnsUtxP1Lzamo+5VeCn7tiA3H2H9pOUYwOR/DzqZKGPMoJUgl726hwUiXQ4cvnRSgjFP0E
	h8PppnpA1rGM0sac2gCgl42EEYB4c41D6Mhp4YXZfa5fXaiz/RsFE9DjDDDZeZiw==
X-Google-Smtp-Source: 
 AGHT+IFco5yk1ZVisa4K7g88Lu+yzwh414XnzznpRCiRX4bvn+BssdTH6CW19Dw8EGBtpbi72Gqpdg==
X-Received: by 2002:a05:600c:46ca:b0:471:3b6:f2d with SMTP id
 5b1f17b1804b1-47717e7a668mr8381645e9.38.1761603429129;
        Mon, 27 Oct 2025 15:17:09 -0700 (PDT)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Jan Beulich <JBeulich@suse.com>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Subject: [PATCH v2 1/5] x86/ucode: Abort parallel load early on any control
 thread error
Date: Mon, 27 Oct 2025 22:16:58 +0000
Message-Id: <20251027221702.3362552-2-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
References: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1761603473754158500

EIO is not the only error that ucode_ops.apply_microcode() can produce.
EINVAL, EEXISTS and ENXIO can be generated too, each of which mean that Xen=
 is
unhappy in some way with the proposed blob.

Some of these can be bypassed with --force, which will cause the parallel l=
oad
to be attempted.

Fixes: 5ed12565aa32 ("microcode: rendezvous CPUs in NMI handler and load uc=
ode")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>
---
 xen/arch/x86/cpu/microcode/core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode=
/core.c
index 1b093bc98a58..2705bb43c97f 100644
--- a/xen/arch/x86/cpu/microcode/core.c
+++ b/xen/arch/x86/cpu/microcode/core.c
@@ -392,10 +392,10 @@ static int control_thread_fn(const struct microcode_p=
atch *patch,
         atomic_inc(&cpu_updated);
     atomic_inc(&cpu_out);
=20
-    if ( ret =3D=3D -EIO )
+    if ( ret )
     {
         printk(XENLOG_ERR
-               "Late loading aborted: CPU%u failed to update ucode\n", cpu=
);
+               "Late loading aborted: CPU%u failed to update ucode: %d\n",=
 cpu, ret);
         goto out;
     }
=20
--=20
2.39.5


From nobody Wed Oct 29 21:57:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1761603461; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RbrSpz7wv+Unal8R9Uib7ENU/KIC/57GhqLXtmUHR15Y7YXHgjkNHth4hsabeICHeiS6npd2+kjvmFVAFz1rUzxIKpjXcbLXckc8O9p06Afehc9Nt+3vbSXL21xkGX1uV27qT2krEhkyfFa3UHo+/4vmD031fnFDQwxQKGm4Wv4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1761603461;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=zNz4mTVPNtxMeu9h+MQKuVgbkjzrYqhNFMRtL45ybUE=;
	b=YcmYwIen1xS1MNjqbedWFEplt92qq/OK5/9pnGcizgeqAOcg4XdF5TTVYhyRw1Y3EBHT9vN2UvhZLvNganFFLPLYeNZtCJZJxzr0Sb/d4B6HJOfXjQn7+4Hjxcj5uRib8DdTyXY3iPBDI4FGVMYWjTF1CPIUUXSbGXE9IntnQsg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1761603461936804.4371985856222;
 Mon, 27 Oct 2025 15:17:41 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1151822.1482380 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWg-0001Yo-09; Mon, 27 Oct 2025 22:17:18 +0000
Received: by outflank-mailman (output) from mailman id 1151822.1482380;
 Mon, 27 Oct 2025 22:17:17 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWf-0001Yh-Tm; Mon, 27 Oct 2025 22:17:17 +0000
Received: by outflank-mailman (input) for mailman id 1151822;
 Mon, 27 Oct 2025 22:17:16 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=kuhB=5E=citrix.com=andrew.cooper3@srs-se1.protection.inumbo.net>)
 id 1vDVWe-0001Ic-2t
 for xen-devel@lists.xenproject.org; Mon, 27 Oct 2025 22:17:16 +0000
Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com
 [2a00:1450:4864:20::344])
 by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id af63349d-b382-11f0-980a-7dc792cee155;
 Mon, 27 Oct 2025 23:17:12 +0100 (CET)
Received: by mail-wm1-x344.google.com with SMTP id
 5b1f17b1804b1-475dd559b0bso35682225e9.1
 for <xen-devel@lists.xenproject.org>; Mon, 27 Oct 2025 15:17:12 -0700 (PDT)
Received: from localhost.localdomain (host-78-149-11-196.as13285.net.
 [78.149.11.196]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-475de57b156sm148785595e9.13.2025.10.27.15.17.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Oct 2025 15:17:09 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: af63349d-b382-11f0-980a-7dc792cee155
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1761603431; x=1762208231;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=zNz4mTVPNtxMeu9h+MQKuVgbkjzrYqhNFMRtL45ybUE=;
        b=EzZ/IplBfs+S06Mcxkm8CUNukif5XjUgmqpqCSIbR6KM64uiejbV3iONDGp7ZE4al/
         Kf/Z2NsOZKqnQ22AimdezH2EcyMj7xETKZmf3D4GRy2dFRXka6hU/ITrWBZI0HofeJsz
         4hdohd3qU/3kJldB+0TvMKuN0ySWoCTkrGYbM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761603431; x=1762208231;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=zNz4mTVPNtxMeu9h+MQKuVgbkjzrYqhNFMRtL45ybUE=;
        b=gUSISlBB64r66R2amGAvilWptJV7AsOHTkpo8P1qsiovqDdRlE2gNqbP7CHcC0/BZx
         SnmoD0K8FNkz+rtXTwLdMgUukuKTGDMhO2SS7jPg5h+wzUbjRb2ukCmul4d7XB1SZCVl
         coJjaJ80w5qX59qg6sZkXHwhZ9+N6EXqNKpkzMzW/jTbeTMw2cByiewDP20awJ3poPHr
         uvXtCT4Wy/kksmfArHABO0jSdWc+wFfD/Y+64o3abv51RoR4LvVyGEGBFVGJ2Gn+EaUT
         0aepmG0oeZ8RShwzV6iOAgVN+ajwdz4IbxrixT2axiBEIhKYmSrJ06Aad5RgmuWi/g9R
         8OYg==
X-Gm-Message-State: AOJu0Ywq72Abyp1M1TdEvKiSiccH32roWWo1VnCXdUGmKtZFQIv77FWC
	uuJIkSRrRuVJdirlz9HNMtxtftMqb6/G1JSoi/BHfOGjDR3xjMTwHCe4hXvgTqhH48x0UXvJy1O
	GBI1dJS4/QHm5
X-Gm-Gg: ASbGncvOBZv+09wi8HOh18uxvSua7RbkNeNWDjSaAR2taspIpq/a/4Y/ksSX+B8whZd
	A2cPpy0TEpWx63pradUMmPeHvEC4fp9GrSZaZ9Lrvyj5o3RTVgALXKh0Na4Pyky3G4LatI5aS0A
	7siJhePefiQ3H9amXeV8pP9oJ7+eO8wp8XBPXUIBnpAEUfhxwHQftO5o4wFTm0kgFBoclYWCByo
	Hw124vvpADDIRFe5S4ewd8K9bUsSaAhpv/2GTaeQYSeJCragZIryIOhsHJPArbJE3+fJiFb//fW
	H9Ftehi+1aPFibrI13etWX5k1fxGYgQzdQRsxKO0eGEdFgFQQ/ed6WYlnQOlZtwAFhqfUrAdKPi
	IXgCQoGoWNEYrOFTt6TEh73Zel+C57asjjVoAWGt/O9jeeGxFt9vLtm6DueD+yLWbOZbMriftYl
	gxJN+KPjXN4veT7qQ/VrtrJlP5jBaPOKhEDwJFdh8P1Gv9dhUSzS6kQZU/lc82+g==
X-Google-Smtp-Source: 
 AGHT+IH/DIdh+PJiHb4lt6fnHrJVdN/PpWd9oX/VV/PE/2u9n1h5QgzTgy0tK90sNVA1XPAvyp5BfA==
X-Received: by 2002:a05:600c:46d1:b0:471:115e:624b with SMTP id
 5b1f17b1804b1-47717e0aa7fmr10080035e9.17.1761603431129;
        Mon, 27 Oct 2025 15:17:11 -0700 (PDT)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Jan Beulich <JBeulich@suse.com>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Subject: [PATCH v2 2/5] x86/ucode: Refine TLB flush fix for AMD Fam17h CPUs
Date: Mon, 27 Oct 2025 22:16:59 +0000
Message-Id: <20251027221702.3362552-3-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
References: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1761603464883154100

In the time since Xen discovered this, Linux stubled on it too and AMD
produced a narrower fix, limited to Fam17h CPUs only.  To my knowledge,
there's no erratum or other public statement from AMD on the matter.

Adjust Xen to match the narrower fix.

Link: https://lore.kernel.org/lkml/ZyulbYuvrkshfsd2@antipodes/T/#u
Fixes: f19a199281a2 ("x86/AMD: flush TLB after ucode update")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>

v2:
 * Keep memory clobber.
---
 xen/arch/x86/cpu/microcode/amd.c    | 14 +++++++++++---
 xen/arch/x86/flushtlb.c             |  3 +--
 xen/arch/x86/include/asm/flushtlb.h |  5 +++++
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/=
amd.c
index 59332da2b827..457810182480 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -306,10 +306,18 @@ static int cf_check apply_microcode(const struct micr=
ocode_patch *patch,
     sig->rev =3D rev;
=20
     /*
-     * Some processors leave the ucode blob mapping as UC after the update.
-     * Flush the mapping to regain normal cacheability.
+     * Fam17h processors leave the mapping of the ucode as UC after the
+     * update.  Flush the mapping to regain normal cacheability.
+     *
+     * We do not know the granularity of mapping, and at 3200 bytes in size
+     * there is a good chance of crossing a 4k page boundary.  Shoot-down =
the
+     * start and end just to be safe.
      */
-    flush_area_local(patch, FLUSH_TLB_GLOBAL | FLUSH_ORDER(0));
+    if ( boot_cpu_data.family =3D=3D 0x17 )
+    {
+        invlpg(patch);
+        invlpg((const void *)patch + F17H_MPB_MAX_SIZE - 1);
+    }
=20
     /* check current patch id and patch's id for match */
     if ( hw_err || (rev !=3D patch->patch_id) )
diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c
index 94b2a30e8d30..09e676c151fa 100644
--- a/xen/arch/x86/flushtlb.c
+++ b/xen/arch/x86/flushtlb.c
@@ -222,8 +222,7 @@ unsigned int flush_area_local(const void *va, unsigned =
int flags)
                 }
             }
             else
-                asm volatile ( "invlpg %0"
-                               : : "m" (*(const char *)(va)) : "memory" );
+                invlpg(va);
         }
         else
             do_tlb_flush();
diff --git a/xen/arch/x86/include/asm/flushtlb.h b/xen/arch/x86/include/asm=
/flushtlb.h
index 019d886f2b80..7bcbca2b7f31 100644
--- a/xen/arch/x86/include/asm/flushtlb.h
+++ b/xen/arch/x86/include/asm/flushtlb.h
@@ -98,6 +98,11 @@ static inline unsigned long read_cr3(void)
     return cr3;
 }
=20
+static inline void invlpg(const void *p)
+{
+    asm volatile ( "invlpg %0" :: "m" (*(const char *)p) : "memory" );
+}
+
 /* Write pagetable base and implicitly tick the tlbflush clock. */
 void switch_cr3_cr4(unsigned long cr3, unsigned long cr4);
=20
--=20
2.39.5


From nobody Wed Oct 29 21:57:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1761603469; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ja1AQQy+Sa8OEGn234k//H1cvlLhKJMn70i/qBZamGqftKy5nkMiI4qISuhNEaQ6pavgw+xgZwKNcoo25ZD+EqVDuHaq+Hwm2E3lPf5teR//VCuauSXv5fhkKgysTVdKNXs7/3buAJESgAmQ0Hsql1G2cxpN/aU0oO9JdoPxII8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1761603469;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=XPm17Di3amUuRs7iaGe/NVQW8x+O/P1o19S+UioYfX4=;
	b=M4SjqY68I1Eg3/opevROTchq15yl5BRTpY4cV6ofzmDRwg+J5vyE4KCq9vBIAWQuq39yct3PNTesxClIWeItQB2u1OL6+6Xm/3m6pdAMMsnavoNlyXxtLwFx9c10taxbsX8a1Ns85r82en62crvKkiuDn+bJOKsCiB1uHdXJsVQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1761603469733968.9304495644922;
 Mon, 27 Oct 2025 15:17:49 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1151823.1482386 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWg-0001bh-Ah; Mon, 27 Oct 2025 22:17:18 +0000
Received: by outflank-mailman (output) from mailman id 1151823.1482386;
 Mon, 27 Oct 2025 22:17:18 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWg-0001aw-5X; Mon, 27 Oct 2025 22:17:18 +0000
Received: by outflank-mailman (input) for mailman id 1151823;
 Mon, 27 Oct 2025 22:17:16 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=kuhB=5E=citrix.com=andrew.cooper3@srs-se1.protection.inumbo.net>)
 id 1vDVWe-0001Ic-9j
 for xen-devel@lists.xenproject.org; Mon, 27 Oct 2025 22:17:16 +0000
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com
 [2a00:1450:4864:20::334])
 by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id afef5a8b-b382-11f0-980a-7dc792cee155;
 Mon, 27 Oct 2025 23:17:12 +0100 (CET)
Received: by mail-wm1-x334.google.com with SMTP id
 5b1f17b1804b1-475dc6029b6so24869555e9.0
 for <xen-devel@lists.xenproject.org>; Mon, 27 Oct 2025 15:17:12 -0700 (PDT)
Received: from localhost.localdomain (host-78-149-11-196.as13285.net.
 [78.149.11.196]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-475de57b156sm148785595e9.13.2025.10.27.15.17.11
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Oct 2025 15:17:11 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: afef5a8b-b382-11f0-980a-7dc792cee155
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1761603432; x=1762208232;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=XPm17Di3amUuRs7iaGe/NVQW8x+O/P1o19S+UioYfX4=;
        b=YPwluO88tbplUvDbaVvksuQo9tWa45DeX2bNtRXjXQpOURAJXwg6ms9io3jPlXNgpc
         1mKgVyJs1io66cBtQXG710TCJZCLaxrcp3z8yi8XbKEZxSCT/s6K98MpCrAEcoZ62+Lf
         DuC5KfiQoXa0qhvsZjcyaHTXZ2YiJ8pdmWPdY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761603432; x=1762208232;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=XPm17Di3amUuRs7iaGe/NVQW8x+O/P1o19S+UioYfX4=;
        b=iezyh/hOw5C8SqEac8WHnypzIkagchbJgT5dG5AMD5zaZQD10MN449dc4HhJU1rkm7
         XgP/teE2ofnNlDDmSOnMUnhoqNsz3SFniQ3qU35ndC+T0e8lFnRKNFCCCtYw9pOxCMuf
         DB759KOFK6EmPYqplqvOwuQoQ1gAXe8eV+QM6hDXht2CMrVVE+SKXlDrWQ0DAww6ohQH
         mu1jZzo2hwNC6db7kOMUyOEQVlYI4CoGKidovjgnjSW7UGaVJEGRXDyWKRDbKXg6cG1w
         83rfCkubzeES3lXxpvhe9BRpACXQuEDPbHd8nmXqrU+6WpjPomz+Ppw2a8gqW8lnPeAU
         k0Qw==
X-Gm-Message-State: AOJu0YzuuMbf1WeqZySpvYHDAC5jep8yp7q8hHSgIBL6eSH/lWnjNiUx
	vTnuDokjut0X31WKR6qG5adxneYdyFBq7GP2Ogn+pKX0H7Ms/BP9BV2VTrFEqARi/HdeW6jnOPi
	3cZR9Ti1W4w==
X-Gm-Gg: ASbGncu/BF4eksZeRPnc+J/bOpg5dBpc0Q8cCP7fSRLo2YZzVKhz019XrTWRjCNmp/2
	q/7J0lGZQAqogEWxN+fEz0vdw1RDDYk7vHMxvCpyvVtJldVkMBhKMx0d5KDKR0kl2Qtv8JFMWK0
	UANOjh/MhNaMzADEG2Zp1ifcFtCEOEB+K4E3scxyji+tQkIOTrv4GtkuqEe+0lMPvZnD2k+Ogse
	O8iBgXZqrZWNRthiLLHhCUMZ5oEe/uQruCfF6ALLQzyCLTvO+UMjK9HzoX7bnJbskH57R9COzub
	GarX+bnhITGQsCPg1kQjC4M7dkToLpK6SR+RGXKB5rVPWgWHFFoyfbbcfyNNXYn2lsFxe1GtDIe
	VY8t9zjqQlf7fD2760ndF4wrCAneDTK8s5hgL4zuLQkZuFqyxGd7Xe/rLt/bcw4AoFb+v9sROeW
	5KBanaB2mfvR7eupuMXTjbTb+Bq0VSPHB8ujOQMEvLL6bS+p8kHbqXMYQ9EuRNIQ==
X-Google-Smtp-Source: 
 AGHT+IGyGGwCvSA4pNerPIhK4CDh5ZKSm26JQnco8GOmtCPBU7D7ZzSoNfYoZcvIvLPZwMT7r050TA==
X-Received: by 2002:a05:600d:8354:b0:471:1717:421 with SMTP id
 5b1f17b1804b1-47717e523e5mr7630105e9.19.1761603432062;
        Mon, 27 Oct 2025 15:17:12 -0700 (PDT)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <jbeulich@suse.com>,
	Jan Beulich <JBeulich@suse.com>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Subject: [PATCH v2 3/5] x86/ucode: Cross check the minimum revision
Date: Mon, 27 Oct 2025 22:17:00 +0000
Message-Id: <20251027221702.3362552-4-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
References: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1761603472855154100

For Zen3-5 microcode blobs signed with the updated signature scheme, the
checksum field has been reused to be a min_revision field, referring to the
microcode revision which fixed Entrysign (SB-7033, CVE-2024-36347).

Cross-check this when trying to load microcode, but allow --force to overri=
de
it.  If the signature scheme is genuinely different, a #GP will occur.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>

v2:
 * Tweak comment
---
 xen/arch/x86/cpu/microcode/amd.c | 49 +++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/=
amd.c
index 457810182480..ba03401c24c5 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -42,7 +42,10 @@ struct microcode_patch {
     uint8_t  mc_patch_data_id[2];
     uint8_t  mc_patch_data_len;
     uint8_t  init_flag;
-    uint32_t mc_patch_data_checksum;
+    union {
+        uint32_t checksum; /* Fam12h and earlier */
+        uint32_t min_rev;  /* Zen3-5, post Entrysign */
+    };
     uint32_t nb_dev_id;
     uint32_t sb_dev_id;
     uint16_t processor_rev_id;
@@ -270,6 +273,42 @@ static int cf_check amd_compare(
     return compare_revisions(old->patch_id, new->patch_id);
 }
=20
+/*
+ * Check whether this patch has a minimum revision given, and whether the
+ * condition is satisfied.
+ *
+ * In linux-firmware for CPUs suffering from the Entrysign vulnerability,
+ * ucodes signed with the updated signature algorithm have reused the chec=
ksum
+ * field as a min-revision field.  From public archives, the checksum field
+ * appears to have been unused since Fam12h.
+ *
+ * Returns false if there is a min revision given, and it suggests that th=
at
+ * the patch cannot be loaded on the current system.  True otherwise.
+ */
+static bool check_min_rev(const struct microcode_patch *patch)
+{
+    ASSERT(microcode_fits_cpu(patch));
+
+    if ( patch->processor_rev_id < 0xa000 || /* pre Zen3? */
+         patch->min_rev =3D=3D 0 )               /* No min rev specified */
+        return true;
+
+    /*
+     * Sanity check, as this is a reused field.  If this is a true
+     * min_revision field, it will differ only in the bottom byte from the
+     * patch_id.  Otherwise, it's probably a checksum.
+     */
+    if ( (patch->patch_id ^ patch->min_rev) & ~0xff )
+    {
+        printk(XENLOG_WARNING
+               "microcode: patch %#x has unexpected min_rev %#x\n",
+               patch->patch_id, patch->min_rev);
+        return true;
+    }
+
+    return this_cpu(cpu_sig).rev >=3D patch->min_rev;
+}
+
 static int cf_check apply_microcode(const struct microcode_patch *patch,
                                     unsigned int flags)
 {
@@ -299,6 +338,14 @@ static int cf_check apply_microcode(const struct micro=
code_patch *patch,
         return -ENXIO;
     }
=20
+    if ( !ucode_force && !check_min_rev(patch) )
+    {
+        printk(XENLOG_ERR
+               "microcode: CPU%u current rev %#x below patch min_rev %#x\n=
",
+               cpu, sig->rev, patch->min_rev);
+        return -ENXIO;
+    }
+
     hw_err =3D wrmsr_safe(MSR_AMD_PATCHLOADER, (unsigned long)patch);
=20
     /* get patch id after patching */
--=20
2.39.5


From nobody Wed Oct 29 21:57:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1761603465; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nLaurQVzPVYWpplZDOyPrRngjfxX5MHf5b59r7zjdASMIqXv3gDGxHrG9RBP62HLa+qbhm+NVx19aEE6nP35CpLPW6ET0ItUHSA08koB/dnQN9a3xTGbw/eWr8aJ0w2D8PRwi78h0vaEziyWyJyZWeqlDF81ZYzbCECrPI/mVTw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1761603465;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=HRb3Jw+qFvvrwxz5YnrcR3ptz6rfonv1hlEmJw7OD20=;
	b=BSQI07JdoVTPhSPfDlL9aCPwQmPMdXE+a/tC5CeZLrRfCTGXlmwvRNU3A6+Q3A/XBrH3hHlodj8MujKD/XjjSwM6qnD7/FhPMjUwaXTon/rc5lSBhmiX8bsF6735xglc4Lua5U2cNA4mAOaGFe7/b36JAV5bwJk+zVaj2k1l7RA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1761603465229712.2958721143576;
 Mon, 27 Oct 2025 15:17:45 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1151821.1482371 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWe-0001Jz-Ki; Mon, 27 Oct 2025 22:17:16 +0000
Received: by outflank-mailman (output) from mailman id 1151821.1482371;
 Mon, 27 Oct 2025 22:17:16 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWe-0001Js-HK; Mon, 27 Oct 2025 22:17:16 +0000
Received: by outflank-mailman (input) for mailman id 1151821;
 Mon, 27 Oct 2025 22:17:14 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=kuhB=5E=citrix.com=andrew.cooper3@srs-se1.protection.inumbo.net>)
 id 1vDVWc-0000qq-Qc
 for xen-devel@lists.xenproject.org; Mon, 27 Oct 2025 22:17:14 +0000
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com
 [2a00:1450:4864:20::32f])
 by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id b0e3b099-b382-11f0-9d16-b5c5bf9af7f9;
 Mon, 27 Oct 2025 23:17:14 +0100 (CET)
Received: by mail-wm1-x32f.google.com with SMTP id
 5b1f17b1804b1-4710022571cso54120065e9.3
 for <xen-devel@lists.xenproject.org>; Mon, 27 Oct 2025 15:17:14 -0700 (PDT)
Received: from localhost.localdomain (host-78-149-11-196.as13285.net.
 [78.149.11.196]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-475de57b156sm148785595e9.13.2025.10.27.15.17.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Oct 2025 15:17:13 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: b0e3b099-b382-11f0-9d16-b5c5bf9af7f9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1761603434; x=1762208234;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=HRb3Jw+qFvvrwxz5YnrcR3ptz6rfonv1hlEmJw7OD20=;
        b=nuTGTm2pfO9ExTvps2BmYOGHlVs9pe4VDs7yZN+kZpgqUEZo3CyTJjKw/5CFMlpqLg
         XlcQNj3eaSFuVdQEeyotquUFTI1PG0YhecHg5yXOkTQopmq2YvIwgwPJWlXiMjzwoFRM
         FV3iBSAgAND5FRdZy504hDMi0rkPCjetmkOOs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761603434; x=1762208234;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=HRb3Jw+qFvvrwxz5YnrcR3ptz6rfonv1hlEmJw7OD20=;
        b=SaXjwNPEg4lmf9H+73LUnBuytZ8Z23ntnwyeovn4it5fLPa9X8Nz6N4udc3CJ/oEbz
         Ul/EO8sWfcA6fxepArwwp0JjYIdk0tKCi9pQm2A4nZEWZQLVq7Lr117cF50DzU0Ghsco
         3GxZ9yx+oJHSQa0Y6LHon5ay6oyUSa6j9NVbnIgoQlAn7T3CBCyI9Kb1ocxPyyiAphmg
         2CqLGjOrH4Qq5dIRdvvxHaK32vIFKGvCiTkHRO/GF1uMcief7vrLZZ/SqRbSBGU2rftW
         HDVdZwQQjq5AtIrUPWIuYmL9jJK9/q/EiyvUM+bfIF4clLc5EYuL1ys3cEdMAv4yw0TQ
         fclw==
X-Gm-Message-State: AOJu0YyMh2uKBWa/5cIIs5y2GyPgENWngQy29tY4XW2Op7uYcGvgGemo
	icqU317qb7wBlxjlbJXqSlDnOeAlMmy3/OhmP6H/YKgkSItnlQuWfvV4fzWTsnS65SRMJfIaV/T
	OVy567T1xSQ==
X-Gm-Gg: ASbGnctWvLVmaqRN+3vAeeoBcpdPVC4mVDhDNgB1dCpR5z2AaSGrHOIZ1Tfv+ghv7tu
	xLM2KEUBt1Y8ZWmyZ29Ya1xba1nRqdfkf0x7Ug+f4MXfBgvgyl3hV2sIgajVZfBzLqjI7A5ROfB
	FgzmlmvxlPSbSBCKxrj/yh3PGaeBxaQT/punHFBnNy9P4qzMVNRgg8Ne88nST3tOCc+jn2U8dlS
	ivT7D2vxvBSQ18CF0uwQ2Ww1j1RDGILH//1FM4PqYcJwcaGRsp88vy2NZcWS8/vyIEDO+r+kA7q
	Qf09iUhlNtGY+OF2dQmIMQ9LD4ysEXOMTwTOOUBA3zepT9gtWufMDAuroIJ3g0XCu6Q6+DWEKzU
	Nb5+PkzGwUtg8hwXmEaTiaXNXATErCYbCw/rdkdIdoBM6cbPRqzleQ0VtSJ/stABmOahapH9sAv
	NhYMDN/RZkCp/kXFJxsuRRagMFr0tSXWvUMSHBYNagUzDkd/ojDQNBLo4xa2oK8aGF7yPNrpY2
X-Google-Smtp-Source: 
 AGHT+IEGKjPrj7DutQQf+/r1Lsj1NVUMihfvhl9Xea7SWvs7akm5IzTg1SL40a1LjMr6ksS7B8G46w==
X-Received: by 2002:a05:600c:64cf:b0:477:19bc:1fe2 with SMTP id
 5b1f17b1804b1-47719bc2044mr632735e9.6.1761603433663;
        Mon, 27 Oct 2025 15:17:13 -0700 (PDT)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <JBeulich@suse.com>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Subject: [PATCH v2 4/5] x86/ucode: Refine the boundary checks for Entrysign
Date: Mon, 27 Oct 2025 22:17:01 +0000
Message-Id: <20251027221702.3362552-5-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
References: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1761603471996158500

After initial publication, the SB-7033 / CVE-2024-36347 bulletin was updated
to list Zen5 CPUs as vulnerable.  Use Fam1ah as an upper bound, and adjust =
the
command line documentation.

When the Zen6 (also Fam1ah processors) model numbers are known, they'll want
excluding from the family ranges.

Fixes: 630e8875ab36 ("x86/ucode: Perform extra SHA2 checks on AMD Fam17h/19=
h microcode")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>

v2:
 * New
---
 docs/misc/xen-command-line.pandoc | 7 ++++---
 xen/arch/x86/cpu/microcode/amd.c  | 9 +++++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line=
.pandoc
index 28a98321c762..34004ce282be 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -2826,9 +2826,10 @@ stop_machine context. In NMI handler, even NMIs are =
blocked, which is
 considered safer. The default value is `true`.
=20
 The `digest-check=3D` option is active by default and controls whether to
-perform additional authenticity checks.  Collisions in the signature algor=
ithm
-used by AMD Fam17h/19h processors have been found.  Xen contains a table of
-digests of microcode patches with known-good provenance, and will block
+perform additional authenticity checks.  The Entrysign vulnerability (AMD
+SB-7033, CVE-2024-36347) on Zen1-5 processors allows forging the signature=
 on
+arbitrary microcode such that it is accepted by the CPU.  Xen contains a t=
able
+of digests of microcode patches with known-good provenance, and will block
 loading of patches that do not match.
=20
 ### unrestricted_guest (Intel)
diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/=
amd.c
index ba03401c24c5..f331d9dfee6e 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -125,7 +125,7 @@ static bool check_digest(const struct container_microco=
de *mc)
      * microcode updates.  Mitigate by checking the digest of the patch
      * against a list of known provenance.
      */
-    if ( boot_cpu_data.family < 0x17 ||
+    if ( boot_cpu_data.family < 0x17 || boot_cpu_data.family > 0x1a ||
          !opt_digest_check )
         return true;
=20
@@ -571,7 +571,12 @@ static const struct microcode_ops __initconst_cf_clobb=
er amd_ucode_ops =3D {
=20
 void __init ucode_probe_amd(struct microcode_ops *ops)
 {
-    if ( !opt_digest_check && boot_cpu_data.family >=3D 0x17 )
+    /*
+     * The Entrysign vulnerability (SB-7033, CVE-2024-36347) affects Zen1-5
+     * CPUs.  Taint Xen if digest checking is turned off.
+     */
+    if ( boot_cpu_data.family >=3D 0x17 && boot_cpu_data.family <=3D 0x1a =
&&
+         !opt_digest_check )
     {
         printk(XENLOG_WARNING
                "Microcode patch additional digest checks disabled\n");
--=20
2.39.5


From nobody Wed Oct 29 21:57:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1761603465; cv=none;
	d=zohomail.com; s=zohoarc;
	b=AJ4JItbnYJfz+U4V4plTwYWyT6WGVKp6IdTai0M9AP73k+KCkGbcMzKaXZuFzBxNacMQdmZwM3wpeURrNIiXfqr+ySIR18lrywuJg9NmjRIhvedIGj3rkeS8/fIYNt6kCGrkpa9B/NWe/fkbF2Vl/yMv5N0yD+AgwKsZb5FER8E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1761603465;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=vFg+MrgS3JAmSaxfSKWCNpVbupEI6lxBhJ1JFipFx3s=;
	b=OUDv900zwwO8gdcd5jTptE+WNFaL7GqK5mcCV6twY0+SgKQwTg2PiBgm6cFqZd3VJYXr5FzHIoveJS/v9RRGJyTcwTwtVSUKFOP8Qt/tfJ1ukdmXIUjG4zwRd5zvrmeBgjW24sf8zBS2R1g/AhME5JCdimWgYUYyGKFV06wACtI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1761603465300199.69677487657646;
 Mon, 27 Oct 2025 15:17:45 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1151824.1482391 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWg-0001fc-MD; Mon, 27 Oct 2025 22:17:18 +0000
Received: by outflank-mailman (output) from mailman id 1151824.1482391;
 Mon, 27 Oct 2025 22:17:18 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1vDVWg-0001e7-Dx; Mon, 27 Oct 2025 22:17:18 +0000
Received: by outflank-mailman (input) for mailman id 1151824;
 Mon, 27 Oct 2025 22:17:16 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=kuhB=5E=citrix.com=andrew.cooper3@srs-se1.protection.inumbo.net>)
 id 1vDVWe-0000qq-MZ
 for xen-devel@lists.xenproject.org; Mon, 27 Oct 2025 22:17:16 +0000
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com
 [2a00:1450:4864:20::32d])
 by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id b1e9955c-b382-11f0-9d16-b5c5bf9af7f9;
 Mon, 27 Oct 2025 23:17:16 +0100 (CET)
Received: by mail-wm1-x32d.google.com with SMTP id
 5b1f17b1804b1-47112a73785so33421095e9.3
 for <xen-devel@lists.xenproject.org>; Mon, 27 Oct 2025 15:17:16 -0700 (PDT)
Received: from localhost.localdomain (host-78-149-11-196.as13285.net.
 [78.149.11.196]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-475de57b156sm148785595e9.13.2025.10.27.15.17.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 27 Oct 2025 15:17:14 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: b1e9955c-b382-11f0-9d16-b5c5bf9af7f9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1761603435; x=1762208235;
 darn=lists.xenproject.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=vFg+MrgS3JAmSaxfSKWCNpVbupEI6lxBhJ1JFipFx3s=;
        b=DKjt0p7y+txA/YAkY+LE6bqMHzpKgW/nbIWg8Zjd6u3aQNmY697ytb1Uxx7UX8VC8r
         8PYIpO4ZEyGwzlostwd1ypGJwW4D2iTyvFsCWhXLLDBUobNdpJAu0YbyAHvNS/e9tH3T
         Ru4uZ6sni2YgMQMPPMOhuNdMGpRSiGAzu2w3s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1761603435; x=1762208235;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vFg+MrgS3JAmSaxfSKWCNpVbupEI6lxBhJ1JFipFx3s=;
        b=c36r8FzIHYPm7Yu5GIQiInEgYWl/bARXBqbaJ2QlmKzOkrUm+AnZxlReqfPAULe6PG
         POsascIUa5aHxmK+rZqCX9MgpQr9gXofYPpbzFz79+QetOGFdAKEzSSKJTvMPebebePR
         9sIRKn1BnsJ81Sy4cdI9R5+uOfZIWAAgDTPHMB4ruSiIsiDKfYeZoOSf1u6uYteiuGHN
         wsFcKI8juCWCd46dSgVW8+FiBLAl84Hs3c5RRdjnOHiEoL8MnFiXUKCIMzA9Yfaa4dgv
         BlH8Y5DGC5VbFYlihWtPAMNuJIMJw5RvAQCrI0NcTpMF8cjJWkN4D+QLDeNFlY+SZXhD
         CLHw==
X-Gm-Message-State: AOJu0YzU/lQ2KAMP7s6kOwnQby3hlSCtdgQZSiql+KzlQmtyp1UD4Oyh
	A9EhEZ+O4j+0UVam/ez2JAX1vynjn6Vly3YJOaYuF4a9NXFdIOdbSDlbwq0Ky9LyIObbWYOeYgB
	lf4t3EV5/LA==
X-Gm-Gg: ASbGncup6zajhhpUvnCHj5NZAdKGewXEl89BTSM2XBks1JvjQNNsr6JPNc02VFfamLP
	tkOVfbaZ0quzPJCgqGNcw9VZAwYoovhhlWGejbAAh0mfHcHQyOxooTagymLc5t2pCanMJ+CQD/B
	PJZ3pA12YaqEw+54QiHKx1/wjHr4OO2LRYLFylLUD/Ai0jy9nsb/qZGCsA7phdKTj4Tfb0l9PD3
	ZrpMbLdiP1ifYC80Ta8ZwSKclzVBL3r4BR4hktAUrB7A+ozbVp37HElcmqBuZmtj48mRzRptu3f
	QOjzP4VZuSvN+ewH4F6GT+gSGmairPd6Zheu7l/wFx8Cc4Oc9w4CGhj46Et8lIHD4Xex4twPV5G
	lfe8LM+jspbu9Dr2OAdW6Ks1On/rUD+7MywpaKWFHVKgrMoHhRKzUG5yqCzXxuM5FPJE+KHC5T9
	kufEO5Y+hIGVmGGQJz9TYbRaJU4HFwDNTfPsRiEXUUzEBa1vFXornGPRmM1gkFjQ==
X-Google-Smtp-Source: 
 AGHT+IENdA4LEWfkLT3/8rVPLBEAQi17VCw5WRhElf149pX1W+1DZrAxUoANYp+daQSVSVKX1TI7iQ==
X-Received: by 2002:a05:600c:6215:b0:46e:33b2:c8da with SMTP id
 5b1f17b1804b1-47717e416admr11550005e9.32.1761603435386;
        Mon, 27 Oct 2025 15:17:15 -0700 (PDT)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <JBeulich@suse.com>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
Subject: [PATCH v2 5/5] x86/ucode: Relax digest check when Entrysign is fixed
 in firmware
Date: Mon, 27 Oct 2025 22:17:02 +0000
Message-Id: <20251027221702.3362552-6-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
References: <20251027221702.3362552-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1761603466633154100

When Entrysign has been mitigated in firwmare, it is believed to be safe to
rely on the CPU patchloader again.  This avoids us needing to maintain the
digest table for all new microcode indefinitely.

Relax the digest check when firmware looks to be up to date, and leave behi=
nd
a clear message when not.

This is best-effort only.  If a malicious microcode has been loaded prior to
Xen running, then all bets are off.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>

v2:
 * Corrections to the revision table.
 * Updates to various comments.
 * Add a "WARNING: " prefix to the message about vulnerability
---
 xen/arch/x86/cpu/microcode/amd.c     | 86 +++++++++++++++++++++++++++-
 xen/arch/x86/cpu/microcode/core.c    |  2 +
 xen/arch/x86/cpu/microcode/private.h |  2 +
 3 files changed, 87 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/=
amd.c
index f331d9dfee6e..9ecf6c37d3f4 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -101,6 +101,7 @@ static const struct patch_digest {
 } patch_digests[] =3D {
 #include "amd-patch-digests.c"
 };
+static bool __ro_after_init entrysign_mitigiated_in_firmware;
=20
 static int cf_check cmp_patch_id(const void *key, const void *elem)
 {
@@ -122,11 +123,11 @@ static bool check_digest(const struct container_micro=
code *mc)
=20
     /*
      * Zen1 thru Zen5 CPUs are known to use a weak signature algorithm on
-     * microcode updates.  Mitigate by checking the digest of the patch
-     * against a list of known provenance.
+     * microcode updates.  If this has not been mitigated in firmware,
+     * checking the digest of the patch against a list of known provenance.
      */
     if ( boot_cpu_data.family < 0x17 || boot_cpu_data.family > 0x1a ||
-         !opt_digest_check )
+         entrysign_mitigiated_in_firmware || !opt_digest_check )
         return true;
=20
     pd =3D bsearch(&patch->patch_id, patch_digests, ARRAY_SIZE(patch_diges=
ts),
@@ -603,3 +604,82 @@ static void __init __constructor test_digests_sorted(v=
oid)
     }
 }
 #endif /* CONFIG_SELF_TESTS */
+
+/*
+ * The Entrysign vulnerability affects all Zen1 thru Zen5 CPUs.  Firmware
+ * fixes were produced from Nov 2024.  Zen3 thru Zen5 can continue to take
+ * OS-loadable microcode updates using a new signature scheme, as long as
+ * firmware has been updated first.
+ */
+void __init amd_check_entrysign(void)
+{
+    unsigned int curr_rev;
+    uint8_t fixed_rev;
+
+    if ( boot_cpu_data.vendor !=3D X86_VENDOR_AMD ||
+         boot_cpu_data.family < 0x17 ||
+         boot_cpu_data.family > 0x1a )
+        return;
+
+    /*
+     * Table taken from Linux, which is the only known source of informati=
on
+     * about client revisions.  Note, Linux expresses "last-vulnerable-rev"
+     * while Xen wants "first-fixed-rev".
+     */
+    curr_rev =3D this_cpu(cpu_sig).rev;
+    switch ( curr_rev >> 8 )
+    {
+    case 0x080012: fixed_rev =3D 0x78; break;
+    case 0x080082: fixed_rev =3D 0x10; break;
+    case 0x083010: fixed_rev =3D 0x7d; break;
+    case 0x086001: fixed_rev =3D 0x0f; break;
+    case 0x086081: fixed_rev =3D 0x09; break;
+    case 0x087010: fixed_rev =3D 0x35; break;
+    case 0x08a000: fixed_rev =3D 0x0b; break;
+    case 0x0a0010: fixed_rev =3D 0x7b; break;
+    case 0x0a0011: fixed_rev =3D 0xdb; break;
+    case 0x0a0012: fixed_rev =3D 0x44; break;
+    case 0x0a0082: fixed_rev =3D 0x0f; break;
+    case 0x0a1011: fixed_rev =3D 0x54; break;
+    case 0x0a1012: fixed_rev =3D 0x4f; break;
+    case 0x0a1081: fixed_rev =3D 0x0a; break;
+    case 0x0a2010: fixed_rev =3D 0x30; break;
+    case 0x0a2012: fixed_rev =3D 0x13; break;
+    case 0x0a4041: fixed_rev =3D 0x0a; break;
+    case 0x0a5000: fixed_rev =3D 0x14; break;
+    case 0x0a6012: fixed_rev =3D 0x0b; break;
+    case 0x0a7041: fixed_rev =3D 0x0a; break;
+    case 0x0a7052: fixed_rev =3D 0x09; break;
+    case 0x0a7080: fixed_rev =3D 0x0a; break;
+    case 0x0a70c0: fixed_rev =3D 0x0a; break;
+    case 0x0aa001: fixed_rev =3D 0x17; break;
+    case 0x0aa002: fixed_rev =3D 0x19; break;
+    case 0x0b0021: fixed_rev =3D 0x47; break;
+    case 0x0b1010: fixed_rev =3D 0x47; break;
+    case 0x0b2040: fixed_rev =3D 0x32; break;
+    case 0x0b4040: fixed_rev =3D 0x32; break;
+    case 0x0b6000: fixed_rev =3D 0x32; break;
+    case 0x0b7000: fixed_rev =3D 0x32; break;
+    default:
+        printk(XENLOG_WARNING
+               "Unrecognised CPU %02x-%02x-%02x ucode 0x%08x, assuming vul=
nerable to Entrysign\n",
+               boot_cpu_data.family, boot_cpu_data.model,
+               boot_cpu_data.stepping, curr_rev);
+        return;
+    }
+
+    /*
+     * This check is best-effort.  If the platform looks to be out of date=
, it
+     * probably is.  If the platform looks to be fixed, it either genuinely
+     * is, or malware has gotten in before Xen booted and all bets are off.
+     */
+    if ( (uint8_t)curr_rev >=3D fixed_rev )
+    {
+        entrysign_mitigiated_in_firmware =3D true;
+        return;
+    }
+
+    printk(XENLOG_WARNING
+           "WARNING: Platform vulnerable to Entrysign (SB-7033, CVE-2024-3=
6347) - firmware update required\n");
+    add_taint(TAINT_CPU_OUT_OF_SPEC);
+}
diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode=
/core.c
index 2705bb43c97f..1d1a5aa4b097 100644
--- a/xen/arch/x86/cpu/microcode/core.c
+++ b/xen/arch/x86/cpu/microcode/core.c
@@ -750,6 +750,8 @@ static int __init early_microcode_load(struct boot_info=
 *bi)
     int idx =3D opt_mod_idx;
     int rc;
=20
+    amd_check_entrysign();
+
     /*
      * Cmdline parsing ensures this invariant holds, so that we don't end =
up
      * trying to mix multiple ways of finding the microcode.
diff --git a/xen/arch/x86/cpu/microcode/private.h b/xen/arch/x86/cpu/microc=
ode/private.h
index f5e2bfee00d9..e6c965dc99dd 100644
--- a/xen/arch/x86/cpu/microcode/private.h
+++ b/xen/arch/x86/cpu/microcode/private.h
@@ -81,8 +81,10 @@ extern bool opt_digest_check;
  */
 #ifdef CONFIG_AMD
 void ucode_probe_amd(struct microcode_ops *ops);
+void amd_check_entrysign(void);
 #else
 static inline void ucode_probe_amd(struct microcode_ops *ops) {}
+static inline void amd_check_entrysign(void) {}
 #endif
=20
 #ifdef CONFIG_INTEL
--=20
2.39.5