Keeps around the microcode revision reading logic, as that's security
sensitive to detect out-of-date patforms and report them.
Move cpu_sig to base.c, because that's externally visible symbol outside
the microcode subsystem and we need it always accesible.
Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
---
xen/arch/x86/Kconfig | 12 ++++++++++++
xen/arch/x86/cpu/microcode/Makefile | 6 +++---
xen/arch/x86/cpu/microcode/amd-base.c | 9 +++++++--
xen/arch/x86/cpu/microcode/base.c | 21 +++++++++++----------
xen/arch/x86/cpu/microcode/core.c | 1 -
xen/arch/x86/cpu/microcode/intel-base.c | 6 ++++--
xen/arch/x86/efi/efi-boot.h | 2 +-
xen/arch/x86/platform_hypercall.c | 2 ++
8 files changed, 40 insertions(+), 19 deletions(-)
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 3f0f3a0f3a..948dd00dbc 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -330,8 +330,20 @@ config REQUIRE_NX
was unavailable. However, if enabled, Xen will no longer boot on
any CPU which is lacking NX support.
+config UCODE
+ bool "Microcode loading"
+ default y
+ help
+ Support updating the microcode revision of available CPUs with a newer
+ vendor-provided microcode blob. Microcode updates address some classes of
+ silicon defects. It's a very common delivery mechanism for fixes or
+ workarounds for speculative execution vulnerabilities.
+
+ If unsure, say Y
+
config UCODE_SCAN_DEFAULT
bool "Scan for microcode by default"
+ depends on UCODE
help
During boot, Xen can scan the multiboot images for a CPIO archive
containing CPU microcode to be loaded, which is Linux's mechanism for
diff --git a/xen/arch/x86/cpu/microcode/Makefile b/xen/arch/x86/cpu/microcode/Makefile
index 765195ada3..4ec38b56a2 100644
--- a/xen/arch/x86/cpu/microcode/Makefile
+++ b/xen/arch/x86/cpu/microcode/Makefile
@@ -1,6 +1,6 @@
-obj-$(CONFIG_AMD) += amd.o
+obj-$(filter $(CONFIG_AMD),$(CONFIG_UCODE)) += amd.o
obj-$(CONFIG_AMD) += amd-base.o
obj-y += base.o
-obj-y += core.o
-obj-$(CONFIG_INTEL) += intel.o
+obj-$(CONFIG_UCODE) += core.o
+obj-$(filter $(CONFIG_INTEL),$(CONFIG_UCODE)) += intel.o
obj-$(CONFIG_INTEL) += intel-base.o
diff --git a/xen/arch/x86/cpu/microcode/amd-base.c b/xen/arch/x86/cpu/microcode/amd-base.c
index f8f5fac1e1..4e705fe602 100644
--- a/xen/arch/x86/cpu/microcode/amd-base.c
+++ b/xen/arch/x86/cpu/microcode/amd-base.c
@@ -22,19 +22,23 @@ static void cf_check collect_cpu_info(void)
}
static const struct microcode_ops __initconst_cf_clobber amd_ucode_ops = {
- .cpu_request_microcode = amd_cpu_request_microcode,
.collect_cpu_info = collect_cpu_info,
+#ifdef CONFIG_UCODE
+ .cpu_request_microcode = amd_cpu_request_microcode,
.apply_microcode = amd_apply_microcode,
.compare = amd_compare,
.cpio_path = amd_cpio_path,
+#endif /* CONFIG_UCODE */
};
void __init ucode_probe_amd(struct microcode_ops *ops)
{
/*
* The Entrysign vulnerability (SB-7033, CVE-2024-36347) affects Zen1-5
- * CPUs. Taint Xen if digest checking is turned off.
+ * CPUs. Taint Xen if digest checking is turned off and microcode loading is
+ * compiled in.
*/
+#ifdef CONFIG_UCODE
if ( boot_cpu_data.family >= 0x17 && boot_cpu_data.family <= 0x1a &&
!opt_digest_check )
{
@@ -42,6 +46,7 @@ void __init ucode_probe_amd(struct microcode_ops *ops)
"Microcode patch additional digest checks disabled\n");
add_taint(TAINT_CPU_OUT_OF_SPEC);
}
+#endif /* CONFIG_UCODE */
if ( boot_cpu_data.family < 0x10 )
return;
diff --git a/xen/arch/x86/cpu/microcode/base.c b/xen/arch/x86/cpu/microcode/base.c
index 895ee78d2e..3e0b5a7447 100644
--- a/xen/arch/x86/cpu/microcode/base.c
+++ b/xen/arch/x86/cpu/microcode/base.c
@@ -13,6 +13,7 @@
#include "private.h"
struct microcode_ops __ro_after_init ucode_ops;
+DEFINE_PER_CPU(struct cpu_signature, cpu_sig);
int microcode_update_one(void)
{
@@ -23,6 +24,9 @@ int microcode_update_one(void)
if ( ucode_ops.collect_cpu_info )
alternative_vcall(ucode_ops.collect_cpu_info);
+ if ( !IS_ENABLED(CONFIG_UCODE) )
+ return 0;
+
return _microcode_update_one();
}
@@ -30,16 +34,10 @@ int __init early_microcode_init(struct boot_info *bi)
{
const struct cpuinfo_x86 *c = &boot_cpu_data;
- switch ( c->vendor )
- {
- case X86_VENDOR_AMD:
+ if ( IS_ENABLED(CONFIG_AMD) && c->vendor == X86_VENDOR_AMD )
ucode_probe_amd(&ucode_ops);
- break;
-
- case X86_VENDOR_INTEL:
+ else if ( IS_ENABLED(CONFIG_INTEL) && c->vendor == X86_VENDOR_INTEL )
ucode_probe_intel(&ucode_ops);
- break;
- }
if ( !ucode_ops.collect_cpu_info )
{
@@ -60,10 +58,13 @@ int __init early_microcode_init(struct boot_info *bi)
*
* Take the hint in either case and ignore the microcode interface.
*/
- if ( !ucode_ops.apply_microcode || this_cpu(cpu_sig).rev == ~0 )
+ if ( !IS_ENABLED(CONFIG_UCODE) || !ucode_ops.apply_microcode ||
+ this_cpu(cpu_sig).rev == ~0 )
{
printk(XENLOG_INFO "Microcode loading disabled due to: %s\n",
- ucode_ops.apply_microcode ? "rev = ~0" : "HW toggle");
+ !IS_ENABLED(CONFIG_UCODE) ? "not compiled-in" :
+ ucode_ops.apply_microcode ? "rev = ~0" :
+ "HW toggle");
ucode_ops.apply_microcode = NULL;
return -ENODEV;
}
diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c
index 553a0ced15..d6ba250dca 100644
--- a/xen/arch/x86/cpu/microcode/core.c
+++ b/xen/arch/x86/cpu/microcode/core.c
@@ -164,7 +164,6 @@ custom_param("ucode", parse_ucode);
static DEFINE_SPINLOCK(microcode_mutex);
-DEFINE_PER_CPU(struct cpu_signature, cpu_sig);
/* Store error code of the work done in NMI handler */
static DEFINE_PER_CPU(int, loading_err);
diff --git a/xen/arch/x86/cpu/microcode/intel-base.c b/xen/arch/x86/cpu/microcode/intel-base.c
index 4fcacaa192..18fdb4e7fc 100644
--- a/xen/arch/x86/cpu/microcode/intel-base.c
+++ b/xen/arch/x86/cpu/microcode/intel-base.c
@@ -32,17 +32,19 @@ static void cf_check collect_cpu_info(void)
}
static const struct microcode_ops __initconst_cf_clobber intel_ucode_ops = {
+ .collect_cpu_info = collect_cpu_info,
+#ifdef CONFIG_UCODE
.cpu_request_microcode = intel_cpu_request_microcode,
.apply_microcode = intel_apply_microcode,
- .collect_cpu_info = collect_cpu_info,
.compare = intel_compare,
.cpio_path = intel_cpio_path,
+#endif /* CONFIG_UCODE */
};
void __init ucode_probe_intel(struct microcode_ops *ops)
{
*ops = intel_ucode_ops;
- if ( !intel_can_load_microcode() )
+ if ( IS_ENABLED(CONFIG_UCODE) && !intel_can_load_microcode() )
ops->apply_microcode = NULL;
}
diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h
index 0194720003..9ec9291681 100644
--- a/xen/arch/x86/efi/efi-boot.h
+++ b/xen/arch/x86/efi/efi-boot.h
@@ -295,7 +295,7 @@ static void __init efi_arch_cfg_file_late(const EFI_LOADED_IMAGE *image,
{
union string name;
- if ( read_section(image, L"ucode", &ucode, NULL) )
+ if ( !IS_ENABLED(CONFIG_UCODE) || read_section(image, L"ucode", &ucode, NULL) )
return;
name.s = get_value(&cfg, section, "ucode");
diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c
index 79bb99e0b6..b2527bca93 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -307,6 +307,7 @@ ret_t do_platform_op(
break;
}
+#ifdef CONFIG_UCODE
case XENPF_microcode_update:
{
XEN_GUEST_HANDLE(const_void) data;
@@ -327,6 +328,7 @@ ret_t do_platform_op(
op->u.microcode2.flags);
break;
}
+#endif /* CONFIG_UCODE */
case XENPF_platform_quirk:
{
--
2.43.0© 2016 - 2025 Red Hat, Inc.