From nobody Sun Dec 14 08:05:25 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1764163370; cv=none; d=zohomail.com; s=zohoarc; b=Oa4GdVNFIQ22GKsHJmTO1PsjrL7wgJ8ViBH1+P3rx8Tm6p35i0GhMUpjAAgqgEuXN74w6yi0qUWNPfFPSaf6m3zVNdL9YgBBGmJSs69nu7YMkR4P82UepZFFOQiZUDiyY/w60lui/7MICcBvDuCOfJOX3EVdVuyyPQOQlKOrTi4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1764163370; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=UHNzrMLtWiPI7NZUI+e8M2VwxxtJXgHm6FrkJxV/SxI=; b=WjnGAZzp5A4w/LNW1gPXKaLexJkMsvAr7J+6vTsWv1IN3sBu/EI2f/nBRys/0XR4w+fDjV1xzlaPDWkpfsG61zZxPF0sLv7uu9v0LgKNUw9PhxWjWbUqienj4Ei/BuM7MTQ1ZF2xizuioTP8gqFd4n7wgsz04zKcR0ijvMjmgkk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1764163370566663.0802889438428; Wed, 26 Nov 2025 05:22:50 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1172613.1497725 (Exim 4.92) (envelope-from ) id 1vOFTb-0006Dc-TH; Wed, 26 Nov 2025 13:22:31 +0000 Received: by outflank-mailman (output) from mailman id 1172613.1497725; Wed, 26 Nov 2025 13:22:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vOFTb-0006DT-Qa; Wed, 26 Nov 2025 13:22:31 +0000 Received: by outflank-mailman (input) for mailman id 1172613; Wed, 26 Nov 2025 13:22:30 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vOFTa-0005zB-Ln for xen-devel@lists.xenproject.org; Wed, 26 Nov 2025 13:22:30 +0000 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [2a00:1450:4864:20::334]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id f40835eb-caca-11f0-980a-7dc792cee155; Wed, 26 Nov 2025 14:22:27 +0100 (CET) Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-477bf34f5f5so40073905e9.0 for ; Wed, 26 Nov 2025 05:22:27 -0800 (PST) Received: from localhost.localdomain (host-92-29-237-183.as13285.net. [92.29.237.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-479052b3f5fsm42042275e9.4.2025.11.26.05.22.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 05:22:26 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f40835eb-caca-11f0-980a-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1764163347; x=1764768147; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UHNzrMLtWiPI7NZUI+e8M2VwxxtJXgHm6FrkJxV/SxI=; b=KPOg8gtw5mADdEdsZD7yldZspRraetOV1tV4n8By9lFoJ1iQj8EQfjullrtUTnKq18 MdDRP17YUGKNLI+R23KNt14G4/Z5L6DyJMRP8/t0e/ovJOYEPgQ7Pb4nolH8Dk7vsb4U M/zvJc6Xpkiwrzu4+MWeqxtjqwsYNBNA65hU4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764163347; x=1764768147; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=UHNzrMLtWiPI7NZUI+e8M2VwxxtJXgHm6FrkJxV/SxI=; b=Ar5XggeHWN32BvdBSw8rStTqsA+p5pGU7p0q/4OiNKVFpzU4Xpks8OE/LlaP2MktkB Zm9DI9nejBapYLIWYQS6Apl4M6wDPa0iO9GMu+cYzapGn6knANuh6OtbAUht59y0wHXT uRDptwo2qWXFOxiaMBBhfjvaWmoCEclhSrqJk4gem3ycuqqFakvFfaeEb9Oc0UbSpQJt aGBSearFinymS00w8b2Rbfy2grJJvLsgfFurTtjaPd9rjVCE/yB7HFmW0PZFExTdKFA9 mkbck0Sen4Al0B9XYjqlHnAQeo/LTCO2MbSvnoJAMDKeODtPTmeCVHOn5Bdbxzwnb1yZ yHhA== X-Gm-Message-State: AOJu0Yw8ZBcs8JbXFIPk3DiHL48fgggQdfAUiGRl1ZZ2uPV6k840cdMD NgGfpWLTfzXhuzEXtQMK81xNCXPF00wRiiSx4RyJqQHId3mng4CIVMDId0zRk8YemQNdE50JzSB OuwBD X-Gm-Gg: ASbGncvBnv4b3iH+mRJez9rmivXFIdxxITG4q6e10ERmm7Tl3GHn1sof7uVAHLfLpyr 83huxoHs7a9t9r45SrREKYtvRLr6LVA/ZSUbpXYQ31PQSJ/ZrsBesH+cDA//cmLQc3XwnBsQXJy lx28PZ+wtKopJRY0cAkbVHtMdrOKsngROdMc+8R8oN8WBqmIXXu5TR3084sZnDZKHjSIAOjxykl 8Rm4ZrGnvKZLcmG5DIbLsCBpt349qs+aXRKBvhBZefNd03d89s77NVbAWxqWOt8zjh9D+x8zkrw XwghkffCPfAaeTO/WTUDzRHz1feZgfVSiRQvGUJzUsJea4Gb3FhoQ3pUyl/q0XfWo3J5KjCQbkb 9Z90mDzMbGaIBTnX/VtsqIm/CgQGHgHnMMEXrdK/iutQ7jnwfqZwWO4uVM9REN7836P87nYRQP0 36rfyK8yjH6Z2T2/CsiakO//1aHkq5Yo8a7Y9MIIDCBewhAYjmCRU/7vi5T4R2jA== X-Google-Smtp-Source: AGHT+IFf1ACZv/czxzG6Om45+F+INuHE9HD1BnwebEHtMg49eN1f8LlP0axHxtvrXi04WG6wdJMkPw== X-Received: by 2002:a05:600c:4583:b0:477:fad:acd9 with SMTP id 5b1f17b1804b1-47904b2bcd7mr70595215e9.34.1764163346841; Wed, 26 Nov 2025 05:22:26 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 1/3] x86/amd: Use setup_force_cpu_cap() for BTC_NO Date: Wed, 26 Nov 2025 13:22:18 +0000 Message-Id: <20251126132220.881028-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251126132220.881028-1-andrew.cooper3@citrix.com> References: <20251126132220.881028-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1764163370966019200 When re-scanning features, forced caps are taken into account but unforced such as this are not. This causes BTC_NO to go missing, and for the system= to appear to have lost features. The practical consequence of this observation is that all after-the-fact adjustments to CPUID must be forced. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/cpu/amd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 9b02e1ba675c..8f468aaf0921 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -1225,8 +1225,9 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) * Branch Type Confusion, but predate the allocation of the * BTC_NO bit. Fill it back in if we're not virtualised. */ - if (!cpu_has_hypervisor && !cpu_has(c, X86_FEATURE_BTC_NO)) - __set_bit(X86_FEATURE_BTC_NO, c->x86_capability); + if (c =3D=3D &boot_cpu_data && !cpu_has_hypervisor && + !cpu_has(c, X86_FEATURE_BTC_NO)) + setup_force_cpu_cap(X86_FEATURE_BTC_NO); break; } =20 --=20 2.39.5 From nobody Sun Dec 14 08:05:25 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1764163373; cv=none; d=zohomail.com; s=zohoarc; b=kuL6gxUnCuUniXFXu+pC5uDQVMk2jRrxKbs0zKoSGDtaaJxPCPPHkWMc2L5mlOKmhPrgQKMrqh+1m6Xu6sQPP2GGqb8/I493J4s0x3KqslfAqLCN0Nf1yfwAPJqx6B+SGIHMJPGEFCtjaNlzW08mEO3+zyAqsUvjnwvmKwu1Y/Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1764163373; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=QBmMMSXqkgwd0JWWHDKsytpGPQgOHwugeGbrCI1WGYM=; b=H+gK0TXJ6soiYCrCje/3RvthwPm2e3D0ioYbJPPOIyatTkrF3Tr9z0lt6Jn73qSneDqd8HBYgEQdSk8nSOZyJXvVT3RIUQX2M1N5Q9nsUSINijNtlMHxt7VGm/XihKFd5t7EkgSSoMSBHHKaExaErvpnztjMfzTOx4vvzS08Rp4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1764163373256102.11065596066669; Wed, 26 Nov 2025 05:22:53 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1172612.1497716 (Exim 4.92) (envelope-from ) id 1vOFTa-0005zJ-OG; Wed, 26 Nov 2025 13:22:30 +0000 Received: by outflank-mailman (output) from mailman id 1172612.1497716; Wed, 26 Nov 2025 13:22:30 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vOFTa-0005zC-Jd; Wed, 26 Nov 2025 13:22:30 +0000 Received: by outflank-mailman (input) for mailman id 1172612; Wed, 26 Nov 2025 13:22:29 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vOFTZ-0005lR-2v for xen-devel@lists.xenproject.org; Wed, 26 Nov 2025 13:22:29 +0000 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [2a00:1450:4864:20::331]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id f485c7af-caca-11f0-9d18-b5c5bf9af7f9; Wed, 26 Nov 2025 14:22:28 +0100 (CET) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-47778b23f64so37284785e9.0 for ; Wed, 26 Nov 2025 05:22:28 -0800 (PST) Received: from localhost.localdomain (host-92-29-237-183.as13285.net. [92.29.237.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-479052b3f5fsm42042275e9.4.2025.11.26.05.22.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 05:22:27 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f485c7af-caca-11f0-9d18-b5c5bf9af7f9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1764163348; x=1764768148; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QBmMMSXqkgwd0JWWHDKsytpGPQgOHwugeGbrCI1WGYM=; b=EwVxYwocA4Mc9rqG9fstSI9Hf7qC41QdTTIu6xqoZbI0IVTWxAfErYAqljBffDot9s Fq1NwNflNXsBqrkC6EZtWoFWQW8B3NEPuj4DofbgTyV5Z2DL/bk0ZWgjx2GWGgJ5b2CH M+6g1XbjnSg8dYu6CUwd+0JOmnGDDJp9ktVdQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764163348; x=1764768148; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=QBmMMSXqkgwd0JWWHDKsytpGPQgOHwugeGbrCI1WGYM=; b=jBMuvo9FZ1Txc3Th3LDw4dv7wl8tG7MA0xv+CoQ82xJnW7sVZiEMTN5zzKm5DOlWEs +BWfpNZ68KQMk7RXl6VjWWMEvtAaUhpue4W/SFIqYOzOs1BH4Wbl/W39TwxWnbyu+m6W EPIwUsjstJoX0K3aKoDUIIjsJ5LGcU1GrwVMFrihNmLioYMXB/w5UAewO2oyBdgOJg6H xj32aAl0M50Tp3ewPOZkEs8twyr7g/CaDJaGnWrclOBcmnQxSjxg9N7jQCGCe2miLYAV juD/z2JABufqaTg4B9tgFefFwpwxDGs6H2R3suFVPHdKGw2WlD7OPNOaROBw8Zoq8mei uvjA== X-Gm-Message-State: AOJu0YwkgZYiNBw3XIUFZFMsYKlS0iQr2kd3BPxZtgGftxA8g//QRezU goA4vaDC7JpVvLs1OhEMf8fOrGAAP8b42TFEEvlp22UOjT+VraCpiWVyT15gpolbKMSABw3/76f yJ1x5 X-Gm-Gg: ASbGncv7EqROj+37oWNXwNRIacDvw0pTVXzoHStoxP4fvUzXAo3bsFnG/YjNZhifw26 MJvVyVZa10VyVdsJJ9VEueqE29J6MUEd4nhJVijyLE2zBLrwx0MqQYsnJaaanV4A0T+uj6UtGrh 1TXBcGcqCxMyr0+R8RZOunRKLIbOrVI7SAOy5JhSXmH6Cb4ayU68HxdufglEiOBXmIs2WxWCND5 HdXps3acKurRI1C6aVsqFFKaVXI8SDQxoYBzrZxSxG3Z+8ePR5qjPYI3ViwCHyXRrKOs6d/xvIQ ggOAHU0TsRpMAFliUWJoYSdDOzEOJTh6LsxXDXpHipaQ5pbGtGcI7dH0riWoqLY4FIWRlXyQnJD bGUkojlZldtiernrxPv5NFraqZL3RfcjsI4mUisYNAkH5rMAqQtse0RQht9ATevETfsXcgryK1m yiiV6SKtmkMgFMZFHOcvU/ksx8Sqw25VJBZKaA21LhULqVQDUS0cBTraSUFTlfpQ== X-Google-Smtp-Source: AGHT+IFUCyKYfsvVlQzNTUhmDy2gDR8npHciKE86AdBgkfQ/bFtdrTeW1t2V26OodcHqqDxISYKnXg== X-Received: by 2002:a05:600c:474e:b0:477:7523:da8c with SMTP id 5b1f17b1804b1-477c111d3f8mr226042655e9.15.1764163347604; Wed, 26 Nov 2025 05:22:27 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 2/3] x86/amd: Stop updating the Zenbleed mitigation dynamically Date: Wed, 26 Nov 2025 13:22:19 +0000 Message-Id: <20251126132220.881028-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251126132220.881028-1-andrew.cooper3@citrix.com> References: <20251126132220.881028-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1764163375126019200 This was potentially helpful when the chickenbit was the only mitigation and microcode had not been released, but that was two years ago. Zenbleed microcode has been avaialble since December 2023, and the subseque= nt Entrysign signature vulnerability means that firmware updates block OS-load= ing and more OS-loadable microcode will be produced for Zen2. i.e. the Zenbleed fix is not going to appear at runtime these days. No practical change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 --- xen/arch/x86/cpu/amd.c | 2 +- xen/arch/x86/cpu/microcode/amd.c | 2 -- xen/arch/x86/include/asm/processor.h | 2 -- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 8f468aaf0921..7953261895ac 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -979,7 +979,7 @@ void __init detect_zen2_null_seg_behaviour(void) =20 } =20 -void amd_check_zenbleed(void) +static void amd_check_zenbleed(void) { const struct cpu_signature *sig =3D &this_cpu(cpu_sig); unsigned int good_rev; diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/= amd.c index 4a7573c885e5..e7ae1e802353 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -380,8 +380,6 @@ static int cf_check apply_microcode(const struct microc= ode_patch *patch, "microcode: CPU%u updated from revision %#x to %#x, date =3D %0= 4x-%02x-%02x\n", cpu, old_rev, rev, patch->year, patch->month, patch->day); =20 - amd_check_zenbleed(); - return 0; } =20 diff --git a/xen/arch/x86/include/asm/processor.h b/xen/arch/x86/include/as= m/processor.h index 1342241742ac..2e087c625770 100644 --- a/xen/arch/x86/include/asm/processor.h +++ b/xen/arch/x86/include/asm/processor.h @@ -435,8 +435,6 @@ enum ap_boot_method { }; extern enum ap_boot_method ap_boot_method; =20 -void amd_check_zenbleed(void); - #endif /* !__ASSEMBLY__ */ =20 #endif /* __ASM_X86_PROCESSOR_H */ --=20 2.39.5 From nobody Sun Dec 14 08:05:25 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1764163375; cv=none; d=zohomail.com; s=zohoarc; b=YbD8w3dd7sB3LmcCYY7LXTibT/tKor4RHFEXjQTbhIkNclcG+wwCBQB+oXgceHxaeA4QrPI3PvaAtk9Az8ijva+/T74xsZ9z4NNExgDyzC5qVDRu5HpDpqcy2xIa/kf/wrjqxWTmhaAkxoeNOwLff7sK/4EEWx/+tXtbWAxsI0I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1764163375; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=19EMhPwi+GdHgfL1g0v2UfyNMhFsDMdRnBMaRbpB0ZU=; b=T92LfrVmTgMFnldusyxS4alRr6lQHyFRyRp+MYKQaJC35DC9yZ+moeEhJGwkXwzbyHx9dqearaXICzqk0LTmcjPCXXjV5DmIV0JSHtK42q2Q43ucqXSAGrIK5cWFbKKEM3g0NfLzbTkpnJA/jtztR+gaQJQJ3IRYa8awRNVNM4A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1764163375292275.5454357386802; Wed, 26 Nov 2025 05:22:55 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1172614.1497735 (Exim 4.92) (envelope-from ) id 1vOFTd-0006Rx-4O; Wed, 26 Nov 2025 13:22:33 +0000 Received: by outflank-mailman (output) from mailman id 1172614.1497735; Wed, 26 Nov 2025 13:22:33 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vOFTd-0006Ro-0b; Wed, 26 Nov 2025 13:22:33 +0000 Received: by outflank-mailman (input) for mailman id 1172614; Wed, 26 Nov 2025 13:22:31 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vOFTb-0005zB-Gt for xen-devel@lists.xenproject.org; Wed, 26 Nov 2025 13:22:31 +0000 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [2a00:1450:4864:20::331]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id f51c6845-caca-11f0-980a-7dc792cee155; Wed, 26 Nov 2025 14:22:29 +0100 (CET) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-4779d47be12so51357195e9.2 for ; Wed, 26 Nov 2025 05:22:29 -0800 (PST) Received: from localhost.localdomain (host-92-29-237-183.as13285.net. [92.29.237.183]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-479052b3f5fsm42042275e9.4.2025.11.26.05.22.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Nov 2025 05:22:28 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f51c6845-caca-11f0-980a-7dc792cee155 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1764163349; x=1764768149; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=19EMhPwi+GdHgfL1g0v2UfyNMhFsDMdRnBMaRbpB0ZU=; b=MljMjp/hhh+WWS+OZnzMfaVZp6brfVoOloAGrxFTfaYiCsvhHKZtTtxoaka/S7ir3K cg9XT4NJXb1Y03THAnI/M9et5y8iB9AbvX9O0pxiyjRnGOTz3Raa9w552Ery373uAKHs F7LVHax9wj0K/qKKPL/OG/Uxhc61J7D5/RKTc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764163349; x=1764768149; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=19EMhPwi+GdHgfL1g0v2UfyNMhFsDMdRnBMaRbpB0ZU=; b=YpChTOgnuXDhoqX/es/Xv84ogxoOTLE9DTpAO//U7UjDDgWAKnRTRX/1hKkeBulRpd 4rkeKSJAlf0LHypOs5gbgbCTB29iRaYvN04ipvmcgQlDs0a4o6kTrMYwxoyjTfRj0sWa CydmLTS3+8FS8KJxp/b2I69GuWt2/2Jlefu5CV8q4nNQBdx1YlNifljMca0P3wAYCf61 ThRG3GXGSjKp9EVnCcfsQp46dR4kD0WNf02DIbJ6J/WkbxDXEFQnvi6M+/BLgVF31SFm OuGNrjkJYSPScMXw9Fxryo/5beiXz3nYv7N4bO972PcrPIeoV6yZLBKeBOELAWMl3gEb odwQ== X-Gm-Message-State: AOJu0YxZtzkBHekWN8DYQTY60shmQ8fr7A1pyYtDmGPRCjns6KjIE6au OXaICYFhRohz3Mct+uFGX3mkUPfy9pA0ODBp8gjeiL5Dl5GHkvu3kZelUIZ2MNeiixYKHfIJwPO jawvw X-Gm-Gg: ASbGncsaqOP1Zejq6CLwI5YfjI/zayM+0KGzqj+FW2Dqg8kzMQFKRudBAjXp1MRYU7w JF+9VDsFM6J4aVamD+BiWQACuHFPM4TefjOaSCjWdwrmt1ARX9wHIqEk72b4cTRN+bjW3/uC4lm 2q15bUf3chnTmeFd7E/7Czf92iQ913ZA5EDT9GNgjOmdRxnF6xcVyAGYw9T5lZPnvejkFN2NaNZ unrnVf0wya9LsAvlsGGwVv4mJdKO2cBNqtZr2d98O7RZ4smcBwObkhv1Y+BDoyzXbgrM8afsmoW jrGWsIycDsj6ZDPOq5VM5OJ0G78jxo+uiULC+dP/JMiIDdNCa1ELZ0EUXq57TWbejRMTHD8sHMV mqw8ME2MyoXu9b4Z8JFN/F/D0KzkgRAPkPD09RiZS8+GC98T5E97QhxlGYpxaT/uZHLVLi9sPzR /24x66F2mvynBKKzXgHHZVqxHsp62etuB+nGBECIT7pKf/dZmGAYWyM7eqjcihEQ== X-Google-Smtp-Source: AGHT+IGWZjJGhpydepWJ2VpVScDuk1zaoj+lqAHPK74fKJT3numNq0qOOE5fMgmqSN98CYtQkhzpBQ== X-Received: by 2002:a05:600c:4506:b0:477:7bca:8b2b with SMTP id 5b1f17b1804b1-477c0190e57mr246322575e9.15.1764163348485; Wed, 26 Nov 2025 05:22:28 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH 3/3] x86/amd: Fix race editing DE_CFG Date: Wed, 26 Nov 2025 13:22:20 +0000 Message-Id: <20251126132220.881028-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251126132220.881028-1-andrew.cooper3@citrix.com> References: <20251126132220.881028-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1764163377163019200 We have two different functions explaining that DE_CFG is Core-scoped and t= hat writes are racy but happen to be safe. This is only true when there's one = of them. Introduce amd_init_de_cfg() to be the singular function which writes to DE_CFG, modelled after the logic we already have for BP_CFG. While reworking amd_check_zenbleed() into a simple predicate used by amd_init_de_cfg(), fix the microcode table. The 'good_rev' was specific to= an individual stepping and not valid to be matched by model, let alone a range. The only CPUs incorrectly matched that I can locate appear to be pre-production, and probably didn't get Zenbleed microcode. Rework amd_init_lfence() to be amd_init_lfence_dispatch() with only the purpose of configuring X86_FEATURE_LFENCE_DISPATCH in the case that it needs synthesising. Run it on the BSP only and use setup_force_cpu_cap() to prev= ent the bit disappearing on a subseuqent CPUID rescan. Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 I've submitted a matching fix to Linux's Zenbleed table. --- xen/arch/x86/cpu/amd.c | 227 +++++++++++++++++++-------------------- xen/arch/x86/cpu/cpu.h | 3 +- xen/arch/x86/cpu/hygon.c | 6 +- 3 files changed, 118 insertions(+), 118 deletions(-) diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c index 7953261895ac..c9d0b55c8c8d 100644 --- a/xen/arch/x86/cpu/amd.c +++ b/xen/arch/x86/cpu/amd.c @@ -747,45 +747,6 @@ void amd_log_freq(const struct cpuinfo_x86 *c) printk("CPU%u: %u MHz\n", smp_processor_id(), low_mhz); } =20 -void amd_init_lfence(struct cpuinfo_x86 *c) -{ - uint64_t value; - - /* - * Some hardware has LFENCE dispatch serialising always enabled, - * nothing to do on that case. - */ - if (test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability)) - return; - - /* - * Attempt to set lfence to be Dispatch Serialising. This MSR almost - * certainly isn't virtualised (and Xen at least will leak the real - * value in but silently discard writes), as well as being per-core - * rather than per-thread, so do a full safe read/write/readback cycle - * in the worst case. - */ - if (rdmsr_safe(MSR_AMD64_DE_CFG, &value)) - /* Unable to read. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (value & AMD64_DE_CFG_LFENCE_SERIALISE) - /* Already dispatch serialising. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else if (wrmsr_safe(MSR_AMD64_DE_CFG, - value | AMD64_DE_CFG_LFENCE_SERIALISE) || - rdmsr_safe(MSR_AMD64_DE_CFG, &value) || - !(value & AMD64_DE_CFG_LFENCE_SERIALISE)) - /* Attempt to set failed. Assume the safer default. */ - __clear_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); - else - /* Successfully enabled! */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, - c->x86_capability); -} - /* * Refer to the AMD Speculative Store Bypass whitepaper: * https://developer.amd.com/wp-content/resources/124441_AMD64_Speculative= StoreBypassDisable_Whitepaper_final.pdf @@ -979,76 +940,6 @@ void __init detect_zen2_null_seg_behaviour(void) =20 } =20 -static void amd_check_zenbleed(void) -{ - const struct cpu_signature *sig =3D &this_cpu(cpu_sig); - unsigned int good_rev; - uint64_t val, old_val, chickenbit =3D (1 << 9); - - /* - * If we're virtualised, we can't do family/model checks safely, and - * we likely wouldn't have access to DE_CFG even if we could see a - * microcode revision. - * - * A hypervisor may hide AVX as a stopgap mitigation. We're not in a - * position to care either way. An admin doesn't want to be disabling - * AVX as a mitigation on any build of Xen with this logic present. - */ - if (cpu_has_hypervisor || boot_cpu_data.x86 !=3D 0x17) - return; - - switch (boot_cpu_data.x86_model) { - case 0x30 ... 0x3f: good_rev =3D 0x0830107a; break; - case 0x60 ... 0x67: good_rev =3D 0x0860010b; break; - case 0x68 ... 0x6f: good_rev =3D 0x08608105; break; - case 0x70 ... 0x7f: good_rev =3D 0x08701032; break; - case 0xa0 ... 0xaf: good_rev =3D 0x08a00008; break; - default: - /* - * With the Fam17h check above, most parts getting here are - * Zen1. They're not affected. Assume Zen2 ones making it - * here are affected regardless of microcode version. - */ - if (is_zen1_uarch()) - return; - good_rev =3D ~0U; - break; - } - - rdmsrl(MSR_AMD64_DE_CFG, val); - old_val =3D val; - - /* - * Microcode is the preferred mitigation, in terms of performance. - * However, without microcode, this chickenbit (specific to the Zen2 - * uarch) disables Floating Point Mov-Elimination to mitigate the - * issue. - */ - val &=3D ~chickenbit; - if (sig->rev < good_rev) - val |=3D chickenbit; - - if (val =3D=3D old_val) - /* Nothing to change. */ - return; - - /* - * DE_CFG is a Core-scoped MSR, and this write is racy during late - * microcode load. However, both threads calculate the new value from - * state which is shared, and unrelated to the old value, so the - * result should be consistent. - */ - wrmsrl(MSR_AMD64_DE_CFG, val); - - /* - * Inform the admin that we changed something, but don't spam, - * especially during a late microcode load. - */ - if (smp_processor_id() =3D=3D 0) - printk(XENLOG_INFO "Zenbleed mitigation - using %s\n", - val & chickenbit ? "chickenbit" : "microcode"); -} - static void cf_check fam17_disable_c6(void *arg) { /* Disable C6 by clearing the CCR{0,1,2}_CC6EN bits. */ @@ -1075,6 +966,112 @@ static void cf_check fam17_disable_c6(void *arg) wrmsrl(MSR_AMD_CSTATE_CFG, val & mask); } =20 +static bool zenbleed_use_chickenbit(void) +{ + unsigned int curr_rev; + uint8_t fixed_rev; + + /* + * If we're virtualised, we can't do family/model checks safely, and + * we likely wouldn't have access to DE_CFG even if we could see a + * microcode revision. + * + * A hypervisor may hide AVX as a stopgap mitigation. We're not in a + * position to care either way. An admin doesn't want to be disabling + * AVX as a mitigation on any build of Xen with this logic present. + */ + if ( cpu_has_hypervisor || boot_cpu_data.family !=3D 0x17 ) + return false; + + curr_rev =3D this_cpu(cpu_sig).rev; + switch ( curr_rev >> 8 ) + { + case 0x083010: fixed_rev =3D 0x7a; break; + case 0x086001: fixed_rev =3D 0x0b; break; + case 0x086081: fixed_rev =3D 0x05; break; + case 0x087010: fixed_rev =3D 0x32; break; + case 0x08a000: fixed_rev =3D 0x08; break; + default: + /* + * With the Fam17h check above, most parts getting here are Zen1. + * They're not affected. Assume Zen2 ones making it here are affe= cted + * regardless of microcode version. + */ + return is_zen2_uarch(); + } + + return (uint8_t)curr_rev >=3D fixed_rev; +} + +void amd_init_de_cfg(const struct cpuinfo_x86 *c) +{ + uint64_t val, new =3D 0; + + /* The MSR doesn't exist on Fam 0xf/0x11. */ + if ( c->family !=3D 0xf && c->family !=3D 0x11 ) + return; + + /* + * On Zen3 (Fam 0x19) and later CPUs, LFENCE is unconditionally dispat= ch + * serialising, and is enumerated in CPUID. Hypervisors may also + * enumerate it when the setting is in place and MSR_AMD64_DE_CFG isn't + * available. + */ + if ( !test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability) ) + new |=3D AMD64_DE_CFG_LFENCE_SERIALISE; + + /* + * If vulnerable to Zenbleed and not mitigated in microcode, use the + * bigger hammer. + */ + if ( zenbleed_use_chickenbit() ) + new |=3D (1 << 9); + + if ( !new ) + return; + + if ( rdmsr_safe(MSR_AMD64_DE_CFG, &val) || + (val & new) =3D=3D new ) + return; + + /* + * DE_CFG is a Core-scoped MSR, and this write is racy. However, both + * threads calculate the new value from state which expected to be + * consistent across CPUs and unrelated to the old value, so the result + * should be consistent. + */ + wrmsr_safe(MSR_AMD64_DE_CFG, val | new); +} + +void __init amd_init_lfence_dispatch(void) +{ + struct cpuinfo_x86 *c =3D &boot_cpu_data; + uint64_t val; + + if ( test_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability) ) + /* LFENCE is forced dispatch serialising and we can't control it. = */ + return; + + if ( c->family =3D=3D 0xf || c->family =3D=3D 0x11 ) + /* MSR doesn't exist. LFENCE is dispatch serialising on this hard= are. */ + goto set; + + if ( rdmsr_safe(MSR_AMD64_DE_CFG, &val) ) + /* Unable to read. Assume the safer default. */ + goto clear; + + if ( val & AMD64_DE_CFG_LFENCE_SERIALISE ) + /* Already dispatch serialising. */ + goto set; + + clear: + setup_clear_cpu_cap(X86_FEATURE_LFENCE_DISPATCH); + return; + + set: + setup_force_cpu_cap(X86_FEATURE_LFENCE_DISPATCH); +} + static void amd_check_bp_cfg(void) { uint64_t val, new =3D 0; @@ -1118,6 +1115,11 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) u32 l, h; uint64_t value; =20 + amd_init_de_cfg(c); + + if (c =3D=3D &boot_cpu_data) + amd_init_lfence_dispatch(); /* Needs amd_init_de_cfg() */ + /* Disable TLB flush filter by setting HWCR.FFDIS on K8 * bit 6 of msr C001_0015 * @@ -1156,12 +1158,6 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) if (c =3D=3D &boot_cpu_data && !cpu_has(c, X86_FEATURE_RSTR_FP_ERR_PTRS)) setup_force_cpu_cap(X86_BUG_FPU_PTRS); =20 - if (c->x86 =3D=3D 0x0f || c->x86 =3D=3D 0x11) - /* Always dispatch serialising on this hardare. */ - __set_bit(X86_FEATURE_LFENCE_DISPATCH, c->x86_capability); - else /* Implicily "=3D=3D 0x10 || >=3D 0x12" by being 64bit. */ - amd_init_lfence(c); - amd_init_ssbd(c); =20 if (c->x86 =3D=3D 0x17) @@ -1379,7 +1375,6 @@ static void cf_check init_amd(struct cpuinfo_x86 *c) if ((smp_processor_id() =3D=3D 1) && !cpu_has(c, X86_FEATURE_ITSC)) disable_c1_ramping(); =20 - amd_check_zenbleed(); amd_check_bp_cfg(); =20 if (fam17_c6_disabled) diff --git a/xen/arch/x86/cpu/cpu.h b/xen/arch/x86/cpu/cpu.h index cbb434f3a23d..8bed3f52490f 100644 --- a/xen/arch/x86/cpu/cpu.h +++ b/xen/arch/x86/cpu/cpu.h @@ -24,7 +24,8 @@ extern bool detect_extended_topology(struct cpuinfo_x86 *= c); =20 void cf_check early_init_amd(struct cpuinfo_x86 *c); void amd_log_freq(const struct cpuinfo_x86 *c); -void amd_init_lfence(struct cpuinfo_x86 *c); +void amd_init_de_cfg(const struct cpuinfo_x86 *c); +void amd_init_lfence_dispatch(void); void amd_init_ssbd(const struct cpuinfo_x86 *c); void amd_init_spectral_chicken(void); void detect_zen2_null_seg_behaviour(void); diff --git a/xen/arch/x86/cpu/hygon.c b/xen/arch/x86/cpu/hygon.c index f7508cc8fcb9..68e98651cb79 100644 --- a/xen/arch/x86/cpu/hygon.c +++ b/xen/arch/x86/cpu/hygon.c @@ -31,7 +31,11 @@ static void cf_check init_hygon(struct cpuinfo_x86 *c) { unsigned long long value; =20 - amd_init_lfence(c); + amd_init_de_cfg(c); + + if (c =3D=3D &boot_cpu_data) + amd_init_lfence_dispatch(); /* Needs amd_init_de_cfg() */ + amd_init_ssbd(c); =20 /* Probe for NSCB on Zen2 CPUs when not virtualised */ --=20 2.39.5