Commit 5412fed7 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'x86_urgent_for_v6.7_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 fixes from Borislav Petkov:

 - Add a forgotten CPU vendor check in the AMD microcode post-loading
   callback so that the callback runs only on AMD

 - Make sure SEV-ES protocol negotiation happens only once and on the
   BSP

* tag 'x86_urgent_for_v6.7_rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/CPU/AMD: Check vendor in the AMD microcode callback
  x86/sev: Fix kernel crash due to late update to read-only ghcb_version
parents 0aea22c7 9b8493dc

arch/x86/kernel/cpu/amd.c

+3 −0
Original line number Diff line number Diff line
@@ -1320,6 +1320,9 @@ static void zenbleed_check_cpu(void *unused) 


void amd_check_microcode(void)

{

	if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD)

		return;



	on_each_cpu(zenbleed_check_cpu, NULL, 1);

}

arch/x86/kernel/sev.c

+7 −4
Original line number Diff line number Diff line
@@ -1234,10 +1234,6 @@ void setup_ghcb(void) 
	if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))

		return;



	/* First make sure the hypervisor talks a supported protocol. */

	if (!sev_es_negotiate_protocol())

		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ);



	/*

	 * Check whether the runtime #VC exception handler is active. It uses

	 * the per-CPU GHCB page which is set up by sev_es_init_vc_handling().
@@ -1254,6 +1250,13 @@ void setup_ghcb(void) 
		return;

	}



	/*

	 * Make sure the hypervisor talks a supported protocol.

	 * This gets called only in the BSP boot phase.

	 */

	if (!sev_es_negotiate_protocol())

		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_GEN_REQ);



	/*

	 * Clear the boot_ghcb. The first exception comes in before the bss

	 * section is cleared.