• Thomas Lendacky's avatar
    x86/microcode/amd: Don't falsely trick the late loading mechanism · f964a4d2
    Thomas Lendacky authored
    [ Upstream commit 912139cf ]
    
    The load_microcode_amd() function searches for microcode patches and
    attempts to apply a microcode patch if it is of different level than the
    currently installed level.
    
    While the processor won't actually load a level that is less than
    what is already installed, the logic wrongly returns UCODE_NEW thus
    signaling to its caller reload_store() that a late loading should be
    attempted.
    
    If the file-system contains an older microcode revision than what is
    currently running, such a late microcode reload can result in these
    misleading messages:
    
      x86/CPU: CPU features have changed after loading microcode, but might not take effect.
      x86/CPU: Please consider either early loading through initrd/built-in or a potential BIOS update.
    
    These messages were issued on a system where SME/SEV are not
    enabled by the BIOS (MSR C001_0010[23] = 0b) because during boot,
    early_detect_mem_encrypt() is called and cleared the SME and SEV
    features in this case.
    
    However, after the wrong late load attempt, get_cpu_cap() is called and
    reloads the SME and SEV feature bits, resulting in the messages.
    
    Update the microcode level check to not attempt microcode loading if the
    current level is greater than(!) and not only equal to the current patch
    level.
    
     [ bp: massage commit message. ]
    
    Fixes: 2613f36e ("x86/microcode: Attempt late loading only when new microcode is present")
    Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: x86-ml <x86@kernel.org>
    Link: https://lkml.kernel.org/r/154894518427.9406.8246222496874202773.stgit@tlendack-t1.amdoffice.netSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
    f964a4d2
amd.c 18.5 KB