This is a note to let you know that I've just added the patch titled x86/microcode: Do the family check first to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: x86-microcode-do-the-family-check-first.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 Mon Sep 17 00:00:00 2001 From: Borislav Petkov <bp@xxxxxxx> Date: Thu, 12 Oct 2017 13:23:16 +0200 Subject: x86/microcode: Do the family check first From: Borislav Petkov <bp@xxxxxxx> commit 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 upstream with adjustments. On CPUs like AMD's Geode, for example, we shouldn't even try to load microcode because they do not support the modern microcode loading interface. However, we do the family check *after* the other checks whether the loader has been disabled on the command line or whether we're running in a guest. So move the family checks first in order to exit early if we're being loaded on an unsupported family. Reported-and-tested-by: Sven Glodowski <glodi1@xxxxxxxx> Signed-off-by: Borislav Petkov <bp@xxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> # 4.11.. Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396 Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@xxxxxxxxx Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> Signed-off-by: Rolf Neugebauer <rolf.neugebauer@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/x86/kernel/cpu/microcode/core.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -86,9 +86,6 @@ static bool __init check_loader_disabled bool *res = &dis_ucode_ldr; #endif - if (!have_cpuid_p()) - return *res; - a = 1; c = 0; native_cpuid(&a, &b, &c, &d); @@ -130,8 +127,9 @@ void __init load_ucode_bsp(void) { int vendor; unsigned int family; + bool intel = true; - if (check_loader_disabled_bsp()) + if (!have_cpuid_p()) return; vendor = x86_cpuid_vendor(); @@ -139,16 +137,27 @@ void __init load_ucode_bsp(void) switch (vendor) { case X86_VENDOR_INTEL: - if (family >= 6) - load_ucode_intel_bsp(); + if (family < 6) + return; break; + case X86_VENDOR_AMD: - if (family >= 0x10) - load_ucode_amd_bsp(family); + if (family < 0x10) + return; + intel = false; break; + default: - break; + return; } + + if (check_loader_disabled_bsp()) + return; + + if (intel) + load_ucode_intel_bsp(); + else + load_ucode_amd_bsp(family); } static bool check_loader_disabled_ap(void) Patches currently in stable-queue which might be from bp@xxxxxxx are queue-4.9/x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch queue-4.9/x86-retpoline-simplify-vmexit_fill_rsb.patch queue-4.9/x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch queue-4.9/x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch queue-4.9/x86-microcode-amd-do-not-load-when-running-on-a-hypervisor.patch queue-4.9/x86-nospec-fix-header-guards-names.patch queue-4.9/x86-alternative-print-unadorned-pointers.patch queue-4.9/x86-microcode-do-the-family-check-first.patch queue-4.9/x86-spectre-fix-spelling-mistake-vunerable-vulnerable.patch queue-4.9/x86-pti-mark-constant-arrays-as-__initconst.patch queue-4.9/x86-bugs-drop-one-mitigation-from-dmesg.patch queue-4.9/x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch