From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Jan Beulich" <JBeulich@suse.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH 3/5] x86/ucode: Refine TLB flush fix for AMD Fam17h CPUs
Date: Mon, 20 Oct 2025 14:19:53 +0100 [thread overview]
Message-ID: <20251020131955.2928261-4-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <20251020131955.2928261-1-andrew.cooper3@citrix.com>
In the time since Xen discovered this, Linux stubled on it too and AMD
produced a narrower fix, limited to Fam17h CPUs only. To my knowledge,
there's no erratum or other public statement from AMD on the matter.
Adjust Xen to match the narrower fix.
Link: https://lore.kernel.org/lkml/ZyulbYuvrkshfsd2@antipodes/T/#u
Fixes: f19a199281a2 ("x86/AMD: flush TLB after ucode update")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
There is a difference in memory clobber with the invlpg() wrapper.
apply_microcode() specifically does not want a memory clobber, whereas
flush_area_local() doesn't need it as far as I can tell (there's nothing
unsafe to move across this instruction).
---
xen/arch/x86/cpu/microcode/amd.c | 14 +++++++++++---
xen/arch/x86/flushtlb.c | 3 +--
xen/arch/x86/include/asm/flushtlb.h | 5 +++++
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c
index 59332da2b827..7ff702c06caf 100644
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -306,10 +306,18 @@ static int cf_check apply_microcode(const struct microcode_patch *patch,
sig->rev = rev;
/*
- * Some processors leave the ucode blob mapping as UC after the update.
- * Flush the mapping to regain normal cacheability.
+ * Family 0x17 processors leave the mapping of the ucode as UC after the
+ * update. Flush the mapping to regain normal cacheability.
+ *
+ * We do not know the granularity of mapping, and at 3200 bytes in size
+ * there is a good chance of crossing a 4k page boundary. Shoot-down the
+ * start and end just to be safe.
*/
- flush_area_local(patch, FLUSH_TLB_GLOBAL | FLUSH_ORDER(0));
+ if ( boot_cpu_data.family == 0x17 )
+ {
+ invlpg(patch);
+ invlpg((const void *)patch + F17H_MPB_MAX_SIZE - 1);
+ }
/* check current patch id and patch's id for match */
if ( hw_err || (rev != patch->patch_id) )
diff --git a/xen/arch/x86/flushtlb.c b/xen/arch/x86/flushtlb.c
index 94b2a30e8d30..09e676c151fa 100644
--- a/xen/arch/x86/flushtlb.c
+++ b/xen/arch/x86/flushtlb.c
@@ -222,8 +222,7 @@ unsigned int flush_area_local(const void *va, unsigned int flags)
}
}
else
- asm volatile ( "invlpg %0"
- : : "m" (*(const char *)(va)) : "memory" );
+ invlpg(va);
}
else
do_tlb_flush();
diff --git a/xen/arch/x86/include/asm/flushtlb.h b/xen/arch/x86/include/asm/flushtlb.h
index 019d886f2b80..37bc203652b3 100644
--- a/xen/arch/x86/include/asm/flushtlb.h
+++ b/xen/arch/x86/include/asm/flushtlb.h
@@ -98,6 +98,11 @@ static inline unsigned long read_cr3(void)
return cr3;
}
+static inline void invlpg(const void *p)
+{
+ asm volatile ( "invlpg %0" :: "m" (*(const char *)p) );
+}
+
/* Write pagetable base and implicitly tick the tlbflush clock. */
void switch_cr3_cr4(unsigned long cr3, unsigned long cr4);
--
2.39.5
next prev parent reply other threads:[~2025-10-20 13:20 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-20 13:19 [PATCH for-4.21? 0/5] x86/ucode: Support loading latest ucode from linux-firwmare Andrew Cooper
2025-10-20 13:19 ` [PATCH 1/5] x86/ucode: Fix missing printk() newline in ucode_probe_amd() Andrew Cooper
2025-10-20 13:37 ` Jan Beulich
2025-10-20 15:02 ` Andrew Cooper
2025-10-20 13:19 ` [PATCH 2/5] x86/ucode: Abort parallel load early on any control thread error Andrew Cooper
2025-10-20 15:55 ` Jan Beulich
2025-10-22 19:28 ` Andrew Cooper
2025-10-23 6:24 ` Jan Beulich
2025-10-27 22:46 ` Andrew Cooper
2025-10-28 8:07 ` Jan Beulich
2025-10-20 13:19 ` Andrew Cooper [this message]
2025-10-21 8:34 ` [PATCH 3/5] x86/ucode: Refine TLB flush fix for AMD Fam17h CPUs Jan Beulich
2025-10-20 13:19 ` [PATCH 4/5] x86/ucode: Cross check the minimum revision Andrew Cooper
2025-10-21 9:18 ` Jan Beulich
2025-10-21 9:24 ` Andrew Cooper
2025-10-20 13:19 ` [PATCH 5/5] x86/ucode: Relax digest check when Entrysign is fixed in firmware Andrew Cooper
2025-10-20 15:06 ` Andrew Cooper
2025-10-21 9:47 ` Jan Beulich
2025-10-22 21:19 ` Andrew Cooper
2025-10-23 7:05 ` Jan Beulich
2025-10-27 21:42 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251020131955.2928261-4-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).