hv: refine security capability detection function.
ACRN hypervisor always print CPU microcode update warning message on KBL NUC platform, even after BIOS was updated to the latest. 'check_cpu_security_cap()' returns false if no ARCH_CAPABILITIES MSR support on current platform, but this MSR may not be available on some platforms. This patch is to remove this pre-condition. Tracked-On: #3317 Signed-off-by: Yonghua Huang <yonghua.huang@intel.com> Reviewed-by: Jason CJ Chen <jason.cj.chen@intel.com>
This commit is contained in:
parent
127c98f5db
commit
076a30b555
|
@ -59,16 +59,16 @@ bool check_cpu_security_cap(void)
|
|||
x86_arch_capabilities = msr_read(MSR_IA32_ARCH_CAPABILITIES);
|
||||
skip_l1dfl_vmentry = ((x86_arch_capabilities
|
||||
& IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) != 0UL);
|
||||
}
|
||||
|
||||
if ((!pcpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
|
||||
ret = false;
|
||||
} else if ((!pcpu_has_cap(X86_FEATURE_IBRS_IBPB)) &&
|
||||
(!pcpu_has_cap(X86_FEATURE_STIBP))) {
|
||||
ret = false;
|
||||
} else {
|
||||
/* No other state currently, do nothing */
|
||||
}
|
||||
} else {
|
||||
if ((!pcpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
|
||||
/* Processor is affected by L1TF CPU vulnerability,
|
||||
* but no L1D_FLUSH command support.
|
||||
*/
|
||||
ret = false;
|
||||
}
|
||||
|
||||
if ((!pcpu_has_cap(X86_FEATURE_IBRS_IBPB)) && (!pcpu_has_cap(X86_FEATURE_STIBP))) {
|
||||
ret = false;
|
||||
}
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
/* type of speculation control
|
||||
* 0 - no speculation control support
|
||||
* 1 - raw IBRS + IPBP support
|
||||
* 1 - raw IBRS + IBPB support
|
||||
* 2 - with STIBP optimization support
|
||||
*/
|
||||
#define IBRS_NONE 0
|
||||
|
|
Loading…
Reference in New Issue