# Commit 5cd1ac15756ed7d9175685a3d16fc23fc86b3db4
# Date 2025-11-27 18:22:20 +0000
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/amd: Stop updating the Zenbleed mitigation dynamically

This was potentially helpful when the chickenbit was the only mitigation and
microcode had not been released, but that was two years ago.

Zenbleed microcode has been avaialble since December 2023, and the subsequent
Entrysign signature vulnerability means that firmware updates block OS-loading
and more OS-loadable microcode will be produced for Zen2.

i.e. the Zenbleed fix is not going to appear at runtime these days.

No practical change.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -913,7 +913,7 @@ void __init detect_zen2_null_seg_behavio
 
 }
 
-void amd_check_zenbleed(void)
+static void amd_check_zenbleed(void)
 {
 	const struct cpu_signature *sig = &this_cpu(cpu_sig);
 	unsigned int good_rev;
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -373,8 +373,6 @@ static int cf_check apply_microcode(cons
            "microcode: CPU%u updated from revision %#x to %#x, date = %04x-%02x-%02x\n",
            cpu, old_rev, rev, patch->year, patch->month, patch->day);
 
-    amd_check_zenbleed();
-
     return 0;
 }
 
--- a/xen/arch/x86/include/asm/processor.h
+++ b/xen/arch/x86/include/asm/processor.h
@@ -504,8 +504,6 @@ enum ap_boot_method {
 };
 extern enum ap_boot_method ap_boot_method;
 
-void amd_check_zenbleed(void);
-
 #endif /* !__ASSEMBLY__ */
 
 #endif /* __ASM_X86_PROCESSOR_H */