From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: x86/amd: Mitigate AMD-SN-7052

This is XSA-490 / CVE-2025-54518.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

diff --git a/xen/arch/x86/cpu/amd.c b/xen/arch/x86/cpu/amd.c
index 1bb0766ebf13..b5bf2b732e8f 100644
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -1116,11 +1116,25 @@ static void amd_check_bp_cfg(void)
 {
 	uint64_t val, new = 0;
 
-	/*
-	 * AMD Erratum #1485.  Set bit 5, as instructed.
-	 */
-	if (!cpu_has_hypervisor && boot_cpu_data.x86 == 0x19 && is_zen4_uarch())
-		new |= (1 << 5);
+	if (!cpu_has_hypervisor) {
+		/*
+		 * AMD Erratum #1485.  If SMT is enabled and STIBP disabled,
+		 * the CPU may fetch incorrect instruction bytes.
+		 *
+		 * Set bit 5, as instructed.
+		 */
+		if (boot_cpu_data.x86 == 0x19 && is_zen4_uarch())
+			new |= (1 << 5);
+
+		/*
+		 * AMD SB-7052.  CPU OP Cache corruption, causing instructions
+		 * to be executed at a higher privilege.
+		 *
+		 * Set bit 33, as instructed.
+		 */
+		if (boot_cpu_data.x86 == 0x17 && is_zen2_uarch())
+			new |= (1UL << 33);
+	}
 
 	/*
 	 * On hardware supporting SRSO_MSR_FIX, activate BP_SPEC_REDUCE by