From: Alejandro Vallejo <alejandro.vallejo@cloud.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Xen-devel <xen-devel@lists.xenproject.org>,
"Jan Beulich" <jbeulich@suse.com>,
"Roger Pau Monné" <roger.pau@citrix.com>, "Wei Liu" <wl@xen.org>
Subject: Re: [PATCH] x86/microcode: Prevent attempting updates known to fail
Date: Mon, 5 Jun 2023 11:31:53 +0100 [thread overview]
Message-ID: <647db99b.df0a0220.45aaa.6dcd@mx.google.com> (raw)
In-Reply-To: <0b118c70-b1b0-43ad-31d2-1b301b360b12@citrix.com>
On Fri, Jun 02, 2023 at 09:35:56PM +0100, Andrew Cooper wrote:
> For this MCU_CONTROL_DIS_MCU_LOAD case, we don't want to be trying to
> load new microcode because that's a waste of time, but we absolutely
> should query the current microcode revision. It is frequently relevant
> for security reasons.
>
> So I think we want to fine-grain things a little, and separate the
> concepts of "ucode info available" and "ucode loading available". Per
> the current mechanism, that would involve supporting a case where
> ucode_ops.collect_cpu_info() is available but
> ucode_ops.apply_microcode() is not.
I was going after something to that effect, yes.
>
> ~Andrew
>
> P.S. also in our copious free time, we need to start supporting the
> Intel min_rev field, which is more complicated than it sounds.
>
> min_rev is vaguely defined as being relevant to block updates "after
> you've evaluated CPUID and made decisions based on it", but here in Xen
> we do also do livepatching and late loading to explicitly make use of
> newly enumerated features.
>
> So we need a way of xen-ucode saying "please really do load this,
> because I as the admin think it will be fine in combination with the
> livepatch I'm about to apply".
>
> My best idea for this is to have a `--force` option to pass to Xen to
> skip the revision checks, which will require either a new hypercall, or
> perhaps borrowing a high bit from the size field in the current hypercall.
>
> With a force option in place, the boot time ucode=allow-same can go
> away. It has become distinctly less useful now that we were forced do
> this unilaterally on AMD CPUs, and separating "allow same because of HW
> bugs" from "the Admin promised they knew what they were doing" would be
> better for testing.
I've created a GitLab issue to keep track of that:
https://gitlab.com/xen-project/xen/-/issues/164
There's also the case of downgrades. We probably want to at least avoid
going back to a microcode revision with different min_rev field.
Alejandro
prev parent reply other threads:[~2023-06-05 10:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230531175119.10830-1-alejandro.vallejo@cloud.com>
2023-06-01 10:54 ` [PATCH] x86/microcode: Prevent attempting updates known to fail Andrew Cooper
2023-06-02 13:19 ` Alejandro Vallejo
2023-06-02 16:44 ` Andrew Cooper
2023-06-02 20:35 ` Andrew Cooper
2023-06-05 10:31 ` Alejandro Vallejo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=647db99b.df0a0220.45aaa.6dcd@mx.google.com \
--to=alejandro.vallejo@cloud.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.