From: "Raj, Ashok" <ashok.raj@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Mihai Carabas <mihai.carabas@oracle.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Jon Grimm <Jon.Grimm@amd.com>,
kanth.ghatraju@oracle.com, konrad.wilk@oracle.com,
patrick.colp@oracle.com, Tom Lendacky <thomas.lendacky@amd.com>,
x86-ml <x86@kernel.org>,
linux-kernel@vger.kernel.org, Ashok Raj <ashok.raj@intel.com>
Subject: Re: [PATCH] x86/microcode: Add an option to reload microcode even if revision is unchanged
Date: Fri, 6 Sep 2019 09:55:25 -0700 [thread overview]
Message-ID: <20190906165525.GA6918@otc-nc-03> (raw)
In-Reply-To: <alpine.DEB.2.21.1909061431330.1902@nanos.tec.linutronix.de>
Hi Thomas,
On Fri, Sep 06, 2019 at 02:51:17PM +0200, Thomas Gleixner wrote:
> Raj,
>
> On Thu, 5 Sep 2019, Raj, Ashok wrote:
> > On Thu, Sep 05, 2019 at 11:22:31PM +0200, Thomas Gleixner wrote:
> > > That's all nice, but what it the general use case for this outside of Intel's
> > > microcode development and testing?
> > >
> > > We all know that late microcode loading has severe limitations and we
> > > really don't want to proliferate that further if not absolutely required
> >
> > Several customers have asked this to check the safety of late loads. They want
> > to validate in production setup prior to rolling late-load to all production systems.
>
> Groan. Late loading _IS_ broken by definition and it was so forever.
Lets tighten the seat belts :-).. I'm with you that late-loading has
shown weakness more recently than earlier. There are several obvious reasons
that you are well aware. But there is a lot that *must* be done to make sure
the guard rails are tight enough for deplopying late-load. 100% agree on that
to make sure the interface and mechanism needs to be improved for robustness
but not a candidate for removal. Certainly this is an argument that would help
me drive towards that objective internally.
>
> What your customers are asking for is a receipe for disaster. They can
> check the safety of late loading forever, it will not magically become safe
> because they do so.
>
> If you want late loading, then the whole approach needs to be reworked from
> ground up. You need to make sure that all CPUs are in a safe state,
> i.e. where switching of CPU feature bits of all sorts can be done with the
> guarantee that no CPU will return to the wrong code path after coming out
> of safe state and that any kernel internal state which depends on the
> previous set of CPU feature bits has been mopped up and switched over
> before CPUs are released.
>
> That does not exist and unless it does, late loading is just going to cause
> trouble nothing else.
>
> So, no. We are not merging something which is known to be broken and then
> we have to deal with the subtle fallout and the bug reports forever. Not to
When we did the late-load changes last year we added a warning if any
of the cpuid bits either dissappear or new ones appear. Maybe we should
have tainted the kernel to track that so its not that subtle anymore.
> talk about having to fend of half baken duct tape patches which try to glue
> things together.
>
> The only sensible patch for that is to remove any trace of late loading
> crappola once and forever.
>
> Sorry, -ENOPONIES
:-)
Cheers,
Ashok
prev parent reply other threads:[~2019-09-06 16:55 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 5:33 [PATCH] x86/microcode: Add an option to reload microcode even if revision is unchanged Ashok Raj
2019-08-29 5:38 ` Raj, Ashok
2019-08-29 6:09 ` Borislav Petkov
2019-08-29 13:02 ` Raj, Ashok
2019-09-03 16:46 ` Borislav Petkov
2019-09-04 22:06 ` Boris Ostrovsky
2019-09-04 22:12 ` Boris Petkov
2019-09-05 0:21 ` Raj, Ashok
2019-09-05 7:20 ` Borislav Petkov
2019-09-05 10:51 ` Thomas Gleixner
2019-09-05 19:40 ` Raj, Ashok
2019-09-05 19:49 ` Borislav Petkov
2019-09-05 20:20 ` Raj, Ashok
2019-09-05 21:22 ` Thomas Gleixner
2019-09-05 22:27 ` Raj, Ashok
2019-09-06 7:46 ` Borislav Petkov
2019-09-06 12:51 ` Thomas Gleixner
2019-09-06 14:40 ` Johannes Erdfelt
2019-09-06 15:16 ` Borislav Petkov
2019-09-06 15:46 ` Johannes Erdfelt
2019-09-06 16:17 ` Borislav Petkov
2019-09-06 16:43 ` Konrad Rzeszutek Wilk
2019-09-06 17:10 ` Borislav Petkov
2019-09-06 16:52 ` Johannes Erdfelt
2019-09-06 17:17 ` Borislav Petkov
2019-09-06 21:16 ` Thomas Gleixner
2019-09-07 0:33 ` Raj, Ashok
2019-09-07 10:37 ` Thomas Gleixner
2019-09-16 10:36 ` Thomas Gleixner
2019-09-17 0:31 ` Raj, Ashok
2019-09-17 6:37 ` Thomas Gleixner
2019-09-17 6:46 ` Borislav Petkov
2019-09-17 14:29 ` Raj, Ashok
2019-09-19 19:48 ` Mihai Carabas
2019-09-06 16:55 ` Raj, Ashok [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190906165525.GA6918@otc-nc-03 \
--to=ashok.raj@intel.com \
--cc=Jon.Grimm@amd.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=kanth.ghatraju@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mihai.carabas@oracle.com \
--cc=mingo@redhat.com \
--cc=patrick.colp@oracle.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox