From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>, Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
LKML Mailing List <linux-kernel@vger.kernel.org>,
X86-kernel <x86@kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Arjan van de Ven <arjan.van.de.ven@intel.com>,
Jacob Jun Pan <jacob.jun.pan@intel.com>,
Ashok Raj <ashok.raj@intel.com>
Subject: [PATCH 09/13] x86/microcode: Add a generic mechanism to declare support for minrev
Date: Fri, 14 Oct 2022 13:09:09 -0700 [thread overview]
Message-ID: <20221014200913.14644-10-ashok.raj@intel.com> (raw)
In-Reply-To: <20221014200913.14644-1-ashok.raj@intel.com>
Intel microcode adds some meta-data to report a minimum required revision
before this new microcode can be late-loaded. There are no generic mechanism
to declare support for all vendors.
Add generic support to microcode to declare support, so the tainting and
late-loading can be permitted in those architectures that support reporting
a minrev in some form.
Late loading has added support for
- New images declaring a required minimum base version before a late-load
is performed.
- Improved NMI handling during update to avoid sibling threads taking NMI's
while primary is still not complete with the microcode update.
With these changes, late-loading can be re-enabled. Tainting only happens
on architectures that don't support minimum required version reporting.
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
---
arch/x86/include/asm/microcode.h | 1 +
arch/x86/kernel/cpu/microcode/core.c | 14 +++++++++++---
arch/x86/kernel/cpu/microcode/intel.c | 6 ++++++
arch/x86/Kconfig | 7 ++++---
4 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index 401213fb2e4a..0c0bbc26560f 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -59,6 +59,7 @@ enum ucode_state {
};
struct microcode_ops {
+ int (*check_minrev) (void);
enum ucode_state (*request_microcode_fw) (int cpu, struct device *,
bool late_loading);
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 7a8fcb914b6a..46e9c2d8fae0 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -606,6 +606,7 @@ static ssize_t reload_store(struct device *dev,
enum ucode_state tmp_ret = UCODE_OK;
int bsp = boot_cpu_data.cpu_index;
unsigned long val;
+ int minrev;
ssize_t ret = 0;
ret = kstrtoul(buf, 0, &val);
@@ -621,8 +622,14 @@ static ssize_t reload_store(struct device *dev,
if (ret)
goto put;
- pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
- pr_err("You should switch to early loading, if possible.\n");
+ if (microcode_ops->check_minrev())
+ minrev = microcode_ops->check_minrev();
+
+ if (!minrev) {
+ pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
+ pr_err("You should switch to early loading, if possible.\n");
+ }
+
tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true);
if (tmp_ret != UCODE_NEW)
goto put;
@@ -637,7 +644,8 @@ static ssize_t reload_store(struct device *dev,
if (ret == 0)
ret = size;
- add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
+ if (!minrev)
+ add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
return ret;
}
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 46edce811c69..c8ee53fcf04d 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -950,7 +950,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
return ret;
}
+static int intel_check_minrev(void)
+{
+ return 1;
+}
+
static struct microcode_ops microcode_intel_ops = {
+ .check_minrev = intel_check_minrev,
.request_microcode_fw = request_microcode_fw,
.collect_cpu_info = collect_cpu_info,
.apply_microcode = apply_microcode_intel,
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f9920f1341c8..a01fce1092ce 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1336,15 +1336,16 @@ config MICROCODE_AMD
processors will be enabled.
config MICROCODE_LATE_LOADING
- bool "Late microcode loading (DANGEROUS)"
- default n
+ bool "Late microcode loading"
+ default y
depends on MICROCODE
help
Loading microcode late, when the system is up and executing instructions
is a tricky business and should be avoided if possible. Just the sequence
of synchronizing all cores and SMT threads is one fragile dance which does
not guarantee that cores might not softlock after the loading. Therefore,
- use this at your own risk. Late loading taints the kernel too.
+ use this at your own risk. Late loading taints the kernel, if it
+ doesn't support a minimum required base version before an update.
config X86_MSR
tristate "/dev/cpu/*/msr - Model-specific register support"
--
2.34.1
next prev parent reply other threads:[~2022-10-14 20:10 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-14 20:09 [PATCH 00/13] Make microcode loading more robust Ashok Raj
2022-10-14 20:09 ` [PATCH 01/13] x86/microcode/intel: Print old and new rev after early microcode update Ashok Raj
2022-10-19 10:12 ` Borislav Petkov
2022-10-19 13:30 ` Ashok Raj
2022-10-14 20:09 ` [PATCH 02/13] x86/microcode: Do not load from filesystem for CPU hot add Ashok Raj
2022-10-19 17:52 ` Borislav Petkov
2022-10-19 17:54 ` [PATCH 1/5] x86/microcode: Rip out the subsys interface gunk Borislav Petkov
2022-10-19 17:54 ` [PATCH 2/5] x86/microcode: Simplify init path even more Borislav Petkov
2022-10-19 19:22 ` Ashok Raj
2022-10-19 19:37 ` Borislav Petkov
2022-10-20 8:18 ` Borislav Petkov
2022-10-20 15:04 ` Ashok Raj
2022-10-21 9:28 ` Borislav Petkov
2022-10-21 10:21 ` Ashok Raj
2022-10-21 10:57 ` Borislav Petkov
2022-10-21 11:39 ` Ashok Raj
2022-10-21 13:30 ` Borislav Petkov
2022-10-19 17:54 ` [PATCH 3/5] x86/microcode: Kill refresh_fw Borislav Petkov
2022-10-19 17:54 ` [PATCH 4/5] x86/microcode: Do some minor fixups Borislav Petkov
2022-10-19 17:54 ` [PATCH 5/5] x86/microcode: Drop struct ucode_cpu_info.valid Borislav Petkov
2022-10-20 15:48 ` [PATCH -v2 1/5] x86/microcode: Rip out the subsys interface gunk Borislav Petkov
2022-10-14 20:09 ` [PATCH 03/13] x86/microcode/intel: Fix a hang if early loading microcode fails Ashok Raj
2022-10-14 20:09 ` [PATCH 04/13] x86/x2apic: Support x2apic self IPI with NMI_VECTOR Ashok Raj
2022-10-19 15:36 ` Ashok Raj
2022-10-14 20:09 ` [PATCH 05/13] x86/microcode: Place siblings in NMI loop while update in progress Ashok Raj
2022-10-14 20:09 ` [PATCH 06/13] x86/microcode: Rename refresh_fw to late_loading Ashok Raj
2022-10-14 20:09 ` [PATCH 07/13] x86/microcode: Move late-load warning to earlier where kernel taint happens Ashok Raj
2022-10-14 20:09 ` [PATCH 08/13] x86/microcode/intel: Add minimum required revision to microcode header Ashok Raj
2022-10-14 20:09 ` Ashok Raj [this message]
2022-10-19 4:03 ` [PATCH 09/13] x86/microcode: Add a generic mechanism to declare support for minrev Huang, Kai
2022-10-19 12:48 ` Ashok Raj
2022-10-14 20:09 ` [PATCH 10/13] x86/microcode/intel: Drop wbinvd() from microcode loading Ashok Raj
2022-10-14 20:09 ` [PATCH 11/13] x86/microcode: Display revisions only when update is successful Ashok Raj
2022-10-14 20:09 ` [PATCH 12/13] x86/mce: Warn of a microcode update is in progress when MCE arrives Ashok Raj
2022-10-14 20:09 ` [PATCH 13/13] x86/microcode/intel: Add ability to update microcode even if rev is unchanged Ashok Raj
2022-10-19 15:51 ` Ashok Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221014200913.14644-10-ashok.raj@intel.com \
--to=ashok.raj@intel.com \
--cc=arjan.van.de.ven@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=jacob.jun.pan@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox