[PATCH -v1 0/2] x86/microcode: Add debugging glue

[PATCH -v1 0/2] x86/microcode: Add debugging glue

[Borislav Petkov]

From: "Borislav Petkov (AMD)" <bp@alien8.de>

Hi,

ok, here's v1 with all review feedback incorporated.

I haven't added tags from previous review because they were to a conglomerate
diff and not to an actual patch.

Btw, the thing helped me already debug one small issue. So already bearing
fruits. :-)

Thx.



Changelog:
=========

v0
--

this is something I've been meaning to do for a long time: each time when
doing despicable things to the loader, I get to add debugging code too and run
it in a VM to see how those despicable things fare. But then I remove the
debugging glue again when cleaning up the despicable things and turning them
into proper patches.

So make this debugging code permanent but keep it out of reach from production
use and have it build- and boot-disabled  by default.


Borislav Petkov (AMD) (2):
  x86/microcode: Add microcode= cmdline parsing
  x86/microcode: Add microcode loader debugging functionality

 .../admin-guide/kernel-parameters.txt         | 14 ++-
 arch/x86/Kconfig                              | 16 +++-
 arch/x86/kernel/cpu/microcode/amd.c           | 88 ++++++++++++++-----
 arch/x86/kernel/cpu/microcode/core.c          | 51 +++++++++--
 arch/x86/kernel/cpu/microcode/internal.h      | 10 +++
 5 files changed, 148 insertions(+), 31 deletions(-)

-- 
2.51.0

[PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Borislav Petkov]

From: "Borislav Petkov (AMD)" <bp@alien8.de>

Add a "microcode=" command line argument after which all options can be
passed in a comma-separated list.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
---
 .../admin-guide/kernel-parameters.txt         |  8 ++++--
 arch/x86/Kconfig                              |  4 +--
 arch/x86/kernel/cpu/microcode/core.c          | 26 ++++++++++++++++---
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 747a55abf494..9e3bbce6583f 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3767,8 +3767,12 @@
 
 	mga=		[HW,DRM]
 
-	microcode.force_minrev=	[X86]
-			Format: <bool>
+	microcode=      [X86] Control the behavior of the microcode loader.
+	                Available options, comma separated:
+
+			dis_ucode_ldr: disable the microcode loader
+
+			force_minrev:
 			Enable or disable the microcode minimal revision
 			enforcement for the runtime microcode loader.
 
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 58d890fe2100..aa250d90f927 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1340,7 +1340,7 @@ config MICROCODE_LATE_LOADING
 	  use this at your own risk. Late loading taints the kernel unless the
 	  microcode header indicates that it is safe for late loading via the
 	  minimal revision check. This minimal revision check can be enforced on
-	  the kernel command line with "microcode.minrev=Y".
+	  the kernel command line with "microcode=force_minrev".
 
 config MICROCODE_LATE_FORCE_MINREV
 	bool "Enforce late microcode loading minimal revision check"
@@ -1356,7 +1356,7 @@ config MICROCODE_LATE_FORCE_MINREV
 	  revision check fails.
 
 	  This minimal revision check can also be controlled via the
-	  "microcode.minrev" parameter on the kernel command line.
+	  "microcode=force_minrev" parameter on the kernel command line.
 
 	  If unsure say Y.
 
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index b92e09a87c69..7d590630673b 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -43,10 +43,9 @@
 #include "internal.h"
 
 static struct microcode_ops *microcode_ops;
-static bool dis_ucode_ldr = false;
+static bool dis_ucode_ldr;
 
 bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
-module_param(force_minrev, bool, S_IRUSR | S_IWUSR);
 
 /*
  * Synchronization.
@@ -126,13 +125,32 @@ bool __init microcode_loader_disabled(void)
 	return dis_ucode_ldr;
 }
 
+static void early_parse_cmdline(void)
+{
+	char cmd_buf[64] = {};
+	char *s, *p = cmd_buf;
+
+	if (cmdline_find_option(boot_command_line, "microcode", cmd_buf, sizeof(cmd_buf)) > 0) {
+		while ((s = strsep(&p, ","))) {
+			if (!strcmp("force_minrev", s))
+				force_minrev = true;
+
+			if (!strcmp(s, "dis_ucode_ldr"))
+				dis_ucode_ldr = true;
+		}
+	}
+
+	/* old, compat option */
+	if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
+		dis_ucode_ldr = true;
+}
+
 void __init load_ucode_bsp(void)
 {
 	unsigned int cpuid_1_eax;
 	bool intel = true;
 
-	if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
-		dis_ucode_ldr = true;
+	early_parse_cmdline();
 
 	if (microcode_loader_disabled())
 		return;
-- 
2.51.0

[PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Borislav Petkov]

From: "Borislav Petkov (AMD)" <bp@alien8.de>

Instead of adding ad-hoc debugging glue to the microcode loader each
time I need it, add debugging functionality which is not built by
default and when built-in, off by default so that it can only be enabled
explicitly on the command line.

Simulate all patch handling the loader does except the actual loading of
the microcode patch into the hw.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
---
 .../admin-guide/kernel-parameters.txt         |  6 ++
 arch/x86/Kconfig                              | 12 +++
 arch/x86/kernel/cpu/microcode/amd.c           | 88 ++++++++++++++-----
 arch/x86/kernel/cpu/microcode/core.c          | 25 +++++-
 arch/x86/kernel/cpu/microcode/internal.h      | 10 +++
 5 files changed, 118 insertions(+), 23 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 9e3bbce6583f..e7badf2aba63 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3770,6 +3770,12 @@
 	microcode=      [X86] Control the behavior of the microcode loader.
 	                Available options, comma separated:
 
+			base_rev=X - with <X> with format: <u32>
+			Set the base microcode revision of each thread when in
+			debug mode.
+
+			dbg: enable debugging mode when run in a guest
+
 			dis_ucode_ldr: disable the microcode loader
 
 			force_minrev:
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa250d90f927..77f72f075d89 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1360,6 +1360,18 @@ config MICROCODE_LATE_FORCE_MINREV
 
 	  If unsure say Y.
 
+config MICROCODE_DBG
+	bool "Enable microcode loader debugging"
+	default n
+	depends on MICROCODE
+	help
+	  Enable code which allows for debugging the microcode loader in
+	  a guest. Meaning the patch loading is simulated but everything else
+	  related to patch parsing and handling is done as on baremetal with
+	  the purpose of debugging solely the software side of things.
+
+	  You almost certainly want to say n here.
+
 config X86_MSR
 	tristate "/dev/cpu/*/msr - Model-specific register support"
 	help
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 097e39327942..ced499789d64 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -249,15 +249,6 @@ static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsi
 	return true;
 }
 
-static u32 get_patch_level(void)
-{
-	u32 rev, dummy __always_unused;
-
-	native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
-
-	return rev;
-}
-
 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
 {
 	union zen_patch_rev p;
@@ -275,6 +266,45 @@ static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
 	return c;
 }
 
+static u32 cpuid_to_ucode_rev(unsigned int val)
+{
+	union zen_patch_rev p = {};
+	union cpuid_1_eax c;
+
+	c.full = val;
+
+	p.stepping  = c.stepping;
+	p.model     = c.model;
+	p.ext_model = c.ext_model;
+	p.ext_fam   = c.ext_fam;
+
+	return p.ucode_rev;
+}
+
+static u32 get_patch_level(void)
+{
+	u32 rev, dummy __always_unused;
+
+	if (IS_ENABLED(CONFIG_MICROCODE_DBG)) {
+		int cpu = smp_processor_id();
+
+		if (!microcode_rev[cpu]) {
+			if (!base_rev)
+				base_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax);
+
+			microcode_rev[cpu] = base_rev;
+
+			ucode_dbg("CPU%d, base_rev: 0x%x\n", cpu, base_rev);
+		}
+
+		return microcode_rev[cpu];
+	}
+
+	native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
+
+	return rev;
+}
+
 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig)
 {
 	unsigned int i;
@@ -304,13 +334,13 @@ static bool verify_container(const u8 *buf, size_t buf_size)
 	u32 cont_magic;
 
 	if (buf_size <= CONTAINER_HDR_SZ) {
-		pr_debug("Truncated microcode container header.\n");
+		ucode_dbg("Truncated microcode container header.\n");
 		return false;
 	}
 
 	cont_magic = *(const u32 *)buf;
 	if (cont_magic != UCODE_MAGIC) {
-		pr_debug("Invalid magic value (0x%08x).\n", cont_magic);
+		ucode_dbg("Invalid magic value (0x%08x).\n", cont_magic);
 		return false;
 	}
 
@@ -335,8 +365,8 @@ static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
 
 	cont_type = hdr[1];
 	if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
-		pr_debug("Wrong microcode container equivalence table type: %u.\n",
-			 cont_type);
+		ucode_dbg("Wrong microcode container equivalence table type: %u.\n",
+			  cont_type);
 		return false;
 	}
 
@@ -345,7 +375,7 @@ static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
 	equiv_tbl_len = hdr[2];
 	if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
 	    buf_size < equiv_tbl_len) {
-		pr_debug("Truncated equivalence table.\n");
+		ucode_dbg("Truncated equivalence table.\n");
 		return false;
 	}
 
@@ -365,7 +395,7 @@ static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize
 	const u32 *hdr;
 
 	if (buf_size < SECTION_HDR_SIZE) {
-		pr_debug("Truncated patch section.\n");
+		ucode_dbg("Truncated patch section.\n");
 		return false;
 	}
 
@@ -374,13 +404,13 @@ static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize
 	p_size = hdr[1];
 
 	if (p_type != UCODE_UCODE_TYPE) {
-		pr_debug("Invalid type field (0x%x) in container file section header.\n",
-			 p_type);
+		ucode_dbg("Invalid type field (0x%x) in container file section header.\n",
+			  p_type);
 		return false;
 	}
 
 	if (p_size < sizeof(struct microcode_header_amd)) {
-		pr_debug("Patch of size %u too short.\n", p_size);
+		ucode_dbg("Patch of size %u too short.\n", p_size);
 		return false;
 	}
 
@@ -457,12 +487,12 @@ static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
 	 * size sh_psize, as the section claims.
 	 */
 	if (buf_size < sh_psize) {
-		pr_debug("Patch of size %u truncated.\n", sh_psize);
+		ucode_dbg("Patch of size %u truncated.\n", sh_psize);
 		return -1;
 	}
 
 	if (!__verify_patch_size(sh_psize, buf_size)) {
-		pr_debug("Per-family patch size mismatch.\n");
+		ucode_dbg("Per-family patch size mismatch.\n");
 		return -1;
 	}
 
@@ -476,6 +506,9 @@ static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
 
 	proc_id	= mc_hdr->processor_rev_id;
 	patch_fam = 0xf + (proc_id >> 12);
+
+	ucode_dbg("Patch-ID 0x%08x: family: 0x%x\n", mc_hdr->patch_id, patch_fam);
+
 	if (patch_fam != family)
 		return 1;
 
@@ -546,9 +579,14 @@ static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc)
 		}
 
 		mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE);
+
+		ucode_dbg("patch_id: 0x%x\n", mc->hdr.patch_id);
+
 		if (mc_patch_matches(mc, eq_id)) {
 			desc->psize = patch_size;
 			desc->mc = mc;
+
+			ucode_dbg(" match: size: %d\n", patch_size);
 		}
 
 skip:
@@ -619,8 +657,14 @@ static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev,
 			invlpg(p_addr_end);
 	}
 
+	if (IS_ENABLED(CONFIG_MICROCODE_DBG))
+		microcode_rev[smp_processor_id()] = mc->hdr.patch_id;
+
 	/* verify patch application was successful */
 	*cur_rev = get_patch_level();
+
+	ucode_dbg("updated rev: 0x%x\n", *cur_rev);
+
 	if (*cur_rev != mc->hdr.patch_id)
 		return false;
 
@@ -1008,7 +1052,7 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
 	patch->patch_id  = mc_hdr->patch_id;
 	patch->equiv_cpu = proc_id;
 
-	pr_debug("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
+	ucode_dbg("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
 		 __func__, patch->patch_id, proc_id);
 
 	/* ... and add to cache. */
@@ -1151,7 +1195,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device)
 		snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
 
 	if (request_firmware_direct(&fw, (const char *)fw_name, device)) {
-		pr_debug("failed to load file %s\n", fw_name);
+		ucode_dbg("failed to load file %s\n", fw_name);
 		goto out;
 	}
 
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 7d590630673b..f045670a1fae 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -47,6 +47,18 @@ static bool dis_ucode_ldr;
 
 bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
 
+/*
+ * Those below should be behind CONFIG_MICROCODE_DBG ifdeffery but in
+ * order to not uglify the code with ifdeffery and use IS_ENABLED()
+ * instead, leave them in. When microcode debugging is not enabled,
+ * those are meaningless anyway.
+ */
+/* enable loader debugging */
+bool dbg;
+/* base microcode revision for debugging */
+u32 base_rev;
+u32 microcode_rev[NR_CPUS] = {};
+
 /*
  * Synchronization.
  *
@@ -118,7 +130,7 @@ bool __init microcode_loader_disabled(void)
 	 *    overwritten.
 	 */
 	if (!cpuid_feature() ||
-	    native_cpuid_ecx(1) & BIT(31) ||
+	    ((native_cpuid_ecx(1) & BIT(31)) && !dbg) ||
 	    amd_check_current_patch_level())
 		dis_ucode_ldr = true;
 
@@ -132,6 +144,17 @@ static void early_parse_cmdline(void)
 
 	if (cmdline_find_option(boot_command_line, "microcode", cmd_buf, sizeof(cmd_buf)) > 0) {
 		while ((s = strsep(&p, ","))) {
+			if (IS_ENABLED(CONFIG_MICROCODE_DBG)) {
+				if (!strcmp(s, "dbg"))
+					dbg = true;
+
+				if (strstr(s, "base_rev=")) {
+					/* advance to the option arg */
+					strsep(&s, "=");
+					if (kstrtouint(s, 16, &base_rev)) { ; }
+				}
+			}
+
 			if (!strcmp("force_minrev", s))
 				force_minrev = true;
 
diff --git a/arch/x86/kernel/cpu/microcode/internal.h b/arch/x86/kernel/cpu/microcode/internal.h
index 50a9702ae4e2..bca806dd1aac 100644
--- a/arch/x86/kernel/cpu/microcode/internal.h
+++ b/arch/x86/kernel/cpu/microcode/internal.h
@@ -44,6 +44,10 @@ struct early_load_data {
 
 extern struct early_load_data early_data;
 extern struct ucode_cpu_info ucode_cpu_info[];
+extern u32 microcode_rev[NR_CPUS];
+extern u32 base_rev;
+extern bool dbg;
+
 struct cpio_data find_microcode_in_initrd(const char *path);
 
 #define MAX_UCODE_COUNT 128
@@ -122,4 +126,10 @@ static inline void reload_ucode_intel(void) { }
 static inline struct microcode_ops *init_intel_microcode(void) { return NULL; }
 #endif  /* !CONFIG_CPU_SUP_INTEL */
 
+#define ucode_dbg(fmt, ...)					\
+({								\
+	if (dbg)						\
+		pr_info(fmt, ##__VA_ARGS__);			\
+})
+
 #endif /* _X86_MICROCODE_INTERNAL_H */
-- 
2.51.0

Re: [PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Nikolay Borisov]

On 20.08.25 г. 16:50 ч., Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Instead of adding ad-hoc debugging glue to the microcode loader each
> time I need it, add debugging functionality which is not built by
> default and when built-in, off by default so that it can only be enabled
> explicitly on the command line.
> 
> Simulate all patch handling the loader does except the actual loading of
> the microcode patch into the hw.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
> ---
>   .../admin-guide/kernel-parameters.txt         |  6 ++
>   arch/x86/Kconfig                              | 12 +++
>   arch/x86/kernel/cpu/microcode/amd.c           | 88 ++++++++++++++-----
>   arch/x86/kernel/cpu/microcode/core.c          | 25 +++++-
>   arch/x86/kernel/cpu/microcode/internal.h      | 10 +++
>   5 files changed, 118 insertions(+), 23 deletions(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 9e3bbce6583f..e7badf2aba63 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -3770,6 +3770,12 @@
>   	microcode=      [X86] Control the behavior of the microcode loader.
>   	                Available options, comma separated:
>   
> +			base_rev=X - with <X> with format: <u32>
> +			Set the base microcode revision of each thread when in
> +			debug mode.
> +
> +			dbg: enable debugging mode when run in a guest

nit: s/in a guest// since nothing in the debug code is really dependent 
on whether it's run as a guest or not.
> +
>   			dis_ucode_ldr: disable the microcode loader
>   
>   			force_minrev:
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index aa250d90f927..77f72f075d89 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1360,6 +1360,18 @@ config MICROCODE_LATE_FORCE_MINREV
>   
>   	  If unsure say Y.
>   
> +config MICROCODE_DBG
> +	bool "Enable microcode loader debugging"
> +	default n
> +	depends on MICROCODE
> +	help
> +	  Enable code which allows for debugging the microcode loader in
> +	  a guest. Meaning the patch loading is simulated but everything else

dito, AFAICS it's perfectly fine to have the debug output if not run in 
a guest, no ?
> +	  related to patch parsing and handling is done as on baremetal with
> +	  the purpose of debugging solely the software side of things.
> +
> +	  You almost certainly want to say n here.
> +
>   config X86_MSR
>   	tristate "/dev/cpu/*/msr - Model-specific register support"
>   	help


<snip>

Re: [PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Borislav Petkov]

On Wed, Aug 20, 2025 at 06:35:51PM +0300, Nikolay Borisov wrote:
> nit: s/in a guest// since nothing in the debug code is really dependent on
> whether it's run as a guest or not.

It is - see get_patch_level() and microcode_loader_disabled().

> dito, AFAICS it's perfectly fine to have the debug output if not run in a
> guest, no ?

Maybe.

But let's enable that when the actual need for it materializes.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Sohil Mehta]

On 8/20/2025 6:50 AM, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Add a "microcode=" command line argument after which all options can be
> passed in a comma-separated list.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
> ---
>  .../admin-guide/kernel-parameters.txt         |  8 ++++--
>  arch/x86/Kconfig                              |  4 +--
>  arch/x86/kernel/cpu/microcode/core.c          | 26 ++++++++++++++++---
>  3 files changed, 30 insertions(+), 8 deletions(-)
> 

Reviewed-by: Sohil Mehta <sohil.mehta@intel.com>

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Chang S. Bae]

On 8/20/2025 6:50 AM, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Add a "microcode=" command line argument after which all options can be
> passed in a comma-separated list.
> 
> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
> ---
>   .../admin-guide/kernel-parameters.txt         |  8 ++++--
>   arch/x86/Kconfig                              |  4 +--
>   arch/x86/kernel/cpu/microcode/core.c          | 26 ++++++++++++++++---
>   3 files changed, 30 insertions(+), 8 deletions(-)

Looks good to me as well:

Reviewed-by: Chang S. Bae <chang.seok.bae@intel.com>

Re: [PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Sohil Mehta]

On 8/20/2025 6:50 AM, Borislav Petkov wrote:
> From: "Borislav Petkov (AMD)" <bp@alien8.de>
> 
> Instead of adding ad-hoc debugging glue to the microcode loader each
> time I need it, add debugging functionality which is not built by
> default and when built-in, off by default so that it can only be enabled
> explicitly on the command line.
> 

I didn't realize this last time. It's supposed to be compile-time
disabled and runtime disabled by default (which makes sense).


> +static u32 get_patch_level(void)
> +{
> +	u32 rev, dummy __always_unused;
> +
> +	if (IS_ENABLED(CONFIG_MICROCODE_DBG)) {

Does this need to be (IS_ENABLED(CONFIG_MICROCODE_DBG) && dbg)?

The base_rev description says:
base_rev=X - with <X> with format: <u32>
		Set the base microcode revision of each thread when in
		debug mode.

IIUC, the base_rev handling is also supposed to be runtime disabled by
default, right?

You can probably directly check for "if (dbg)" but that would remove the
compile time code optimization.


> +		int cpu = smp_processor_id();
> +
> +		if (!microcode_rev[cpu]) {
> +			if (!base_rev)
> +				base_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax);
> +
> +			microcode_rev[cpu] = base_rev;
> +
> +			ucode_dbg("CPU%d, base_rev: 0x%x\n", cpu, base_rev);
> +		}
> +
> +		return microcode_rev[cpu];
> +	}
> +
> +	native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
> +
> +	return rev;
> +}
> +

...

> @@ -619,8 +657,14 @@ static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev,
>  			invlpg(p_addr_end);
>  	}
>  
> +	if (IS_ENABLED(CONFIG_MICROCODE_DBG))
> +		microcode_rev[smp_processor_id()] = mc->hdr.patch_id;
> +

Ditto.

>  	/* verify patch application was successful */
>  	*cur_rev = get_patch_level();

...

The rest of the changes look fine to me.

Re: [PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Borislav Petkov]

On Wed, Aug 20, 2025 at 10:19:11PM -0700, Sohil Mehta wrote:
> Does this need to be (IS_ENABLED(CONFIG_MICROCODE_DBG) && dbg)?

Both you and Nikolay have a point - we don't need both. So actually, dbg can
go and can be added when really needed.

Right now, the debugging stuff is for in a guest only and will be build-time
enabled.

If we decide we want to have runtime controllable and *baremetal* debugging,
then we can extend that and add the cmdline switch.

I think...

---

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index e7badf2aba63..2c142e5f9f06 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3774,8 +3774,6 @@
 			Set the base microcode revision of each thread when in
 			debug mode.
 
-			dbg: enable debugging mode when run in a guest
-
 			dis_ucode_ldr: disable the microcode loader
 
 			force_minrev:
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index f045670a1fae..f75c140906d0 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -53,8 +53,6 @@ bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
  * instead, leave them in. When microcode debugging is not enabled,
  * those are meaningless anyway.
  */
-/* enable loader debugging */
-bool dbg;
 /* base microcode revision for debugging */
 u32 base_rev;
 u32 microcode_rev[NR_CPUS] = {};
@@ -130,7 +128,8 @@ bool __init microcode_loader_disabled(void)
 	 *    overwritten.
 	 */
 	if (!cpuid_feature() ||
-	    ((native_cpuid_ecx(1) & BIT(31)) && !dbg) ||
+	    ((native_cpuid_ecx(1) & BIT(31)) &&
+	      !IS_ENABLED(CONFIG_MICROCODE_DBG)) ||
 	    amd_check_current_patch_level())
 		dis_ucode_ldr = true;
 
@@ -145,9 +144,6 @@ static void early_parse_cmdline(void)
 	if (cmdline_find_option(boot_command_line, "microcode", cmd_buf, sizeof(cmd_buf)) > 0) {
 		while ((s = strsep(&p, ","))) {
 			if (IS_ENABLED(CONFIG_MICROCODE_DBG)) {
-				if (!strcmp(s, "dbg"))
-					dbg = true;
-
 				if (strstr(s, "base_rev=")) {
 					/* advance to the option arg */
 					strsep(&s, "=");
diff --git a/arch/x86/kernel/cpu/microcode/internal.h b/arch/x86/kernel/cpu/microcode/internal.h
index bca806dd1aac..ae8dbc2b908d 100644
--- a/arch/x86/kernel/cpu/microcode/internal.h
+++ b/arch/x86/kernel/cpu/microcode/internal.h
@@ -46,7 +46,6 @@ extern struct early_load_data early_data;
 extern struct ucode_cpu_info ucode_cpu_info[];
 extern u32 microcode_rev[NR_CPUS];
 extern u32 base_rev;
-extern bool dbg;
 
 struct cpio_data find_microcode_in_initrd(const char *path);
 
@@ -128,7 +127,7 @@ static inline struct microcode_ops *init_intel_microcode(void) { return NULL; }
 
 #define ucode_dbg(fmt, ...)					\
 ({								\
-	if (dbg)						\
+	if (IS_ENABLED(CONFIG_MICROCODE_DBG))			\
 		pr_info(fmt, ##__VA_ARGS__);			\
 })
 
-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Sohil Mehta]

On 8/29/2025 2:45 AM, Borislav Petkov wrote:
> On Wed, Aug 20, 2025 at 10:19:11PM -0700, Sohil Mehta wrote:
>> Does this need to be (IS_ENABLED(CONFIG_MICROCODE_DBG) && dbg)?
> 
> Both you and Nikolay have a point - we don't need both. So actually, dbg can
> go and can be added when really needed.
> 

My only concern is someone could easily enable it by mistake. It might
lead to unnecessary reports and debug. Maybe we print a scary dmesg log
whenever CONFIG_MICROCODE_DBG is enabled? That would be easy to spot in
reports, and hopefully it would deter folks from enabling it unnecessarily.

No strong preference.

> Right now, the debugging stuff is for in a guest only and will be build-time
> enabled.
> 
> If we decide we want to have runtime controllable and *baremetal* debugging,
> then we can extend that and add the cmdline switch.
> 

Re: [PATCH -v1 2/2] x86/microcode: Add microcode loader debugging functionality

[Borislav Petkov]

On Fri, Aug 29, 2025 at 04:25:13PM -0700, Sohil Mehta wrote:
> My only concern is someone could easily enable it by mistake. It might
> lead to unnecessary reports and debug. Maybe we print a scary dmesg log
> whenever CONFIG_MICROCODE_DBG is enabled? That would be easy to spot in
> reports, and hopefully it would deter folks from enabling it unnecessarily.

When that happens, we'll add the cmdline switch as an additional precaution
but I'm not worried - we look .configs on bug reports.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[kernel test robot]

Hello,


this could be a noise, we didn't see the relation between the patch with the
issue we observed. however, we rebuild the kernels for both this commit and
parent 3 times.
(
our bot chose 894af4a1cde61c as the parent as below
* 19f370d45aceea x86/microcode: Add microcode= cmdline parsing
* 894af4a1cde61c (tip/x86/core, peterz-queue/x86/core) objtool: Validate kCFI calls
)

and for each rerun of both this commit and parent, we run more times, but the
issue is still quite persistent while parent keeps clean:

=========================================================================================
tbox_group/testcase/rootfs/kconfig/compiler/runtime/group/nr_groups:
  vm-snb/trinity/debian-11.1-i386-20220923.cgz/x86_64-randconfig-006-20250826/clang-20/300s/group-01/5

894af4a1cde61c34 19f370d45aceea5ab4c52e3afa0
---------------- ---------------------------
       fail:runs  %reproduction    fail:runs
           |             |             |
           :200         74%         149:200   last_state.is_incomplete_run
           :200         74%         147:200   last_state.running
           :200         75%         150:200   dmesg.CFI_failure_at_kobj_attr_show
           :200         75%         150:200   dmesg.Kernel_panic-not_syncing:Fatal_exception
           :200         75%         150:200   dmesg.Oops:invalid_opcode:#[##]KASAN
           :200         75%         150:200   dmesg.RIP:kobj_attr_show
           :200         75%         150:200   dmesg.boot_failures

so we just follow our report rule to still report this results FYI.

if it's really irrelevant, sorry maybe our env issues (though we still cannot
figure out for now). and if you can help us to figure out the potential problem
from our dmesg in below link, it will be very apprecidated!

below is full report.


kernel test robot noticed "CFI_failure_at_kobj_attr_show" on:

commit: 19f370d45aceea5ab4c52e3afa00226fb99c3fc8 ("[PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing")
url: https://github.com/intel-lab-lkp/linux/commits/Borislav-Petkov/x86-microcode-Add-microcode-cmdline-parsing/20250820-215624
base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git 894af4a1cde61c3401f237184fb770f72ff12df8
patch link: https://lore.kernel.org/all/20250820135043.19048-2-bp@kernel.org/
patch subject: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:

	runtime: 300s
	group: group-01
	nr_groups: 5



config: x86_64-randconfig-006-20250826
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202509021646.bc78d9ef-lkp@intel.com


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250902/202509021646.bc78d9ef-lkp@intel.com


[  453.382281][ T7761] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0x1b8aae92)
[  453.386793][ T7761] Oops: invalid opcode: 0000 [#1] KASAN
[  453.388638][ T7761] CPU: 0 UID: 65534 PID: 7761 Comm: trinity-c2 Not tainted 6.17.0-rc2-00017-g19f370d45ace #1 NONE 
[  453.391831][ T7761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  453.395231][ T7761] RIP: 0010:kobj_attr_show+0x59/0x80
[  453.397175][ T7761] Code: 08 00 74 08 4c 89 e7 e8 75 90 d2 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 6e 51 75 e4 45 03 53 f1 74 02 <0f> 0b 2e e8 ef d7 08 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
[  453.403170][ T7761] RSP: 0018:ffffc90002b57a48 EFLAGS: 00010287
[  453.405399][ T7761] RAX: 1ffffffff11d2fe9 RBX: ffff8881255ce000 RCX: dffffc0000000000
[  453.408012][ T7761] RDX: ffff8881255ce000 RSI: ffffffff88e97f20 RDI: ffff888106a5e250
[  453.410593][ T7761] RBP: ffffc90002b57a68 R08: ffff8881255cefff R09: 0000000000000000
[  453.413717][ T7761] R10: 0000000082bfb03f R11: ffffffff82621360 R12: ffffffff88e97f48
[  453.416820][ T7761] R13: 1ffff110295a3e80 R14: ffffffff88e97f20 R15: ffff888106a5e250
[  453.419944][ T7761] FS:  0000000000000000(0000) GS:0000000000000000(0063) knlGS:00000000f7ed7280
[  453.422938][ T7761] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  453.425060][ T7761] CR2: 00000000f7795414 CR3: 000000015b1cc000 CR4: 00000000000406b0
[  453.427781][ T7761] Call Trace:
[  453.429070][ T7761]  <TASK>
[  453.430222][ T7761]  sysfs_kf_seq_show+0x2a9/0x390
[  453.431885][ T7761]  ? __cfi_kobj_attr_show+0x10/0x10
[  453.433693][ T7761]  kernfs_seq_show+0x107/0x15b
[  453.435360][ T7761]  seq_read_iter+0x55d/0xdeb
[  453.436971][ T7761]  ? kernfs_fop_read_iter+0x14c/0x4a0
[  453.438770][ T7761]  kernfs_fop_read_iter+0x14c/0x4a0
[  453.440385][ T7761]  ? __import_iovec+0x31b/0x3db
[  453.441900][ T7761]  do_iter_readv_writev+0x3de/0x590
[  453.443609][ T7761]  vfs_readv+0x15d/0x3f5
[  453.445305][ T7761]  ? trace_sys_enter+0x54/0xe5
[  453.447044][ T7761]  do_readv+0xde/0x190
[  453.448551][ T7761]  __ia32_sys_readv+0x80/0x90
[  453.450192][ T7761]  ia32_sys_call+0x2dbd/0x2efb
[  453.451877][ T7761]  __do_fast_syscall_32+0xaa/0x2a5
[  453.453640][ T7761]  do_fast_syscall_32+0x36/0x8b
[  453.455342][ T7761]  do_SYSENTER_32+0x1f/0x3b
[  453.456962][ T7761]  entry_SYSENTER_compat_after_hwframe+0x78/0x82
[  453.459058][ T7761] RIP: 0023:0xf7ede539
[  453.460559][ T7761] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  453.466394][ T7761] RSP: 002b:00000000ffa4237c EFLAGS: 00000292 ORIG_RAX: 0000000000000091
[  453.469176][ T7761] RAX: ffffffffffffffda RBX: 00000000000000f5 RCX: 00000000571a6370
[  453.471897][ T7761] RDX: 00000000000000af RSI: 0000000000000013 RDI: 0000000000000002
[  453.474598][ T7761] RBP: 00000000201a2903 R08: 0000000000000000 R09: 0000000000000000
[  453.477296][ T7761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  453.479969][ T7761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  453.482612][ T7761]  </TASK>
[  453.483846][ T7761] Modules linked in:
[  453.485501][ T7761] ---[ end trace 0000000000000000 ]---
[  453.487396][ T7761] RIP: 0010:kobj_attr_show+0x59/0x80
[  453.489298][ T7761] Code: 08 00 74 08 4c 89 e7 e8 75 90 d2 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 6e 51 75 e4 45 03 53 f1 74 02 <0f> 0b 2e e8 ef d7 08 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
[  453.495522][ T7761] RSP: 0018:ffffc90002b57a48 EFLAGS: 00010287
[  453.497663][ T7761] RAX: 1ffffffff11d2fe9 RBX: ffff8881255ce000 RCX: dffffc0000000000
[  453.500363][ T7761] RDX: ffff8881255ce000 RSI: ffffffff88e97f20 RDI: ffff888106a5e250
[  453.503133][ T7761] RBP: ffffc90002b57a68 R08: ffff8881255cefff R09: 0000000000000000
[  453.505897][ T7761] R10: 0000000082bfb03f R11: ffffffff82621360 R12: ffffffff88e97f48
[  453.508738][ T7761] R13: 1ffff110295a3e80 R14: ffffffff88e97f20 R15: ffff888106a5e250
[  453.511482][ T7761] FS:  0000000000000000(0000) GS:0000000000000000(0063) knlGS:00000000f7ed7280
[  453.514551][ T7761] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  453.516790][ T7761] CR2: 00000000f7795414 CR3: 000000015b1cc000 CR4: 00000000000406b0
[  453.519505][ T7761] Kernel panic - not syncing: Fatal exception
[  453.521564][ T7761] Kernel Offset: disabled


-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Borislav Petkov]

+ Nathan for the clang weirdness below...

On Tue, Sep 02, 2025 at 04:45:12PM +0800, kernel test robot wrote:
> 
> 
> Hello,
> 
> 
> this could be a noise, we didn't see the relation between the patch with the
> issue we observed. however, we rebuild the kernels for both this commit and
> parent 3 times.
> (
> our bot chose 894af4a1cde61c as the parent as below
> * 19f370d45aceea x86/microcode: Add microcode= cmdline parsing
> * 894af4a1cde61c (tip/x86/core, peterz-queue/x86/core) objtool: Validate kCFI calls
> )
> 
> and for each rerun of both this commit and parent, we run more times, but the
> issue is still quite persistent while parent keeps clean:
> 
> =========================================================================================
> tbox_group/testcase/rootfs/kconfig/compiler/runtime/group/nr_groups:
>   vm-snb/trinity/debian-11.1-i386-20220923.cgz/x86_64-randconfig-006-20250826/clang-20/300s/group-01/5
> 
> 894af4a1cde61c34 19f370d45aceea5ab4c52e3afa0
> ---------------- ---------------------------
>        fail:runs  %reproduction    fail:runs
>            |             |             |
>            :200         74%         149:200   last_state.is_incomplete_run
>            :200         74%         147:200   last_state.running
>            :200         75%         150:200   dmesg.CFI_failure_at_kobj_attr_show
>            :200         75%         150:200   dmesg.Kernel_panic-not_syncing:Fatal_exception
>            :200         75%         150:200   dmesg.Oops:invalid_opcode:#[##]KASAN
>            :200         75%         150:200   dmesg.RIP:kobj_attr_show
>            :200         75%         150:200   dmesg.boot_failures
> 
> so we just follow our report rule to still report this results FYI.
> 
> if it's really irrelevant, sorry maybe our env issues (though we still cannot
> figure out for now). and if you can help us to figure out the potential problem
> from our dmesg in below link, it will be very apprecidated!

Yeah, I don't know what you did here but building with that .config, I can't
even boot that kernel in a VM because doing:

qemu-... -kernel bzImage ...

sends me into grub and asks me to select the default kernel.

And my qemu script boots arbitrary kernels just fine.

Also, I used clang-20 from here:

https://mirrors.edge.kernel.org/pub/tools/llvm/

and version 20.1.8 took something like ~10(!) minutes to link vmlinux with
that config. Just FYI for Nathan, maybe something's weird there.

> below is full report.

Leaving it in.

> 
> 
> kernel test robot noticed "CFI_failure_at_kobj_attr_show" on:
> 
> commit: 19f370d45aceea5ab4c52e3afa00226fb99c3fc8 ("[PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing")
> url: https://github.com/intel-lab-lkp/linux/commits/Borislav-Petkov/x86-microcode-Add-microcode-cmdline-parsing/20250820-215624
> base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git 894af4a1cde61c3401f237184fb770f72ff12df8
> patch link: https://lore.kernel.org/all/20250820135043.19048-2-bp@kernel.org/
> patch subject: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing
> 
> in testcase: trinity
> version: trinity-i386-abe9de86-1_20230429
> with following parameters:
> 
> 	runtime: 300s
> 	group: group-01
> 	nr_groups: 5
> 
> 
> 
> config: x86_64-randconfig-006-20250826
> compiler: clang-20
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> 
> (please refer to attached dmesg/kmsg for entire log/backtrace)
> 
> 
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202509021646.bc78d9ef-lkp@intel.com
> 
> 
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20250902/202509021646.bc78d9ef-lkp@intel.com
> 
> 
> [  453.382281][ T7761] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0x1b8aae92)
> [  453.386793][ T7761] Oops: invalid opcode: 0000 [#1] KASAN
> [  453.388638][ T7761] CPU: 0 UID: 65534 PID: 7761 Comm: trinity-c2 Not tainted 6.17.0-rc2-00017-g19f370d45ace #1 NONE 
> [  453.391831][ T7761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [  453.395231][ T7761] RIP: 0010:kobj_attr_show+0x59/0x80
> [  453.397175][ T7761] Code: 08 00 74 08 4c 89 e7 e8 75 90 d2 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 6e 51 75 e4 45 03 53 f1 74 02 <0f> 0b 2e e8 ef d7 08 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
> [  453.403170][ T7761] RSP: 0018:ffffc90002b57a48 EFLAGS: 00010287
> [  453.405399][ T7761] RAX: 1ffffffff11d2fe9 RBX: ffff8881255ce000 RCX: dffffc0000000000
> [  453.408012][ T7761] RDX: ffff8881255ce000 RSI: ffffffff88e97f20 RDI: ffff888106a5e250
> [  453.410593][ T7761] RBP: ffffc90002b57a68 R08: ffff8881255cefff R09: 0000000000000000
> [  453.413717][ T7761] R10: 0000000082bfb03f R11: ffffffff82621360 R12: ffffffff88e97f48
> [  453.416820][ T7761] R13: 1ffff110295a3e80 R14: ffffffff88e97f20 R15: ffff888106a5e250
> [  453.419944][ T7761] FS:  0000000000000000(0000) GS:0000000000000000(0063) knlGS:00000000f7ed7280
> [  453.422938][ T7761] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
> [  453.425060][ T7761] CR2: 00000000f7795414 CR3: 000000015b1cc000 CR4: 00000000000406b0
> [  453.427781][ T7761] Call Trace:
> [  453.429070][ T7761]  <TASK>
> [  453.430222][ T7761]  sysfs_kf_seq_show+0x2a9/0x390
> [  453.431885][ T7761]  ? __cfi_kobj_attr_show+0x10/0x10
> [  453.433693][ T7761]  kernfs_seq_show+0x107/0x15b
> [  453.435360][ T7761]  seq_read_iter+0x55d/0xdeb
> [  453.436971][ T7761]  ? kernfs_fop_read_iter+0x14c/0x4a0
> [  453.438770][ T7761]  kernfs_fop_read_iter+0x14c/0x4a0
> [  453.440385][ T7761]  ? __import_iovec+0x31b/0x3db
> [  453.441900][ T7761]  do_iter_readv_writev+0x3de/0x590
> [  453.443609][ T7761]  vfs_readv+0x15d/0x3f5
> [  453.445305][ T7761]  ? trace_sys_enter+0x54/0xe5
> [  453.447044][ T7761]  do_readv+0xde/0x190
> [  453.448551][ T7761]  __ia32_sys_readv+0x80/0x90
> [  453.450192][ T7761]  ia32_sys_call+0x2dbd/0x2efb
> [  453.451877][ T7761]  __do_fast_syscall_32+0xaa/0x2a5
> [  453.453640][ T7761]  do_fast_syscall_32+0x36/0x8b
> [  453.455342][ T7761]  do_SYSENTER_32+0x1f/0x3b
> [  453.456962][ T7761]  entry_SYSENTER_compat_after_hwframe+0x78/0x82
> [  453.459058][ T7761] RIP: 0023:0xf7ede539
> [  453.460559][ T7761] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
> [  453.466394][ T7761] RSP: 002b:00000000ffa4237c EFLAGS: 00000292 ORIG_RAX: 0000000000000091
> [  453.469176][ T7761] RAX: ffffffffffffffda RBX: 00000000000000f5 RCX: 00000000571a6370
> [  453.471897][ T7761] RDX: 00000000000000af RSI: 0000000000000013 RDI: 0000000000000002
> [  453.474598][ T7761] RBP: 00000000201a2903 R08: 0000000000000000 R09: 0000000000000000
> [  453.477296][ T7761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> [  453.479969][ T7761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> [  453.482612][ T7761]  </TASK>
> [  453.483846][ T7761] Modules linked in:
> [  453.485501][ T7761] ---[ end trace 0000000000000000 ]---
> [  453.487396][ T7761] RIP: 0010:kobj_attr_show+0x59/0x80
> [  453.489298][ T7761] Code: 08 00 74 08 4c 89 e7 e8 75 90 d2 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 6e 51 75 e4 45 03 53 f1 74 02 <0f> 0b 2e e8 ef d7 08 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
> [  453.495522][ T7761] RSP: 0018:ffffc90002b57a48 EFLAGS: 00010287
> [  453.497663][ T7761] RAX: 1ffffffff11d2fe9 RBX: ffff8881255ce000 RCX: dffffc0000000000
> [  453.500363][ T7761] RDX: ffff8881255ce000 RSI: ffffffff88e97f20 RDI: ffff888106a5e250
> [  453.503133][ T7761] RBP: ffffc90002b57a68 R08: ffff8881255cefff R09: 0000000000000000
> [  453.505897][ T7761] R10: 0000000082bfb03f R11: ffffffff82621360 R12: ffffffff88e97f48
> [  453.508738][ T7761] R13: 1ffff110295a3e80 R14: ffffffff88e97f20 R15: ffff888106a5e250
> [  453.511482][ T7761] FS:  0000000000000000(0000) GS:0000000000000000(0063) knlGS:00000000f7ed7280
> [  453.514551][ T7761] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
> [  453.516790][ T7761] CR2: 00000000f7795414 CR3: 000000015b1cc000 CR4: 00000000000406b0
> [  453.519505][ T7761] Kernel panic - not syncing: Fatal exception
> [  453.521564][ T7761] Kernel Offset: disabled
> 
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
> 

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Nathan Chancellor]

Hi Boris and the Intel folks,

+ Ryusuke and linux-nilfs

On Thu, Sep 04, 2025 at 01:37:52PM +0200, Borislav Petkov wrote:
> On Tue, Sep 02, 2025 at 04:45:12PM +0800, kernel test robot wrote:
> > 
> > 
> > Hello,
> > 
> > 
> > this could be a noise, we didn't see the relation between the patch with the
> > issue we observed. however, we rebuild the kernels for both this commit and
> > parent 3 times.
> > (
> > our bot chose 894af4a1cde61c as the parent as below
> > * 19f370d45aceea x86/microcode: Add microcode= cmdline parsing
> > * 894af4a1cde61c (tip/x86/core, peterz-queue/x86/core) objtool: Validate kCFI calls
> > )
> > 
> > and for each rerun of both this commit and parent, we run more times, but the
> > issue is still quite persistent while parent keeps clean:
> > 
> > =========================================================================================
> > tbox_group/testcase/rootfs/kconfig/compiler/runtime/group/nr_groups:
> >   vm-snb/trinity/debian-11.1-i386-20220923.cgz/x86_64-randconfig-006-20250826/clang-20/300s/group-01/5
> > 
> > 894af4a1cde61c34 19f370d45aceea5ab4c52e3afa0
> > ---------------- ---------------------------
> >        fail:runs  %reproduction    fail:runs
> >            |             |             |
> >            :200         74%         149:200   last_state.is_incomplete_run
> >            :200         74%         147:200   last_state.running
> >            :200         75%         150:200   dmesg.CFI_failure_at_kobj_attr_show
> >            :200         75%         150:200   dmesg.Kernel_panic-not_syncing:Fatal_exception
> >            :200         75%         150:200   dmesg.Oops:invalid_opcode:#[##]KASAN
> >            :200         75%         150:200   dmesg.RIP:kobj_attr_show
> >            :200         75%         150:200   dmesg.boot_failures
> > 
> > so we just follow our report rule to still report this results FYI.
> > 
> > if it's really irrelevant, sorry maybe our env issues (though we still cannot
> > figure out for now). and if you can help us to figure out the potential problem
> > from our dmesg in below link, it will be very apprecidated!
> 
> Yeah, I don't know what you did here but building with that .config, I can't
> even boot that kernel in a VM because doing:
> 
> qemu-... -kernel bzImage ...
> 
> sends me into grub and asks me to select the default kernel.
> 
> And my qemu script boots arbitrary kernels just fine.

Does your QEMU boot via UEFI? This configuration has

  # CONFIG_EFI is not set

so if I try to boot QEMU via OVMF, I get:

  BdsDxe: failed to load Boot0002 "UEFI Non-Block Boot Device" from VenMedia(1428F772-B64A-441E-B8C3-9EBDD7F893C7): Not Found
  BdsDxe: No bootable option or device was found.
  BdsDxe: Press any key to enter the Boot Manager Menu.

Turning on CONFIG_EFI and CONFIG_EFI_STUB is enough for me to boot this
configuration.

> Also, I used clang-20 from here:
> 
> https://mirrors.edge.kernel.org/pub/tools/llvm/
> 
> and version 20.1.8 took something like ~10(!) minutes to link vmlinux with
> that config. Just FYI for Nathan, maybe something's weird there.

Looks like this configuration has

  CONFIG_LTO_CLANG_FULL=y

so that's not too surprising :) turning that off or making it

  CONFIG_LTO_CLANG_THIN=y

should be much quicker.

> > below is full report.
> 
> Leaving it in.

As for the actual report...

I ran 200 boots using our simple Buildroot initrd and QEMU wrapper
script [1] and saw no issues, however...

[1]: https://github.com/ClangBuiltLinux/boot-utils

> > kernel test robot noticed "CFI_failure_at_kobj_attr_show" on:
> > 
> > commit: 19f370d45aceea5ab4c52e3afa00226fb99c3fc8 ("[PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing")
> > url: https://github.com/intel-lab-lkp/linux/commits/Borislav-Petkov/x86-microcode-Add-microcode-cmdline-parsing/20250820-215624
> > base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git 894af4a1cde61c3401f237184fb770f72ff12df8
> > patch link: https://lore.kernel.org/all/20250820135043.19048-2-bp@kernel.org/
> > patch subject: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing
> > 
> > in testcase: trinity
> > version: trinity-i386-abe9de86-1_20230429
> > with following parameters:
> > 
> > 	runtime: 300s
> > 	group: group-01
> > 	nr_groups: 5
> > 
> > 
> > 
> > config: x86_64-randconfig-006-20250826
> > compiler: clang-20
> > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > 
> > (please refer to attached dmesg/kmsg for entire log/backtrace)
> > 
> > 
> > 
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <oliver.sang@intel.com>
> > | Closes: https://lore.kernel.org/oe-lkp/202509021646.bc78d9ef-lkp@intel.com
> > 
> > 
> > The kernel config and materials to reproduce are available at:
> > https://download.01.org/0day-ci/archive/20250902/202509021646.bc78d9ef-lkp@intel.com
> > 
> > 
> > [  453.382281][ T7761] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0x1b8aae92)

I am surprised that this was not reproducible at 894af4a1cde61c34 for
the Intel folks because it does for me assuming I actually try to read
that file (maybe trinity was not hitting it on the older revision?):

  $ cat /sys/fs/nilfs2/features/revision
  [    6.975426][  T150] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0xed60cafc)
  [    6.976822][  T150] Oops: invalid opcode: 0000 [#1] KASAN
  [    6.977407][  T150] CPU: 0 UID: 0 PID: 150 Comm: cat Not tainted 6.17.0-rc2-00016-g894af4a1cde6 #1 NONE
  [    6.978432][  T150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014
  [    6.979752][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
  [    6.980321][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
  [    6.982456][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
  [    6.983163][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
  [    6.984012][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
  [    6.984900][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
  [    6.985830][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
  [    6.986658][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
  [    6.987542][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
  [    6.988508][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [    6.989241][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
  [    6.990120][  T150] Call Trace:
  [    6.990498][  T150]  <TASK>
  [    6.990867][  T150]  sysfs_kf_seq_show+0x2a6/0x390
  [    6.991410][  T150]  ? __cfi_kobj_attr_show+0x10/0x10
  [    6.992015][  T150]  kernfs_seq_show+0x104/0x15b
  [    6.992542][  T150]  seq_read_iter+0x580/0xe2b
  [    6.993076][  T150]  kernfs_fop_read_iter+0x137/0x470
  [    6.993650][  T150]  new_sync_read+0x27e/0x365
  [    6.994185][  T150]  vfs_read+0x1e8/0x46b
  [    6.994650][  T150]  ksys_read+0xc2/0x170
  [    6.995129][  T150]  __x64_sys_read+0x7f/0x90
  [    6.995631][  T150]  ? entry_SYSCALL_64_after_hwframe+0x6b/0x73
  [    6.996299][  T150]  x64_sys_call+0x2589/0x2cdb
  [    6.996843][  T150]  do_syscall_64+0x89/0xfa0
  [    6.997343][  T150]  ? irqentry_exit+0x33/0x70
  [    6.997882][  T150]  ? exc_page_fault+0x96/0xe0
  [    6.998400][  T150]  entry_SYSCALL_64_after_hwframe+0x6b/0x73
  [    6.999068][  T150] RIP: 0033:0x7f4818dc11ce
  [    6.999564][  T150] Code: 4d 89 d8 e8 64 be 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
  [    7.001627][  T150] RSP: 002b:00007ffc2d325600 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
  [    7.002558][  T150] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f4818dc11ce
  [    7.003443][  T150] RDX: 0000000000040000 RSI: 00007f481899b000 RDI: 0000000000000003
  [    7.004363][  T150] RBP: 00007ffc2d325610 R08: 0000000000000000 R09: 0000000000000000
  [    7.005260][  T150] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000040000
  [    7.006143][  T150] R13: 00007f481899b000 R14: 0000000000000003 R15: 0000000000000000
  [    7.007027][  T150]  </TASK>
  [    7.007411][  T150] Modules linked in:
  [    7.007994][  T150] ---[ end trace 0000000000000000 ]---
  [    7.008711][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
  [    7.009430][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
  [    7.011712][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
  [    7.012369][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
  [    7.013214][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
  [    7.014202][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
  [    7.015201][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
  [    7.016202][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
  [    7.017212][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
  [    7.018332][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [    7.019154][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
  [    7.020147][  T150] Kernel panic - not syncing: Fatal exception
  [    7.020837][  T150] Kernel Offset: 0x12e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

The fix should be something like the following, which resolves the issue
for me.

  nilfs_sysfs_init() ->
    kset_create_and_add() ->
      kset_create()

has

  kset->kobj.ktype = &kset_ktype

which is

  static const struct kobj_type kset_ktype = {
    .sysfs_ops      = &kobj_sysfs_ops,
    .release        = kset_release,
    .get_ownership  = kset_get_ownership,
  };

Note the kobj_sysfs_ops.

  const struct sysfs_ops kobj_sysfs_ops = {
    .show   = kobj_attr_show,
    .store  = kobj_attr_store,
  };

nilfs_feature_attr_group is added to the nilfs_kset->kobj via
sysfs_create_group(), where the kernfs_ops for each file in
nilfs_feature_attr_group becomes

  sysfs_create_group() ->
    internal_create_group() ->
      create_files() ->
        sysfs_add_file_mode_ns() ->
          ops = &sysfs_file_kfops_rw;
          __kernfs_create_file() ->
            kn->attr.ops = ops;

  static const struct kernfs_ops sysfs_file_kfops_rw = {
    .seq_show = sysfs_kf_seq_show,
    .write    = sysfs_kf_write,
  };

sysfs_kf_seq_show() calls kobj_attr_show() via

  const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
  ...
  count = ops->show(kobj, of->kn->priv, buf);

kobj_attr_show() calls one of the nilfs_feature_*_show() functions via
after casting to 'struct kobj_attribute':

  kattr = container_of(attr, struct kobj_attribute, attr);
  if (kattr->show)
    ret = kattr->show(kobj, kattr, buf);

  struct kobj_attribute {
    struct attribute attr;
    ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr,
            char *buf);
    ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
            const char *buf, size_t count);
  };

So the types of nilfs_feature_*_show() need to match
kobj_attribute->show() to avoid triggering CFI here.

Cheers,
Nathan

diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
index 14868a3dd592..bc52afbfc5c7 100644
--- a/fs/nilfs2/sysfs.c
+++ b/fs/nilfs2/sysfs.c
@@ -1075,7 +1075,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs)
  ************************************************************************/
 
 static ssize_t nilfs_feature_revision_show(struct kobject *kobj,
-					    struct attribute *attr, char *buf)
+					    struct kobj_attribute *attr, char *buf)
 {
 	return sysfs_emit(buf, "%d.%d\n",
 			NILFS_CURRENT_REV, NILFS_MINOR_REV);
@@ -1087,7 +1087,7 @@ static const char features_readme_str[] =
 	"(1) revision\n\tshow current revision of NILFS file system driver.\n";
 
 static ssize_t nilfs_feature_README_show(struct kobject *kobj,
-					 struct attribute *attr,
+					 struct kobj_attribute *attr,
 					 char *buf)
 {
 	return sysfs_emit(buf, features_readme_str);
diff --git a/fs/nilfs2/sysfs.h b/fs/nilfs2/sysfs.h
index 78a87a016928..d370cd5cce3f 100644
--- a/fs/nilfs2/sysfs.h
+++ b/fs/nilfs2/sysfs.h
@@ -50,16 +50,16 @@ struct nilfs_sysfs_dev_subgroups {
 	struct completion sg_segments_kobj_unregister;
 };
 
-#define NILFS_COMMON_ATTR_STRUCT(name) \
+#define NILFS_KOBJ_ATTR_STRUCT(name) \
 struct nilfs_##name##_attr { \
 	struct attribute attr; \
-	ssize_t (*show)(struct kobject *, struct attribute *, \
+	ssize_t (*show)(struct kobject *, struct kobj_attribute *, \
 			char *); \
-	ssize_t (*store)(struct kobject *, struct attribute *, \
+	ssize_t (*store)(struct kobject *, struct kobj_attribute *, \
 			 const char *, size_t); \
 }
 
-NILFS_COMMON_ATTR_STRUCT(feature);
+NILFS_KOBJ_ATTR_STRUCT(feature);
 
 #define NILFS_DEV_ATTR_STRUCT(name) \
 struct nilfs_##name##_attr { \

[tip: x86/microcode] x86/microcode: Add microcode loader debugging functionality

[tip-bot2 for Borislav Petkov (AMD)]

The following commit has been merged into the x86/microcode branch of tip:

Commit-ID:     43181a47263dd9f2bee0afd688a841b09f9b7d12
Gitweb:        https://git.kernel.org/tip/43181a47263dd9f2bee0afd688a841b09f9b7d12
Author:        Borislav Petkov (AMD) <bp@alien8.de>
AuthorDate:    Wed, 20 Aug 2025 15:50:43 +02:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Thu, 04 Sep 2025 16:15:19 +02:00

x86/microcode: Add microcode loader debugging functionality

Instead of adding ad-hoc debugging glue to the microcode loader each
time I need it, add debugging functionality which is not built by
default.

Simulate all patch handling the loader does except the actual loading of
the microcode patch into the hardware.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250820135043.19048-3-bp@kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt |  4 +-
 arch/x86/Kconfig                                | 12 +++-
 arch/x86/kernel/cpu/microcode/amd.c             | 73 +++++++++++-----
 arch/x86/kernel/cpu/microcode/core.c            | 21 ++++-
 arch/x86/kernel/cpu/microcode/internal.h        |  9 ++-
 5 files changed, 96 insertions(+), 23 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 9e3bbce..2c142e5 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3770,6 +3770,10 @@
 	microcode=      [X86] Control the behavior of the microcode loader.
 	                Available options, comma separated:
 
+			base_rev=X - with <X> with format: <u32>
+			Set the base microcode revision of each thread when in
+			debug mode.
+
 			dis_ucode_ldr: disable the microcode loader
 
 			force_minrev:
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index aa250d9..77f72f0 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1360,6 +1360,18 @@ config MICROCODE_LATE_FORCE_MINREV
 
 	  If unsure say Y.
 
+config MICROCODE_DBG
+	bool "Enable microcode loader debugging"
+	default n
+	depends on MICROCODE
+	help
+	  Enable code which allows for debugging the microcode loader in
+	  a guest. Meaning the patch loading is simulated but everything else
+	  related to patch parsing and handling is done as on baremetal with
+	  the purpose of debugging solely the software side of things.
+
+	  You almost certainly want to say n here.
+
 config X86_MSR
 	tristate "/dev/cpu/*/msr - Model-specific register support"
 	help
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 514f633..cdce885 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -269,15 +269,6 @@ static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsi
 	return true;
 }
 
-static u32 get_patch_level(void)
-{
-	u32 rev, dummy __always_unused;
-
-	native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
-
-	return rev;
-}
-
 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
 {
 	union zen_patch_rev p;
@@ -295,6 +286,30 @@ static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
 	return c;
 }
 
+static u32 get_patch_level(void)
+{
+	u32 rev, dummy __always_unused;
+
+	if (IS_ENABLED(CONFIG_MICROCODE_DBG)) {
+		int cpu = smp_processor_id();
+
+		if (!microcode_rev[cpu]) {
+			if (!base_rev)
+				base_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax);
+
+			microcode_rev[cpu] = base_rev;
+
+			ucode_dbg("CPU%d, base_rev: 0x%x\n", cpu, base_rev);
+		}
+
+		return microcode_rev[cpu];
+	}
+
+	native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
+
+	return rev;
+}
+
 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig)
 {
 	unsigned int i;
@@ -324,13 +339,13 @@ static bool verify_container(const u8 *buf, size_t buf_size)
 	u32 cont_magic;
 
 	if (buf_size <= CONTAINER_HDR_SZ) {
-		pr_debug("Truncated microcode container header.\n");
+		ucode_dbg("Truncated microcode container header.\n");
 		return false;
 	}
 
 	cont_magic = *(const u32 *)buf;
 	if (cont_magic != UCODE_MAGIC) {
-		pr_debug("Invalid magic value (0x%08x).\n", cont_magic);
+		ucode_dbg("Invalid magic value (0x%08x).\n", cont_magic);
 		return false;
 	}
 
@@ -355,8 +370,8 @@ static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
 
 	cont_type = hdr[1];
 	if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
-		pr_debug("Wrong microcode container equivalence table type: %u.\n",
-			 cont_type);
+		ucode_dbg("Wrong microcode container equivalence table type: %u.\n",
+			  cont_type);
 		return false;
 	}
 
@@ -365,7 +380,7 @@ static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
 	equiv_tbl_len = hdr[2];
 	if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
 	    buf_size < equiv_tbl_len) {
-		pr_debug("Truncated equivalence table.\n");
+		ucode_dbg("Truncated equivalence table.\n");
 		return false;
 	}
 
@@ -385,7 +400,7 @@ static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize
 	const u32 *hdr;
 
 	if (buf_size < SECTION_HDR_SIZE) {
-		pr_debug("Truncated patch section.\n");
+		ucode_dbg("Truncated patch section.\n");
 		return false;
 	}
 
@@ -394,13 +409,13 @@ static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize
 	p_size = hdr[1];
 
 	if (p_type != UCODE_UCODE_TYPE) {
-		pr_debug("Invalid type field (0x%x) in container file section header.\n",
-			 p_type);
+		ucode_dbg("Invalid type field (0x%x) in container file section header.\n",
+			  p_type);
 		return false;
 	}
 
 	if (p_size < sizeof(struct microcode_header_amd)) {
-		pr_debug("Patch of size %u too short.\n", p_size);
+		ucode_dbg("Patch of size %u too short.\n", p_size);
 		return false;
 	}
 
@@ -477,12 +492,12 @@ static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
 	 * size sh_psize, as the section claims.
 	 */
 	if (buf_size < sh_psize) {
-		pr_debug("Patch of size %u truncated.\n", sh_psize);
+		ucode_dbg("Patch of size %u truncated.\n", sh_psize);
 		return -1;
 	}
 
 	if (!__verify_patch_size(sh_psize, buf_size)) {
-		pr_debug("Per-family patch size mismatch.\n");
+		ucode_dbg("Per-family patch size mismatch.\n");
 		return -1;
 	}
 
@@ -496,6 +511,9 @@ static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
 
 	proc_id	= mc_hdr->processor_rev_id;
 	patch_fam = 0xf + (proc_id >> 12);
+
+	ucode_dbg("Patch-ID 0x%08x: family: 0x%x\n", mc_hdr->patch_id, patch_fam);
+
 	if (patch_fam != family)
 		return 1;
 
@@ -566,9 +584,14 @@ static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc)
 		}
 
 		mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE);
+
+		ucode_dbg("patch_id: 0x%x\n", mc->hdr.patch_id);
+
 		if (mc_patch_matches(mc, eq_id)) {
 			desc->psize = patch_size;
 			desc->mc = mc;
+
+			ucode_dbg(" match: size: %d\n", patch_size);
 		}
 
 skip:
@@ -639,8 +662,14 @@ static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev,
 			invlpg(p_addr_end);
 	}
 
+	if (IS_ENABLED(CONFIG_MICROCODE_DBG))
+		microcode_rev[smp_processor_id()] = mc->hdr.patch_id;
+
 	/* verify patch application was successful */
 	*cur_rev = get_patch_level();
+
+	ucode_dbg("updated rev: 0x%x\n", *cur_rev);
+
 	if (*cur_rev != mc->hdr.patch_id)
 		return false;
 
@@ -1026,7 +1055,7 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
 	patch->patch_id  = mc_hdr->patch_id;
 	patch->equiv_cpu = proc_id;
 
-	pr_debug("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
+	ucode_dbg("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
 		 __func__, patch->patch_id, proc_id);
 
 	/* ... and add to cache. */
@@ -1169,7 +1198,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device)
 		snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
 
 	if (request_firmware_direct(&fw, (const char *)fw_name, device)) {
-		pr_debug("failed to load file %s\n", fw_name);
+		ucode_dbg("failed to load file %s\n", fw_name);
 		goto out;
 	}
 
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 7d59063..f75c140 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -48,6 +48,16 @@ static bool dis_ucode_ldr;
 bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
 
 /*
+ * Those below should be behind CONFIG_MICROCODE_DBG ifdeffery but in
+ * order to not uglify the code with ifdeffery and use IS_ENABLED()
+ * instead, leave them in. When microcode debugging is not enabled,
+ * those are meaningless anyway.
+ */
+/* base microcode revision for debugging */
+u32 base_rev;
+u32 microcode_rev[NR_CPUS] = {};
+
+/*
  * Synchronization.
  *
  * All non cpu-hotplug-callback call sites use:
@@ -118,7 +128,8 @@ bool __init microcode_loader_disabled(void)
 	 *    overwritten.
 	 */
 	if (!cpuid_feature() ||
-	    native_cpuid_ecx(1) & BIT(31) ||
+	    ((native_cpuid_ecx(1) & BIT(31)) &&
+	      !IS_ENABLED(CONFIG_MICROCODE_DBG)) ||
 	    amd_check_current_patch_level())
 		dis_ucode_ldr = true;
 
@@ -132,6 +143,14 @@ static void early_parse_cmdline(void)
 
 	if (cmdline_find_option(boot_command_line, "microcode", cmd_buf, sizeof(cmd_buf)) > 0) {
 		while ((s = strsep(&p, ","))) {
+			if (IS_ENABLED(CONFIG_MICROCODE_DBG)) {
+				if (strstr(s, "base_rev=")) {
+					/* advance to the option arg */
+					strsep(&s, "=");
+					if (kstrtouint(s, 16, &base_rev)) { ; }
+				}
+			}
+
 			if (!strcmp("force_minrev", s))
 				force_minrev = true;
 
diff --git a/arch/x86/kernel/cpu/microcode/internal.h b/arch/x86/kernel/cpu/microcode/internal.h
index 50a9702..ae8dbc2 100644
--- a/arch/x86/kernel/cpu/microcode/internal.h
+++ b/arch/x86/kernel/cpu/microcode/internal.h
@@ -44,6 +44,9 @@ struct early_load_data {
 
 extern struct early_load_data early_data;
 extern struct ucode_cpu_info ucode_cpu_info[];
+extern u32 microcode_rev[NR_CPUS];
+extern u32 base_rev;
+
 struct cpio_data find_microcode_in_initrd(const char *path);
 
 #define MAX_UCODE_COUNT 128
@@ -122,4 +125,10 @@ static inline void reload_ucode_intel(void) { }
 static inline struct microcode_ops *init_intel_microcode(void) { return NULL; }
 #endif  /* !CONFIG_CPU_SUP_INTEL */
 
+#define ucode_dbg(fmt, ...)					\
+({								\
+	if (IS_ENABLED(CONFIG_MICROCODE_DBG))			\
+		pr_info(fmt, ##__VA_ARGS__);			\
+})
+
 #endif /* _X86_MICROCODE_INTERNAL_H */

[tip: x86/microcode] x86/microcode: Add microcode= cmdline parsing

[tip-bot2 for Borislav Petkov (AMD)]

The following commit has been merged into the x86/microcode branch of tip:

Commit-ID:     632ff61706473127cdc3b779bf24d368e3856ab3
Gitweb:        https://git.kernel.org/tip/632ff61706473127cdc3b779bf24d368e3856ab3
Author:        Borislav Petkov (AMD) <bp@alien8.de>
AuthorDate:    Wed, 20 Aug 2025 15:50:42 +02:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Thu, 04 Sep 2025 16:02:20 +02:00

x86/microcode: Add microcode= cmdline parsing

Add a "microcode=" command line argument after which all options can be
passed in a comma-separated list.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Sohil Mehta <sohil.mehta@intel.com>
Reviewed-by: Chang S. Bae <chang.seok.bae@intel.com>
Link: https://lore.kernel.org/20250820135043.19048-2-bp@kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt |  8 +++--
 arch/x86/Kconfig                                |  4 +-
 arch/x86/kernel/cpu/microcode/core.c            | 26 +++++++++++++---
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 747a55a..9e3bbce 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3767,8 +3767,12 @@
 
 	mga=		[HW,DRM]
 
-	microcode.force_minrev=	[X86]
-			Format: <bool>
+	microcode=      [X86] Control the behavior of the microcode loader.
+	                Available options, comma separated:
+
+			dis_ucode_ldr: disable the microcode loader
+
+			force_minrev:
 			Enable or disable the microcode minimal revision
 			enforcement for the runtime microcode loader.
 
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 58d890f..aa250d9 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1340,7 +1340,7 @@ config MICROCODE_LATE_LOADING
 	  use this at your own risk. Late loading taints the kernel unless the
 	  microcode header indicates that it is safe for late loading via the
 	  minimal revision check. This minimal revision check can be enforced on
-	  the kernel command line with "microcode.minrev=Y".
+	  the kernel command line with "microcode=force_minrev".
 
 config MICROCODE_LATE_FORCE_MINREV
 	bool "Enforce late microcode loading minimal revision check"
@@ -1356,7 +1356,7 @@ config MICROCODE_LATE_FORCE_MINREV
 	  revision check fails.
 
 	  This minimal revision check can also be controlled via the
-	  "microcode.minrev" parameter on the kernel command line.
+	  "microcode=force_minrev" parameter on the kernel command line.
 
 	  If unsure say Y.
 
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index b92e09a..7d59063 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -43,10 +43,9 @@
 #include "internal.h"
 
 static struct microcode_ops *microcode_ops;
-static bool dis_ucode_ldr = false;
+static bool dis_ucode_ldr;
 
 bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
-module_param(force_minrev, bool, S_IRUSR | S_IWUSR);
 
 /*
  * Synchronization.
@@ -126,13 +125,32 @@ bool __init microcode_loader_disabled(void)
 	return dis_ucode_ldr;
 }
 
+static void early_parse_cmdline(void)
+{
+	char cmd_buf[64] = {};
+	char *s, *p = cmd_buf;
+
+	if (cmdline_find_option(boot_command_line, "microcode", cmd_buf, sizeof(cmd_buf)) > 0) {
+		while ((s = strsep(&p, ","))) {
+			if (!strcmp("force_minrev", s))
+				force_minrev = true;
+
+			if (!strcmp(s, "dis_ucode_ldr"))
+				dis_ucode_ldr = true;
+		}
+	}
+
+	/* old, compat option */
+	if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
+		dis_ucode_ldr = true;
+}
+
 void __init load_ucode_bsp(void)
 {
 	unsigned int cpuid_1_eax;
 	bool intel = true;
 
-	if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
-		dis_ucode_ldr = true;
+	early_parse_cmdline();
 
 	if (microcode_loader_disabled())
 		return;

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Borislav Petkov]

On Thu, Sep 04, 2025 at 04:29:52PM -0700, Nathan Chancellor wrote:
> Does your QEMU boot via UEFI? This configuration has
> 
>   # CONFIG_EFI is not set
> 
> so if I try to boot QEMU via OVMF, I get:
> 
>   BdsDxe: failed to load Boot0002 "UEFI Non-Block Boot Device" from VenMedia(1428F772-B64A-441E-B8C3-9EBDD7F893C7): Not Found
>   BdsDxe: No bootable option or device was found.
>   BdsDxe: Press any key to enter the Boot Manager Menu.
> 
> Turning on CONFIG_EFI and CONFIG_EFI_STUB is enough for me to boot this
> configuration.

Yeah, I'm blindly following the testing instructions because I'm being
a guinea pig for the testing folks. :-)

Looks like those instructions need massaging.

> Looks like this configuration has
> 
>   CONFIG_LTO_CLANG_FULL=y
> 
> so that's not too surprising :) turning that off or making it
> 
>   CONFIG_LTO_CLANG_THIN=y
> 
> should be much quicker.

Yeah, I hear there might be some more room for improvements in parallelizing
more of the LTO work but I dunno - just rumours :-P

> I ran 200 boots using our simple Buildroot initrd and QEMU wrapper
> script [1] and saw no issues, however...

Yeah, that's a nicely debugged issue - I think you should simply send a proper
patch.

Thanks!

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Re: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing

[Ryusuke Konishi]

On Fri, Sep 5, 2025 at 8:29 AM Nathan Chancellor  wrote:
>
> Hi Boris and the Intel folks,
>
> + Ryusuke and linux-nilfs
>
> On Thu, Sep 04, 2025 at 01:37:52PM +0200, Borislav Petkov wrote:
> > On Tue, Sep 02, 2025 at 04:45:12PM +0800, kernel test robot wrote:
...
>   $ cat /sys/fs/nilfs2/features/revision
>   [    6.975426][  T150] CFI failure at kobj_attr_show+0x59/0x80 (target: nilfs_feature_revision_show+0x0/0x30; expected type: 0xed60cafc)
>   [    6.976822][  T150] Oops: invalid opcode: 0000 [#1] KASAN
>   [    6.977407][  T150] CPU: 0 UID: 0 PID: 150 Comm: cat Not tainted 6.17.0-rc2-00016-g894af4a1cde6 #1 NONE
>   [    6.978432][  T150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014
>   [    6.979752][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
>   [    6.980321][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
>   [    6.982456][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
>   [    6.983163][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
>   [    6.984012][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
>   [    6.984900][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
>   [    6.985830][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
>   [    6.986658][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
>   [    6.987542][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
>   [    6.988508][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   [    6.989241][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
>   [    6.990120][  T150] Call Trace:
>   [    6.990498][  T150]  <TASK>
>   [    6.990867][  T150]  sysfs_kf_seq_show+0x2a6/0x390
>   [    6.991410][  T150]  ? __cfi_kobj_attr_show+0x10/0x10
>   [    6.992015][  T150]  kernfs_seq_show+0x104/0x15b
>   [    6.992542][  T150]  seq_read_iter+0x580/0xe2b
>   [    6.993076][  T150]  kernfs_fop_read_iter+0x137/0x470
>   [    6.993650][  T150]  new_sync_read+0x27e/0x365
>   [    6.994185][  T150]  vfs_read+0x1e8/0x46b
>   [    6.994650][  T150]  ksys_read+0xc2/0x170
>   [    6.995129][  T150]  __x64_sys_read+0x7f/0x90
>   [    6.995631][  T150]  ? entry_SYSCALL_64_after_hwframe+0x6b/0x73
>   [    6.996299][  T150]  x64_sys_call+0x2589/0x2cdb
>   [    6.996843][  T150]  do_syscall_64+0x89/0xfa0
>   [    6.997343][  T150]  ? irqentry_exit+0x33/0x70
>   [    6.997882][  T150]  ? exc_page_fault+0x96/0xe0
>   [    6.998400][  T150]  entry_SYSCALL_64_after_hwframe+0x6b/0x73
>   [    6.999068][  T150] RIP: 0033:0x7f4818dc11ce
>   [    6.999564][  T150] Code: 4d 89 d8 e8 64 be 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
>   [    7.001627][  T150] RSP: 002b:00007ffc2d325600 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
>   [    7.002558][  T150] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f4818dc11ce
>   [    7.003443][  T150] RDX: 0000000000040000 RSI: 00007f481899b000 RDI: 0000000000000003
>   [    7.004363][  T150] RBP: 00007ffc2d325610 R08: 0000000000000000 R09: 0000000000000000
>   [    7.005260][  T150] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000040000
>   [    7.006143][  T150] R13: 00007f481899b000 R14: 0000000000000003 R15: 0000000000000000
>   [    7.007027][  T150]  </TASK>
>   [    7.007411][  T150] Modules linked in:
>   [    7.007994][  T150] ---[ end trace 0000000000000000 ]---
>   [    7.008711][  T150] RIP: 0010:kobj_attr_show+0x59/0x80
>   [    7.009430][  T150] Code: 08 00 74 08 4c 89 e7 e8 05 6b d6 fb 4d 8b 1c 24 4d 85 db 74 1f 4c 89 ff 4c 89 f6 48 89 da 41 ba 04 35 9f 12 45 03 53 f1 74 02 <0f> 0b 41 ff d3 0f 1f 00 eb 07 48 c7 c0 fb ff ff ff 5b 41 5c 41 5e
>   [    7.011712][  T150] RSP: 0018:ffa0000000e17b28 EFLAGS: 00010216
>   [    7.012369][  T150] RAX: 1ffffffff3753765 RBX: ff11000109eca000 RCX: dffffc0000000000
>   [    7.013214][  T150] RDX: ff11000109eca000 RSI: ffffffff9ba9bb00 RDI: ff11000100b4f250
>   [    7.014202][  T150] RBP: ffa0000000e17b48 R08: ff11000109ecafff R09: ff11000109eca000
>   [    7.015201][  T150] R10: 000000007b3f6fc3 R11: ffffffff9541ea80 R12: ffffffff9ba9bb28
>   [    7.016202][  T150] R13: 1fe2200020fdfe80 R14: ffffffff9ba9bb00 R15: ff11000100b4f250
>   [    7.017212][  T150] FS:  00007f4818d2b740(0000) GS:0000000000000000(0000) knlGS:0000000000000000
>   [    7.018332][  T150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   [    7.019154][  T150] CR2: 00007f481899a000 CR3: 0000000109f3b002 CR4: 0000000000371eb0
>   [    7.020147][  T150] Kernel panic - not syncing: Fatal exception
>   [    7.020837][  T150] Kernel Offset: 0x12e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>
> The fix should be something like the following, which resolves the issue
> for me.
>
>   nilfs_sysfs_init() ->
>     kset_create_and_add() ->
>       kset_create()
>
> has
>
>   kset->kobj.ktype = &kset_ktype
>
> which is
>
>   static const struct kobj_type kset_ktype = {
>     .sysfs_ops      = &kobj_sysfs_ops,
>     .release        = kset_release,
>     .get_ownership  = kset_get_ownership,
>   };
>
> Note the kobj_sysfs_ops.
>
>   const struct sysfs_ops kobj_sysfs_ops = {
>     .show   = kobj_attr_show,
>     .store  = kobj_attr_store,
>   };
>
> nilfs_feature_attr_group is added to the nilfs_kset->kobj via
> sysfs_create_group(), where the kernfs_ops for each file in
> nilfs_feature_attr_group becomes
>
>   sysfs_create_group() ->
>     internal_create_group() ->
>       create_files() ->
>         sysfs_add_file_mode_ns() ->
>           ops = &sysfs_file_kfops_rw;
>           __kernfs_create_file() ->
>             kn->attr.ops = ops;
>
>   static const struct kernfs_ops sysfs_file_kfops_rw = {
>     .seq_show = sysfs_kf_seq_show,
>     .write    = sysfs_kf_write,
>   };
>
> sysfs_kf_seq_show() calls kobj_attr_show() via
>
>   const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
>   ...
>   count = ops->show(kobj, of->kn->priv, buf);
>
> kobj_attr_show() calls one of the nilfs_feature_*_show() functions via
> after casting to 'struct kobj_attribute':
>
>   kattr = container_of(attr, struct kobj_attribute, attr);
>   if (kattr->show)
>     ret = kattr->show(kobj, kattr, buf);
>
>   struct kobj_attribute {
>     struct attribute attr;
>     ssize_t (*show)(struct kobject *kobj, struct kobj_attribute *attr,
>             char *buf);
>     ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
>             const char *buf, size_t count);
>   };
>
> So the types of nilfs_feature_*_show() need to match
> kobj_attribute->show() to avoid triggering CFI here.
>
> Cheers,
> Nathan

Thank you very much, Nathan, for sharing your detailed report and
proposing a fix.

I actually performed a reproduction test in an environment with
CONFIG_LTO_CLANG_THIN=y and confirmed that the CFI panic reoccurs, and
that your patch fixes it.

I also followed your analysis of sysfs and concluded that it is
correct and that your changes to the two
nilfs_feature_{revision,README}_show() functions are necessary. I'll
check whether these were necessary from the beginning or whether they
became necessary later.

I'd like to send your proposed fixes upstream, but could you please
send it to me and linux-nilfs in the form of a proper patch? (I'll
need at least your SoB line).

Thank you in advance.

Ryusuke Konishi