From: Peter Zijlstra <peterz@infradead.org>
To: Ashok Raj <ashok.raj@intel.com>
Cc: Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
Tony Luck <tony.luck@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
LKML Mailing List <linux-kernel@vger.kernel.org>,
X86-kernel <x86@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH 3/5] x86/microcode/intel: Allow a late-load only if a min rev is specified
Date: Mon, 15 Aug 2022 09:43:00 +0200 [thread overview]
Message-ID: <Yvn5BNXfOm3uA7WA@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20220813223825.3164861-4-ashok.raj@intel.com>
On Sat, Aug 13, 2022 at 10:38:23PM +0000, Ashok Raj wrote:
> The proposal here is an even simpler option. The criteria for a microcode to
> be a viable late-load candidate is that no CPUID or OS visible MSR features
> are removed with respect to an earlier version of the microcode.
>
> Pseudocode for late-load is as follows:
>
> if header.min_required_id == 0
> This is old format microcode, block late-load
> else if current_ucode_version < header.min_required_id
> Current version is too old, block late-load of this microcode.
> else
> OK to proceed with late-load.
What about ucode that adds CPUID bits? Since the kernel will not re-init
it will not pick up on those. But userspace might.
Should we at all time enable CPUID intercept to ensure user visible
CPUID doesn't change?
next prev parent reply other threads:[~2022-08-15 7:43 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-13 22:38 [PATCH 0/5] Adding more robustness to microcode loading Ashok Raj
2022-08-13 22:38 ` [PATCH 1/5] x86/microcode: Add missing documentation that late-load will taint kernel Ashok Raj
2022-08-15 19:40 ` [tip: x86/microcode] x86/microcode: Document the whole late loading problem tip-bot2 for Ashok Raj
2022-08-16 3:21 ` Ashok Raj
2022-08-16 7:40 ` Borislav Petkov
2022-08-16 6:51 ` Ingo Molnar
2022-08-16 7:46 ` tip-bot2 for Ashok Raj
2022-08-18 14:04 ` tip-bot2 for Ashok Raj
2022-08-13 22:38 ` [PATCH 2/5] x86/microcode/intel: Check against CPU signature before saving microcode Ashok Raj
2022-08-13 22:38 ` [PATCH 3/5] x86/microcode/intel: Allow a late-load only if a min rev is specified Ashok Raj
2022-08-15 7:43 ` Peter Zijlstra [this message]
2022-08-15 12:29 ` Ashok Raj
2022-08-15 7:46 ` Peter Zijlstra
2022-08-15 12:41 ` Ashok Raj
2022-08-15 13:04 ` Peter Zijlstra
2022-08-18 17:34 ` Dave Hansen
2022-08-13 22:38 ` [PATCH 4/5] x86/microcode: Avoid any chance of MCE's during microcode update Ashok Raj
2022-08-13 22:38 ` [PATCH 5/5] x86/microcode: Handle NMI's " Ashok Raj
2022-08-14 0:13 ` Andy Lutomirski
2022-08-14 1:19 ` Andy Lutomirski
2022-08-14 3:05 ` Ashok Raj
2022-08-14 2:54 ` Ashok Raj
2022-08-14 11:58 ` Andrew Cooper
2022-08-14 14:41 ` Ashok Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yvn5BNXfOm3uA7WA@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox