From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Tony Luck <tony.luck@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
LKML Mailing List <linux-kernel@vger.kernel.org>,
X86-kernel <x86@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Tom Lendacky <thomas.lendacky@amd.com>,
Jacon Jun Pan <jacob.jun.pan@intel.com>,
Ashok Raj <ashok.raj@intel.com>
Subject: Re: [PATCH v3 1/5] x86/microcode/intel: Check against CPU signature before saving microcode
Date: Tue, 23 Aug 2022 11:13:13 +0000 [thread overview]
Message-ID: <YwS2SXBN2J5FQflG@araj-dh-work> (raw)
In-Reply-To: <Yv9k6fqRANu4ojK6@zn.tnic>
On Fri, Aug 19, 2022 at 12:24:41PM +0200, Borislav Petkov wrote:
> On Wed, Aug 17, 2022 at 05:11:23AM +0000, Ashok Raj wrote:
> > When save_microcode_patch() is looking to replace an existing microcode in
> > the cache, current code is *only* checks the CPU sig/pf in the main
>
> Write those "sig/pf" things out once so that it is clear what that is.
Thanks, will do.
>
> > header. Microcode can carry additional sig/pf combinations in the extended
> > signature table, which is completely missed today.
> >
> > For e.g. Current patch is a multi-stepping patch and new incoming patch is
> > a specific patch just for this CPUs stepping.
> >
> > patch1:
> > fms3 <--- header FMS
> > ...
> > ext_sig:
> > fms1
> > fms2
> >
> > patch2: new
> > fms2 <--- header FMS
> >
> > Current code takes only fms3 and checks with patch2 fms2.
>
> So, find_matching_signature() does all the signatures matching and
> scanning already. If anything, that function should tell its callers
> whether the patch it is looking at - the fms2 one - should replace the
> current one or not.
>
> I.e., all the logic to say how strong a patch match is, should be
> concentrated there. And then the caller will do the according action.
I updated the commit log accordingly. Basically find_matching_signature()
is only intended to find a CPU's sig/pf against a microcode image and not
intended to compare between two different images.
>
> > saved_patch.header.fms3 != new_patch.header.fms2, so save_microcode_patch
> > saves it to the end of list instead of replacing patch1 with patch2.
> >
> > There is no functional user observable issue since find_patch() skips
> > patch versions that are <= current_patch and will land on patch2 properly.
> >
> > Nevertheless this will just end up storing every patch that isn't required.
> > Kernel just needs to store the latest patch. Otherwise its a memory leak
> > that sits in kernel and never used.
>
> Oh well.
>
> > Cc: stable@vger.kernel.org
>
> Why?
We have some code to support model specific microcode rollback support.
This code is just internal. That codebase triggered the bug.
I'll drop the Cc next time.
Cheers,
Ashok
next prev parent reply other threads:[~2022-08-23 15:33 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-17 5:11 [PATCH v3 0/5] Making microcode late-load robust Ashok Raj
2022-08-17 5:11 ` [PATCH v3 1/5] x86/microcode/intel: Check against CPU signature before saving microcode Ashok Raj
2022-08-17 7:43 ` Ingo Molnar
2022-08-17 10:45 ` Ashok Raj
2022-08-19 10:24 ` Borislav Petkov
2022-08-23 11:13 ` Ashok Raj [this message]
2022-08-24 19:27 ` Borislav Petkov
2022-08-25 3:27 ` Ashok Raj
2022-08-26 16:24 ` Borislav Petkov
2022-08-26 17:18 ` Ashok Raj
2022-08-26 17:29 ` Borislav Petkov
2022-08-17 5:11 ` [PATCH v3 2/5] x86/microcode/intel: Allow a late-load only if a min rev is specified Ashok Raj
2022-08-17 7:45 ` Ingo Molnar
2022-08-19 11:11 ` Borislav Petkov
2022-08-23 0:08 ` Ashok Raj
2022-08-24 19:52 ` Borislav Petkov
2022-08-25 4:02 ` Ashok Raj
2022-08-26 12:09 ` Borislav Petkov
2022-08-17 5:11 ` [PATCH v3 3/5] x86/microcode: Avoid any chance of MCE's during microcode update Ashok Raj
2022-08-17 7:41 ` Ingo Molnar
2022-08-17 7:58 ` Ingo Molnar
2022-08-17 8:09 ` Borislav Petkov
2022-08-17 11:57 ` Ashok Raj
2022-08-17 12:10 ` Borislav Petkov
2022-08-17 12:30 ` Ashok Raj
2022-08-17 14:19 ` Borislav Petkov
2022-08-17 15:06 ` Ashok Raj
2022-08-29 14:23 ` Andy Lutomirski
2022-08-17 11:40 ` Ashok Raj
2022-08-17 5:11 ` [PATCH v3 4/5] x86/x2apic: Support x2apic self IPI with NMI_VECTOR Ashok Raj
2022-08-17 5:11 ` [PATCH v3 5/5] x86/microcode: Place siblings in NMI loop while update in progress Ashok Raj
2022-08-30 19:15 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YwS2SXBN2J5FQflG@araj-dh-work \
--to=ashok.raj@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=jacob.jun.pan@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox