From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:51484 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751160AbcEOULN (ORCPT ); Sun, 15 May 2016 16:11:13 -0400 Message-ID: <1463331011.2631.48.camel@decadent.org.uk> Subject: Re: 2 microcode loader patches for 3.2-stable From: Ben Hutchings To: Borislav Petkov Cc: Henrique de Moraes Holschuh , stable Date: Sun, 15 May 2016 17:50:11 +0100 In-Reply-To: <20160506132813.GK24044@pd.tnic> References: <20160506132813.GK24044@pd.tnic> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-EKLPPDdmi4LPuADpJNcA" Mime-Version: 1.0 Sender: stable-owner@vger.kernel.org List-ID: --=-EKLPPDdmi4LPuADpJNcA Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2016-05-06 at 15:28 +0200, Borislav Petkov wrote: > Hi Ben, >=20 > please queue those two for 3.2-stable, otherwise some AMD laptops freeze > during microcode updating. I've queued these up, thanks. Ben. > Thanks. >=20 > --- > From 2eff73c0a11f19ff082a566e3429fbaaca7b8e7b Mon Sep 17 00:00:00 2001 > From: Borislav Petkov > Date: Mon, 12 Oct 2015 11:22:41 +0200 > Subject: [PATCH] x86/microcode/amd: Extract current patch level read to a > =C2=A0function >=20 > Commit 2eff73c0a11f19ff082a566e3429fbaaca7b8e7b upstream. >=20 > Pave the way for checking the current patch level of the > microcode in a core. We want to be able to do stuff depending on > the patch level - in this case decide whether to update or not. > But that will be added in a later patch. >=20 > Drop unused local var uci assignment, while at it. >=20 > Integrate a fix for 32-bit and CONFIG_PARAVIRT from Takashi Iwai: >=20 > =C2=A0Use native_rdmsr() in check_current_patch_level() because with > =C2=A0CONFIG_PARAVIRT enabled and on 32-bit, where we run before > =C2=A0paging has been enabled, we cannot deref pv_info yet. Or we > =C2=A0could, but we'd need to access its physical address. This way of > =C2=A0fixing it is simpler. See: >=20 > =C2=A0=C2=A0=C2=A0https://bugzilla.suse.com/show_bug.cgi?id=3D943179 for = the background. >=20 > Signed-off-by: Borislav Petkov > Cc: Borislav Petkov > Cc: H. Peter Anvin > Cc: Linus Torvalds > Cc: Peter Zijlstra > Cc: Takashi Iwai : > Cc: Thomas Gleixner > Cc: Tony Luck > Link: http://lkml.kernel.org/r/1444641762-9437-6-git-send-email-bp@alien8= .de > Signed-off-by: Ingo Molnar > --- > =C2=A0arch/x86/include/asm/microcode.h=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0|=C2=A0=C2=A01 + > =C2=A0arch/x86/kernel/microcode_amd.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0| 24 ++++++++++++++++++++++-- > =C2=A03 files changed, 30 insertions(+), 12 deletions(-) >=20 > Index: linux/arch/x86/include/asm/microcode.h > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- linux.orig/arch/x86/include/asm/microcode.h 2016-05-02 12:20:08.36472= 8800 +0200 > +++ linux/arch/x86/include/asm/microcode.h 2016-05-02 12:20:31.944728581 = +0200 > @@ -61,4 +61,5 @@ static inline struct microcode_ops * __i > =C2=A0} > =C2=A0#endif > =C2=A0 > +extern bool check_current_patch_level(u32 *rev); > =C2=A0#endif /* _ASM_X86_MICROCODE_H */ > Index: linux/arch/x86/kernel/microcode_amd.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- linux.orig/arch/x86/kernel/microcode_amd.c 2016-05-02 12:20:08.364728= 800 +0200 > +++ linux/arch/x86/kernel/microcode_amd.c 2016-05-02 12:24:35.768726320 += 0200 > @@ -123,13 +123,32 @@ static int get_matching_microcode(int cp > =C2=A0 return 1; > =C2=A0} > =C2=A0 > +/* > + * Check the current patch level on this CPU. > + * > + * @rev: Use it to return the patch level. It is set to 0 in the case of > + * error. > + * > + * Returns: > + *=C2=A0=C2=A0- true: if update should stop > + *=C2=A0=C2=A0- false: otherwise > + */ > +bool check_current_patch_level(u32 *rev) > +{ > + u32 dummy; > + > + rdmsr(MSR_AMD64_PATCH_LEVEL, *rev, dummy); > + > + return false; > +} > + > =C2=A0static int apply_microcode_amd(int cpu) > =C2=A0{ > - u32 rev, dummy; > =C2=A0 int cpu_num =3D raw_smp_processor_id(); > =C2=A0 struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu_num; > =C2=A0 struct microcode_amd *mc_amd =3D uci->mc; > =C2=A0 struct cpuinfo_x86 *c =3D &cpu_data(cpu); > + u32 dummy, rev; > =C2=A0 > =C2=A0 /* We should bind the task to the CPU */ > =C2=A0 BUG_ON(cpu_num !=3D cpu); > @@ -137,6 +156,9 @@ static int apply_microcode_amd(int cpu) > =C2=A0 if (mc_amd =3D=3D NULL) > =C2=A0 return 0; > =C2=A0 > + if (check_current_patch_level(&rev)) > + return -1; > + > =C2=A0 wrmsrl(MSR_AMD64_PATCH_LOADER, (u64)(long)&mc_amd->hdr.data_code); > =C2=A0 /* get patch id after patching */ > =C2=A0 rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy); >=20 >=20 > --- > From 0399f73299f1b7e04de329050f7111b362b7eeb5 Mon Sep 17 00:00:00 2001 > From: Borislav Petkov > Date: Mon, 12 Oct 2015 11:22:42 +0200 > Subject: [PATCH] x86/microcode/amd: Do not overwrite final patch levels > MIME-Version: 1.0 > Content-Type: text/plain; charset=3DUTF-8 > Content-Transfer-Encoding: 8bit >=20 > Commit 0399f73299f1b7e04de329050f7111b362b7eeb5 upstream. >=20 > A certain number of patch levels of applied microcode should not > be overwritten by the microcode loader, otherwise bad things > will happen. >=20 > Check those and abort update if the current core has one of > those final patch levels applied by the BIOS. 32-bit needs > special handling, of course. >=20 > See https://bugzilla.suse.com/show_bug.cgi?id=3D913996 for more > info. >=20 > Tested-by: Peter Kirchge=C3=9Fner > Signed-off-by: Borislav Petkov > Cc: Borislav Petkov > Cc: H. Peter Anvin > Cc: Linus Torvalds > Cc: Peter Zijlstra > Cc: Thomas Gleixner > Cc: Tony Luck > Link: http://lkml.kernel.org/r/1444641762-9437-7-git-send-email-bp@alien8= .de > Signed-off-by: Ingo Molnar > --- > =C2=A0arch/x86/include/asm/microcode.h=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0|=C2=A0=C2=A02 +- > =C2=A0arch/x86/kernel/cpu/microcode/amd.c=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0| 38 +++++++++++++++++++++++++++---- > =C2=A0arch/x86/kernel/cpu/microcode/amd_early.c | 13 ++++++++--- > =C2=A03 files changed, 44 insertions(+), 9 deletions(-) >=20 > Index: linux/arch/x86/include/asm/microcode.h > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- linux.orig/arch/x86/include/asm/microcode.h 2016-05-02 13:40:48.98068= 3909 +0200 > +++ linux/arch/x86/include/asm/microcode.h 2016-05-02 13:40:48.976683909 = +0200 > @@ -61,5 +61,5 @@ static inline struct microcode_ops * __i > =C2=A0} > =C2=A0#endif > =C2=A0 > -extern bool check_current_patch_level(u32 *rev); > +extern bool check_current_patch_level(u32 *rev, bool early); > =C2=A0#endif /* _ASM_X86_MICROCODE_H */ > Index: linux/arch/x86/kernel/microcode_amd.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- linux.orig/arch/x86/kernel/microcode_amd.c 2016-05-02 13:40:48.980683= 909 +0200 > +++ linux/arch/x86/kernel/microcode_amd.c 2016-05-02 13:56:56.688674935 += 0200 > @@ -124,6 +124,16 @@ static int get_matching_microcode(int cp > =C2=A0} > =C2=A0 > =C2=A0/* > + * Those patch levels cannot be updated to newer ones and thus should be= final. > + */ > +static u32 final_levels[] =3D { > + 0x01000098, > + 0x0100009f, > + 0x010000af, > + 0, /* T-101 terminator */ > +}; > + > +/* > =C2=A0 * Check the current patch level on this CPU. > =C2=A0 * > =C2=A0 * @rev: Use it to return the patch level. It is set to 0 in the ca= se of > @@ -133,13 +143,33 @@ static int get_matching_microcode(int cp > =C2=A0 *=C2=A0=C2=A0- true: if update should stop > =C2=A0 *=C2=A0=C2=A0- false: otherwise > =C2=A0 */ > -bool check_current_patch_level(u32 *rev) > +bool check_current_patch_level(u32 *rev, bool early) > =C2=A0{ > - u32 dummy; > + u32 lvl, dummy, i; > + bool ret =3D false; > + u32 *levels; > + > + rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy); > + > +#ifdef CONFIG_X86_32 > + if (early) > + levels =3D (u32 *)__pa_nodebug(&final_levels); > + else > +#endif > + levels =3D final_levels; > + > + for (i =3D 0; levels[i]; i++) { > + if (lvl =3D=3D levels[i]) { > + lvl =3D 0; > + ret =3D true; > + break; > + } > + } > =C2=A0 > - rdmsr(MSR_AMD64_PATCH_LEVEL, *rev, dummy); > + if (rev) > + *rev =3D lvl; > =C2=A0 > - return false; > + return ret; > =C2=A0} > =C2=A0 > =C2=A0static int apply_microcode_amd(int cpu) > @@ -156,7 +186,7 @@ static int apply_microcode_amd(int cpu) > =C2=A0 if (mc_amd =3D=3D NULL) > =C2=A0 return 0; > =C2=A0 > - if (check_current_patch_level(&rev)) > + if (check_current_patch_level(&rev, false)) > =C2=A0 return -1; > =C2=A0 > =C2=A0 wrmsrl(MSR_AMD64_PATCH_LOADER, (u64)(long)&mc_amd->hdr.data_code); >=20 --=20 Ben Hutchings For every action, there is an equal and opposite criticism. - Harrison --=-EKLPPDdmi4LPuADpJNcA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJXOKjDAAoJEOe/yOyVhhEJTO8P+gP9kGUH6tDRf3N7g+zwnAyr KarqcepdVCPAUQdz3Tq6xSbURovQd6WE8JoWy3EJU3ea9Gu+VrnQuvRK5ipVPlFt QPVZxpHab/Wr/ni5e7BO/D1ejvL15pQygm3/gR+7b6ySgys0l866iODOdyvHVFth zJaXMnnrInoVFY6xFyFcWQ2yUqrMmiC2JekCyf4/ebkrDcL6rxl+bgkvT6/5RHuC 1USE5Uq3nH94zkHdYNltObWyWQh14FgCK0igBo+27YWqk4nsl/2T0jlhYSilwQ07 8AGUEL3G4volaU5dzxqemnzwm6WASrQHK/BrVQBS6VxY/3d3wBQ9/Ljpu2uPlEiQ +dO6g0dmrNvEED1PsoTa2AYRZODwUOFUxqDGAjl4brYhbBv/78OqtOwvIlzK2uc7 bPze07AFIYowXjmzB872fybHMziLPYowBdMtU6M3bPuQiDMtWJpg1ywxn0GrQYJG QDh6eMkLUhUct+SlP1x/x5poyYuA1S3nJ9FnV3WR7h6bYlO8RInp5wOFPv/ksbW4 h9ANMgdvFpzOAAsorCczvvvAKJecDsPXm+C30BTSo+p98KIfFqsTqWOoDfmmp4hM p1rbRnQm/GW3hRUndgwP1k8TUum9ummJB+yaBQ1Fwyg6ZDB4jF3+oaUOeHIxws5F e+FubvTRHt2YZYnrM32r =MEtk -----END PGP SIGNATURE----- --=-EKLPPDdmi4LPuADpJNcA--