xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3.2)
@ 2013-09-25 15:29 Konrad Rzeszutek Wilk
  2013-09-25 15:29 ` [PATCH 1/2] microcode: Scan the initramfs payload for microcode blob Konrad Rzeszutek Wilk
                   ` (2 more replies)
  0 siblings, 3 replies; 15+ messages in thread
From: Konrad Rzeszutek Wilk @ 2013-09-25 15:29 UTC (permalink / raw)
  To: xen-devel, jbeulich, david.vrabel, andrew.cooper3

Changelog:
* since v3 posting
 - Addressed Andrew's comments.

* since v2 posting (http://mid.gmane.org/1374165371-24716-1-git-send-email-konrad.wilk@oracle.com)
 - Addressed Jan's comments (I hope all of them)

Greetings,

<from v1>
Please see the following patch which implements a mechanism to scan
the initramfs for the format of an microcode files. This is a feature
that the Linux kernel has since v3.10 - where it searches in the
initramfs for an archive of the microcode blob. The format is documented
in the Linux tree and the commit description contains it.

The tool to make this work is the initramfs creator. The one tool
'dracut' has support for this via the '--early-microcode' parameter.
(See http://news.gmane.org/gmane.linux.kernel.initramfs for dracut 030
announcement))

That, along with this patch, allows the Xen hypervisor to update the
microcode during bootup. Please review attached patch.

I had also tested just using Linux how well it deals with an initramfs
composed of two cpio images. Testing revealed that it worked great
even if the kernel did not have the early cpio support build in.
David Vrabel pointed out that it b/c:
"The kernel unpacks all cpio archives it finds in the initramfs image so
the kernel doesn't have to be aware of the way tools have packed the
filesystem into different cpio archive."

The way to use this is by the 'ucode' parameter. It has now two meanings:
  [<index>|initrd]

Which CANNOT be used together. By default this auto scanning is turned off
as Jan pointed out that: "Xen otoh has to be careful not to
mis-interpret a blob passed to a non-Linux Dom0 as a CPIO. How
good the guarding against this is in the code I'll have to check".

The author would like to have this on by default but that can wait
till a later time when maintainer is comfortable with this being
on by default.
</from v1>

There is also the question whether the parameter should be 'cpio','initrd'
or 'scan'. As in the future the extraction of the payload could be from
a different format than the cpio (say a microcode blob with an magic
string at the start). The author believes that at that time the logic
to scan the mulitboot payloads can be expanded to also scan formats other
than cpio format.

These patches are also available at:

  git://xenbits.xen.org/people/konradwilk/xen.git microcode.v3.2

 docs/misc/xen-command-line.markdown |  14 ++-
 xen/arch/x86/microcode.c            | 174 ++++++++++++++++++++++++++++++++----
 xen/common/Makefile                 |   2 +-
 xen/common/earlycpio.c              | 151 +++++++++++++++++++++++++++++++
 xen/include/xen/earlycpio.h         |  14 +++
 5 files changed, 335 insertions(+), 20 deletions(-)


Konrad Rzeszutek Wilk (2):
      microcode: Scan the initramfs payload for microcode blob.
      microcode: Check whether the microcode is correct.

^ permalink raw reply	[flat|nested] 15+ messages in thread
* [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3.3)
@ 2013-09-27  1:09 Konrad Rzeszutek Wilk
  2013-09-27  1:09 ` [PATCH 1/2] microcode: Scan the initramfs payload for microcode blob Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 15+ messages in thread
From: Konrad Rzeszutek Wilk @ 2013-09-27  1:09 UTC (permalink / raw)
  To: xen-devel, andrew.cooper3, david.vrabel, JBeulich, keir.xen

<blurb from v1>:
Please see the following patch which implements a mechanism to scan
the initramfs for the format of an microcode files. This is a feature
that the Linux kernel has since v3.10 - where it searches in the
initramfs for an archive of the microcode blob. The format is documented
in the Linux tree and the commit description contains it.

The tool to make this work is the initramfs creator. The one tool
'dracut' has support for this via the '--early-microcode' parameter.
(See http://news.gmane.org/gmane.linux.kernel.initramfs for dracut 030
announcement))

That, along with this patch, allows the Xen hypervisor to update the
microcode during bootup. Please review attached patch.

I had also tested just using Linux how well it deals with an initramfs
composed of two cpio images. Testing revealed that it worked great
even if the kernel did not have the early cpio support build in.
David Vrabel pointed out that it b/c:
"The kernel unpacks all cpio archives it finds in the initramfs image so
the kernel doesn't have to be aware of the way tools have packed the
filesystem into different cpio archive."

The way to use this is by the 'ucode' parameter. It has now two meanings:
  [<index>|initrd]

Which CANNOT be used together. By default this auto scanning is turned off
as Jan pointed out that: "Xen otoh has to be careful not to
mis-interpret a blob passed to a non-Linux Dom0 as a CPIO. How
good the guarding against this is in the code I'll have to check".

The author would like to have this on by default but that can wait
till a later time when maintainer is comfortable with this being
on by default.
</blurb from v1>

There is also the question whether the parameter should be 'cpio','initrd'
or 'scan'. As in the future the extraction of the payload could be from
a different format than the cpio (say a microcode blob with an magic
string at the start). The author believes that at that time the logic
to scan the mulitboot payloads can be expanded to also scan formats other
than cpio format. Jan (who initially raised this question) in the last review
did not comment on the choice so I think it is left to Keir (if he cares about
the distinction).

Please apply!

 docs/misc/xen-command-line.markdown |   14 ++-
 xen/arch/x86/microcode.c            |  175 +++++++++++++++++++++++++++++++---
 xen/common/Makefile                 |    2 +-
 xen/common/earlycpio.c              |  151 ++++++++++++++++++++++++++++++
 xen/include/xen/earlycpio.h         |   14 +++
 5 files changed, 336 insertions(+), 20 deletions(-)

Konrad Rzeszutek Wilk (2):
      microcode: Scan the initramfs payload for microcode blob.
      microcode: Check whether the microcode is correct.

^ permalink raw reply	[flat|nested] 15+ messages in thread
* [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3).
@ 2013-09-25 12:57 Konrad Rzeszutek Wilk
  2013-09-25 12:57 ` [PATCH 1/2] microcode: Scan the initramfs payload for microcode blob Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 15+ messages in thread
From: Konrad Rzeszutek Wilk @ 2013-09-25 12:57 UTC (permalink / raw)
  To: xen-devel, jbeulich, david.vrabel

Changelog, since v2 posting (http://mid.gmane.org/1374165371-24716-1-git-send-email-konrad.wilk@oracle.com)
 - Addressed Jan's comments (I hope all of them)

Greetings,

<from v1>
Please see the following patch which implements a mechanism to scan
the initramfs for the format of an microcode files. This is a feature
that the Linux kernel has since v3.10 - where it searches in the
initramfs for an archive of the microcode blob. The format is documented
in the Linux tree and the commit description contains it.

The tool to make this work is the initramfs creator. The one tool
'dracut' has support for this via the '--early-microcode' parameter.
(See http://news.gmane.org/gmane.linux.kernel.initramfs for dracut 030
announcement))

That, along with this patch, allows the Xen hypervisor to update the
microcode during bootup. Please review attached patch.

I had also tested just using Linux how well it deals with an initramfs
composed of two cpio images. Testing revealed that it worked great
even if the kernel did not have the early cpio support build in.
David Vrabel pointed out that it b/c:
"The kernel unpacks all cpio archives it finds in the initramfs image so
the kernel doesn't have to be aware of the way tools have packed the
filesystem into different cpio archive."

The way to use this is by the 'ucode' parameter. It has now two meanings:
  [<index>|initrd]

Which CANNOT be used together. By default this auto scanning is turned off
as Jan pointed out that: "Xen otoh has to be careful not to
mis-interpret a blob passed to a non-Linux Dom0 as a CPIO. How
good the guarding against this is in the code I'll have to check".

The author would like to have this on by default but that can wait
till a later time when maintainer is comfortable with this being
on by default.
</from v1>

There is also the question whether the parameter should be 'cpio','initrd'
or 'scan'. As in the future the extraction of the payload could be from
a different format than the cpio (say a microcode blob with an magic
string at the start). The author believes that at that time the logic
to scan the mulitboot payloads can be expanded to also scan formats other
than cpio format.

These patches are also available at:

  git://xenbits.xen.org/people/konradwilk/xen.git microcode.v3

 docs/misc/xen-command-line.markdown |  14 ++-
 xen/arch/x86/microcode.c            | 177 ++++++++++++++++++++++++++++++++----
 xen/common/Makefile                 |   2 +-
 xen/common/earlycpio.c              | 151 ++++++++++++++++++++++++++++++
 xen/include/xen/earlycpio.h         |  14 +++
 5 files changed, 337 insertions(+), 21 deletions(-)

Konrad Rzeszutek Wilk (2):
      microcode: Scan the initramfs payload for microcode blob.
      microcode: Check whether the microcode is correct.

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2013-09-27  1:32 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-25 15:29 [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3.2) Konrad Rzeszutek Wilk
2013-09-25 15:29 ` [PATCH 1/2] microcode: Scan the initramfs payload for microcode blob Konrad Rzeszutek Wilk
2013-09-25 16:02   ` Jan Beulich
2013-09-25 16:43     ` Konrad Rzeszutek Wilk
2013-09-26  6:31       ` Jan Beulich
2013-09-25 15:29 ` [PATCH 2/2] microcode: Check whether the microcode is correct Konrad Rzeszutek Wilk
2013-09-25 15:39   ` Andrew Cooper
2013-09-25 15:57     ` Konrad Rzeszutek Wilk
2013-09-26  8:19 ` [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3.2) Jan Beulich
2013-09-26 15:04   ` Konrad Rzeszutek Wilk
  -- strict thread matches above, loose matches on Subject: below --
2013-09-27  1:09 [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3.3) Konrad Rzeszutek Wilk
2013-09-27  1:09 ` [PATCH 1/2] microcode: Scan the initramfs payload for microcode blob Konrad Rzeszutek Wilk
2013-09-25 12:57 [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3) Konrad Rzeszutek Wilk
2013-09-25 12:57 ` [PATCH 1/2] microcode: Scan the initramfs payload for microcode blob Konrad Rzeszutek Wilk
2013-09-25 13:09   ` Andrew Cooper
2013-09-25 14:11     ` Konrad Rzeszutek Wilk
2013-09-25 14:51       ` Andrew Cooper

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).