From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: [PATCH] microcode: Scan the multiboot payloads for cpio format microcode blob. (v3.3) Date: Fri, 27 Sep 2013 06:31:55 +0100 Message-ID: References: <1380244190-1953-1-git-send-email-konrad.wilk@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VPQep-0000TA-4R for xen-devel@lists.xenproject.org; Fri, 27 Sep 2013 05:32:03 +0000 Received: by mail-wg0-f54.google.com with SMTP id m15so2158200wgh.33 for ; Thu, 26 Sep 2013 22:32:01 -0700 (PDT) In-Reply-To: <1380244190-1953-1-git-send-email-konrad.wilk@oracle.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Konrad Rzeszutek Wilk , xen-devel@lists.xenproject.org, Andrew Cooper , david.vrabel@citrix.com, JBeulich@suse.com List-Id: xen-devel@lists.xenproject.org Acked-by: Keir Fraser On 27/09/2013 02:09, "Konrad Rzeszutek Wilk" wrote: > : > Please see the following patch which implements a mechanism to scan > the initramfs for the format of an microcode files. This is a feature > that the Linux kernel has since v3.10 - where it searches in the > initramfs for an archive of the microcode blob. The format is documented > in the Linux tree and the commit description contains it. > > The tool to make this work is the initramfs creator. The one tool > 'dracut' has support for this via the '--early-microcode' parameter. > (See http://news.gmane.org/gmane.linux.kernel.initramfs for dracut 030 > announcement)) > > That, along with this patch, allows the Xen hypervisor to update the > microcode during bootup. Please review attached patch. > > I had also tested just using Linux how well it deals with an initramfs > composed of two cpio images. Testing revealed that it worked great > even if the kernel did not have the early cpio support build in. > David Vrabel pointed out that it b/c: > "The kernel unpacks all cpio archives it finds in the initramfs image so > the kernel doesn't have to be aware of the way tools have packed the > filesystem into different cpio archive." > > The way to use this is by the 'ucode' parameter. It has now two meanings: > [|initrd] > > Which CANNOT be used together. By default this auto scanning is turned off > as Jan pointed out that: "Xen otoh has to be careful not to > mis-interpret a blob passed to a non-Linux Dom0 as a CPIO. How > good the guarding against this is in the code I'll have to check". > > The author would like to have this on by default but that can wait > till a later time when maintainer is comfortable with this being > on by default. > > > There is also the question whether the parameter should be 'cpio','initrd' > or 'scan'. As in the future the extraction of the payload could be from > a different format than the cpio (say a microcode blob with an magic > string at the start). The author believes that at that time the logic > to scan the mulitboot payloads can be expanded to also scan formats other > than cpio format. Jan (who initially raised this question) in the last review > did not comment on the choice so I think it is left to Keir (if he cares about > the distinction). > > Please apply! > > docs/misc/xen-command-line.markdown | 14 ++- > xen/arch/x86/microcode.c | 175 +++++++++++++++++++++++++++++++--- > xen/common/Makefile | 2 +- > xen/common/earlycpio.c | 151 ++++++++++++++++++++++++++++++ > xen/include/xen/earlycpio.h | 14 +++ > 5 files changed, 336 insertions(+), 20 deletions(-) > > Konrad Rzeszutek Wilk (2): > microcode: Scan the initramfs payload for microcode blob. > microcode: Check whether the microcode is correct. >