[v1] x86/xen-ucode: Introduce --force option

[PATCH 0/5] x86/xen-ucode: Introduce --force option

Fouad Hilly posted 5 patches 4 weeks ago

Diff against v2 v3
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20240405121128.260493-1-fouad.hilly@cloud.com

There is a newer version of this series

tools/include/xenctrl.h              |  2 +-
tools/libs/ctrl/xc_misc.c            | 12 ++++-
tools/misc/xen-ucode.c               | 69 +++++++++++++++++++++++-----
xen/arch/x86/cpu/microcode/amd.c     |  8 +---
xen/arch/x86/cpu/microcode/core.c    | 12 +++--
xen/arch/x86/cpu/microcode/intel.c   | 11 ++---
xen/arch/x86/include/asm/microcode.h |  2 +-
xen/arch/x86/platform_hypercall.c    | 12 ++++-
xen/include/public/platform.h        |  8 ++++
9 files changed, 102 insertions(+), 34 deletions(-)

Expand all Fold all

[PATCH 0/5] x86/xen-ucode: Introduce --force option

Posted by Fouad Hilly 4 weeks ago

Refactor and introduce --force option to xen-ucode, which skips microcode
version check when updating x86 CPU micocode. A new hypercall introduced
with flags field to facilitate the new option and allow for future flags
as needed.

Fouad Hilly (5):
  x86: Remove x86 low level version check of microcode
  x86: Refactor microcode_update() hypercall with flags field
  x86: Add usage() to print out usage message
  x86: Use getopt to handle command line args
  x86: Add --force option to xen-ucode to override microcode version
    check

 tools/include/xenctrl.h              |  2 +-
 tools/libs/ctrl/xc_misc.c            | 12 ++++-
 tools/misc/xen-ucode.c               | 69 +++++++++++++++++++++++-----
 xen/arch/x86/cpu/microcode/amd.c     |  8 +---
 xen/arch/x86/cpu/microcode/core.c    | 12 +++--
 xen/arch/x86/cpu/microcode/intel.c   | 11 ++---
 xen/arch/x86/include/asm/microcode.h |  2 +-
 xen/arch/x86/platform_hypercall.c    | 12 ++++-
 xen/include/public/platform.h        |  8 ++++
 9 files changed, 102 insertions(+), 34 deletions(-)

-- 
2.42.0

Re: [PATCH 0/5] x86/xen-ucode: Introduce --force option

Posted by Andrew Cooper 3 weeks, 4 days ago

On 05/04/2024 1:11 pm, Fouad Hilly wrote:
> Refactor and introduce --force option to xen-ucode, which skips microcode
> version check when updating x86 CPU micocode. A new hypercall introduced
> with flags field to facilitate the new option and allow for future flags
> as needed.

It's worth giving a bit of background for reviewers.

Basically, my "ucode=allow-same" for testing purposes has proved
insufficient, so we're wanting to replace it with a "user knows what
they're doing and gets to keep the pieces" option instead.

Upcoming is the Intel microcode-revision extension, which has different
implications for Xen than it does for Linux, by virtue of our
proto-support to re-scan CPUID and cope with new things appearing.

Also, while not a consideration for this issue, it subsequently turns
out that there is a microcode bug on Gemini Lake CPUs for which
downgrading the microcode is a viable and practical fix.

In all cases, having an ability to say "trust me, I know what I'm doing,
really try and give this blob to the CPU" would help in some corner cases.

~Andrew