Introduce --force option to xen-ucode to force skipping microcode version check, which
allows the user to update x86 microcode even if both versions are the same or downgrade.
xc_microcode_update() refactored to accept flags and utilize xenpf_microcode_update2.
Signed-off-by: Fouad Hilly <fouad.hilly@cloud.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
[v7]
1- Fix usage() printout message.
[v6]
1- Fix usage() output for -f option to be explicitly wrapped for 80 character width
[v5]
1- Update commit message.
2- Re-phrase --force option description.
[v4]
1- Add --force to xen-ucode options.
2- Update xc_microcode_update() to accept and handle flags.
---
tools/include/xenctrl.h | 3 ++-
tools/libs/ctrl/xc_misc.c | 12 +++++++-----
tools/misc/xen-ucode.c | 16 +++++++++++++---
3 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
index 9ceca0cffc2f..2c4608c09ab0 100644
--- a/tools/include/xenctrl.h
+++ b/tools/include/xenctrl.h
@@ -1171,7 +1171,8 @@ typedef uint32_t xc_node_to_node_dist_t;
int xc_physinfo(xc_interface *xch, xc_physinfo_t *info);
int xc_cputopoinfo(xc_interface *xch, unsigned *max_cpus,
xc_cputopo_t *cputopo);
-int xc_microcode_update(xc_interface *xch, const void *buf, size_t len);
+int xc_microcode_update(xc_interface *xch, const void *buf,
+ size_t len, unsigned int flags);
int xc_get_cpu_version(xc_interface *xch, struct xenpf_pcpu_version *cpu_ver);
int xc_get_ucode_revision(xc_interface *xch,
struct xenpf_ucode_revision *ucode_rev);
diff --git a/tools/libs/ctrl/xc_misc.c b/tools/libs/ctrl/xc_misc.c
index 50282fd60dcc..6a60216bda03 100644
--- a/tools/libs/ctrl/xc_misc.c
+++ b/tools/libs/ctrl/xc_misc.c
@@ -203,11 +203,12 @@ int xc_physinfo(xc_interface *xch,
return 0;
}
-int xc_microcode_update(xc_interface *xch, const void *buf, size_t len)
+int xc_microcode_update(xc_interface *xch, const void *buf,
+ size_t len, unsigned int flags)
{
int ret;
struct xen_platform_op platform_op = {};
- DECLARE_HYPERCALL_BUFFER(struct xenpf_microcode_update, uc);
+ DECLARE_HYPERCALL_BUFFER(struct xenpf_microcode_update2, uc);
uc = xc_hypercall_buffer_alloc(xch, uc, len);
if ( uc == NULL )
@@ -215,9 +216,10 @@ int xc_microcode_update(xc_interface *xch, const void *buf, size_t len)
memcpy(uc, buf, len);
- platform_op.cmd = XENPF_microcode_update;
- platform_op.u.microcode.length = len;
- set_xen_guest_handle(platform_op.u.microcode.data, uc);
+ platform_op.cmd = XENPF_microcode_update2;
+ platform_op.u.microcode2.length = len;
+ platform_op.u.microcode2.flags = flags;
+ set_xen_guest_handle(platform_op.u.microcode2.data, uc);
ret = do_platform_op(xch, &platform_op);
diff --git a/tools/misc/xen-ucode.c b/tools/misc/xen-ucode.c
index bfc1e74dd5cc..2d2b520c0082 100644
--- a/tools/misc/xen-ucode.c
+++ b/tools/misc/xen-ucode.c
@@ -13,6 +13,8 @@
#include <xenctrl.h>
#include <getopt.h>
+#include <xen/platform.h>
+
static xc_interface *xch;
static const char intel_id[] = "GenuineIntel";
@@ -79,7 +81,10 @@ static void usage(FILE *stream, const char *name)
"Usage: %s [options | microcode-file]\n"
"options:\n"
" -h, --help display this help\n"
- " -s, --show-cpu-info show CPU information\n",
+ " -s, --show-cpu-info show CPU information\n"
+ " -f, --force skip certain checks when applying\n"
+ " microcode; do not use unless you know\n"
+ " exactly what you are doing\n",
name, name);
show_curr_cpu(stream);
}
@@ -89,6 +94,7 @@ int main(int argc, char *argv[])
static const struct option options[] = {
{"help", no_argument, NULL, 'h'},
{"show-cpu-info", no_argument, NULL, 's'},
+ {"force", no_argument, NULL, 'f'},
{NULL, no_argument, NULL, 0}
};
int fd, ret;
@@ -96,6 +102,7 @@ int main(int argc, char *argv[])
size_t len;
struct stat st;
int opt;
+ uint32_t ucode_flags = 0;
xch = xc_interface_open(NULL, NULL, 0);
if ( xch == NULL )
@@ -105,7 +112,7 @@ int main(int argc, char *argv[])
exit(1);
}
- while ( (opt = getopt_long(argc, argv, "hs", options, NULL)) != -1 )
+ while ( (opt = getopt_long(argc, argv, "hsf", options, NULL)) != -1 )
{
switch ( opt )
{
@@ -117,6 +124,9 @@ int main(int argc, char *argv[])
show_curr_cpu(stdout);
exit(EXIT_SUCCESS);
+ case 'f':
+ ucode_flags = XENPF_UCODE_FORCE;
+ break;
default:
fprintf(stderr, "%s: unknown option\n", argv[0]);
goto ext_err;
@@ -160,7 +170,7 @@ int main(int argc, char *argv[])
}
errno = 0;
- ret = xc_microcode_update(xch, buf, len);
+ ret = xc_microcode_update(xch, buf, len, ucode_flags);
if ( ret == -1 && errno == EEXIST )
printf("Microcode already up to date\n");
else if ( ret )
--
2.42.0
On 22.08.2024 15:04, Fouad Hilly wrote: > @@ -79,7 +81,10 @@ static void usage(FILE *stream, const char *name) > "Usage: %s [options | microcode-file]\n" > "options:\n" > " -h, --help display this help\n" > - " -s, --show-cpu-info show CPU information\n", > + " -s, --show-cpu-info show CPU information\n" > + " -f, --force skip certain checks when applying\n" > + " microcode; do not use unless you know\n" > + " exactly what you are doing\n", > name, name); As indicated before: --force does no longer fit "[options | microcode-file]". The form coming closest is imo going to be "[options] [microcode-file]", with the file name simply taking no effect when specified together with one of the pre-existing two options. Jan
On Fri, Aug 23, 2024 at 7:48 AM Jan Beulich <jbeulich@suse.com> wrote: > On 22.08.2024 15:04, Fouad Hilly wrote: > > @@ -79,7 +81,10 @@ static void usage(FILE *stream, const char *name) > > "Usage: %s [options | microcode-file]\n" > > "options:\n" > > " -h, --help display this help\n" > > - " -s, --show-cpu-info show CPU information\n", > > + " -s, --show-cpu-info show CPU information\n" > > + " -f, --force skip certain checks when > applying\n" > > + " microcode; do not use unless > you know\n" > > + " exactly what you are doing\n", > > name, name); > > As indicated before: --force does no longer fit "[options | > microcode-file]". > The form coming closest is imo going to be "[options] [microcode-file]", > with > the file name simply taking no effect when specified together with one of > the > pre-existing two options. > My bad, I missed this change in v7. I agree, "[options] [microcode-file]" seems to better fit with the introduction of --force. If there are no further comments on the rest of the patch series, I can prep v8 with this change. > > Jan > Thanks, Fouad
© 2016 - 2024 Red Hat, Inc.