1. Patchew
  2. Xen
  3. View series

[PATCH] x86/ucode: Add option to scan microcode by default

Ross Lagerwall posted 1 patch 8 months, 2 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20250217160844.3164003-1-ross.lagerwall@citrix.com
There is a newer version of this series
xen/arch/x86/Kconfig              | 11 +++++++++++
xen/arch/x86/cpu/microcode/core.c |  2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
[PATCH] x86/ucode: Add option to scan microcode by default
Posted by Ross Lagerwall 8 months, 2 weeks ago 
A lot of systems automatically add microcode to the initrd so it can be
useful as a vendor policy to always scan for microcode. Add a Kconfig
option to allow setting the default behaviour.

The default behaviour is unchanged since the new option defaults to
"no".

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 xen/arch/x86/Kconfig              | 11 +++++++++++
 xen/arch/x86/cpu/microcode/core.c |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 9cdd04721afa..b806d8bc3319 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -383,6 +383,17 @@ config ALTP2M
 
 	  If unsure, stay with defaults.
 
+config UCODE_SCAN_DEFAULT
+	def_bool n
+	prompt "Scan for microcode by default"
+	help
+	  During boot, Xen can scan the multiboot images for a CPIO archive
+	  containing CPU microcode to be loaded.
+
+	  Enabling this option will cause Xen to scan for it by default.
+
+	  If unsure, say N.
+
 endmenu
 
 source "common/Kconfig"
diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c
index 87283cff1de4..de00c22b4bd6 100644
--- a/xen/arch/x86/cpu/microcode/core.c
+++ b/xen/arch/x86/cpu/microcode/core.c
@@ -100,7 +100,7 @@ static struct microcode_patch *microcode_cache;
  * location we require that they are not both active together.
  */
 static int __initdata opt_mod_idx;
-static bool __initdata opt_scan;
+static bool __initdata opt_scan = IS_ENABLED(CONFIG_UCODE_SCAN_DEFAULT);
 
 /*
  * Used by the EFI path only, when xen.cfg identifies an explicit microcode
-- 
2.48.1
Re: [PATCH] x86/ucode: Add option to scan microcode by default
Posted by Andrew Cooper 8 months, 2 weeks ago 
On 17/02/2025 4:08 pm, Ross Lagerwall wrote:
> A lot of systems automatically add microcode to the initrd so it can be
> useful as a vendor policy to always scan for microcode. Add a Kconfig
> option to allow setting the default behaviour.
>
> The default behaviour is unchanged since the new option defaults to
> "no".
>
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

I'm pretty sure this is safe on 4.20.

Prior versions of Xen need the fix to make idx/scan be mutually
exclusive, which hasn't been backported yet IIRC.

> ---
>  xen/arch/x86/Kconfig              | 11 +++++++++++
>  xen/arch/x86/cpu/microcode/core.c |  2 +-
>  2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
> index 9cdd04721afa..b806d8bc3319 100644
> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -383,6 +383,17 @@ config ALTP2M
>  
>  	  If unsure, stay with defaults.
>  
> +config UCODE_SCAN_DEFAULT
> +	def_bool n
> +	prompt "Scan for microcode by default"
> +	help
> +	  During boot, Xen can scan the multiboot images for a CPIO archive
> +	  containing CPU microcode to be loaded.

", which is Linux's mechanism for early microcode loading."

This is quite an important point to cover.

> +
> +	  Enabling this option will cause Xen to scan for it by default.
> +
> +	  If unsure, say N.

Personally I don't like this "If unsure", because it's almost always
redundant with the default.

In this case, it really ought to be "set if you have a Linux dom0",
which in turn begs the question as to whether it ought to be bool y.

~Andrew
Re: [PATCH] x86/ucode: Add option to scan microcode by default
Posted by Ross Lagerwall 8 months, 2 weeks ago 
On Mon, Feb 17, 2025 at 4:44 PM Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>
> On 17/02/2025 4:08 pm, Ross Lagerwall wrote:
> > A lot of systems automatically add microcode to the initrd so it can be
> > useful as a vendor policy to always scan for microcode. Add a Kconfig
> > option to allow setting the default behaviour.
> >
> > The default behaviour is unchanged since the new option defaults to
> > "no".
> >
> > Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
>
> I'm pretty sure this is safe on 4.20.
>
> Prior versions of Xen need the fix to make idx/scan be mutually
> exclusive, which hasn't been backported yet IIRC.
>
> > ---
> >  xen/arch/x86/Kconfig              | 11 +++++++++++
> >  xen/arch/x86/cpu/microcode/core.c |  2 +-
> >  2 files changed, 12 insertions(+), 1 deletion(-)
> >
> > diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
> > index 9cdd04721afa..b806d8bc3319 100644
> > --- a/xen/arch/x86/Kconfig
> > +++ b/xen/arch/x86/Kconfig
> > @@ -383,6 +383,17 @@ config ALTP2M
> >
> >         If unsure, stay with defaults.
> >
> > +config UCODE_SCAN_DEFAULT
> > +     def_bool n
> > +     prompt "Scan for microcode by default"
> > +     help
> > +       During boot, Xen can scan the multiboot images for a CPIO archive
> > +       containing CPU microcode to be loaded.
>
> ", which is Linux's mechanism for early microcode loading."
>
> This is quite an important point to cover.
>
> > +
> > +       Enabling this option will cause Xen to scan for it by default.
> > +
> > +       If unsure, say N.
>
> Personally I don't like this "If unsure", because it's almost always
> redundant with the default.
>
> In this case, it really ought to be "set if you have a Linux dom0",
> which in turn begs the question as to whether it ought to be bool y.
>

I agree with you that changing the default to yes is probably a good
idea but I think it would be better to separate making it configurable
from changing the default behaviour.

Ross
Re: [PATCH] x86/ucode: Add option to scan microcode by default
Posted by Jan Beulich 8 months, 2 weeks ago 
On 17.02.2025 17:08, Ross Lagerwall wrote:
> A lot of systems automatically add microcode to the initrd so it can be
> useful as a vendor policy to always scan for microcode. Add a Kconfig
> option to allow setting the default behaviour.
> 
> The default behaviour is unchanged since the new option defaults to
> "no".
> 
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
> ---
>  xen/arch/x86/Kconfig              | 11 +++++++++++
>  xen/arch/x86/cpu/microcode/core.c |  2 +-
>  2 files changed, 12 insertions(+), 1 deletion(-)

Please also update the command line doc accordingly.

> --- a/xen/arch/x86/Kconfig
> +++ b/xen/arch/x86/Kconfig
> @@ -383,6 +383,17 @@ config ALTP2M
>  
>  	  If unsure, stay with defaults.
>  
> +config UCODE_SCAN_DEFAULT
> +	def_bool n

Just "bool" will suffice.

Also can you please send patches To: the list, with maintainers Cc:-ed?

Jan
Re: [PATCH] x86/ucode: Add option to scan microcode by default
Posted by Andrew Cooper 8 months, 2 weeks ago 
On 17/02/2025 4:18 pm, Jan Beulich wrote:
> On 17.02.2025 17:08, Ross Lagerwall wrote:
>> A lot of systems automatically add microcode to the initrd so it can be
>> useful as a vendor policy to always scan for microcode. Add a Kconfig
>> option to allow setting the default behaviour.
>>
>> The default behaviour is unchanged since the new option defaults to
>> "no".
>>
>> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
>> ---
>>  xen/arch/x86/Kconfig              | 11 +++++++++++
>>  xen/arch/x86/cpu/microcode/core.c |  2 +-
>>  2 files changed, 12 insertions(+), 1 deletion(-)
> Please also update the command line doc accordingly.

I've got an open task to fix both the cmdline and sphinx docs WRT
changes in 4.20.  I could do this too.

~Andrew

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.