From nobody Thu Dec 18 08:10:23 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1765824168; cv=none; d=zohomail.com; s=zohoarc; b=HubflcTamaiXVkllfJWEseM/pYneJy09Xu9IDisansjx5k/8dVvo+eNecyw+Cpx1vbEJxPuy4yuEbS31AhpBMrkp0wy+CWnLhvZ3+uLHsi2H1E5q9Lphatwo1iQ3zRluwRGadOpusjQmQxXPYfPt003o7oekUJdWhKtfEeiI+3U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1765824168; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=tWfExaDqsghC/g9mOl/LeYRBxy2Sr9vZUZj145GUV9I=; b=RkpA+0yzA2JppECD4ajG1QrdNAcL/OXbLVZ5cSEBbhXzMBmqpQgEmHu2O7tvCxQgKDiYRKQ6vcCq5e7WXJm54WMRK8T1krLoS6chxg1GzdGuG5+6omdw/cZct5zIapk5wcWvuqUmCd5ms03d0CitHRnvRa4EH5bejA0Un4uB2jU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 17658241681301000.4288391586305; Mon, 15 Dec 2025 10:42:48 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.1187435.1508824 (Exim 4.92) (envelope-from ) id 1vVAZD-0007Sg-Rn; Mon, 15 Dec 2025 15:32:55 +0000 Received: by outflank-mailman (output) from mailman id 1187435.1508824; Mon, 15 Dec 2025 15:32:55 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vVAZD-0007SZ-PA; Mon, 15 Dec 2025 15:32:55 +0000 Received: by outflank-mailman (input) for mailman id 1187435; Mon, 15 Dec 2025 15:32:55 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1vVAZD-0007SQ-8F for xen-devel@lists.xenproject.org; Mon, 15 Dec 2025 15:32:55 +0000 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [2a00:1450:4864:20::330]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 506df4cb-d9cb-11f0-9cce-f158ae23cfc8; Mon, 15 Dec 2025 16:32:50 +0100 (CET) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-4779a637712so24361045e9.1 for ; Mon, 15 Dec 2025 07:32:50 -0800 (PST) Received: from localhost.localdomain (host-92-26-102-188.as13285.net. [92.26.102.188]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-430f6a42c8csm12367656f8f.16.2025.12.15.07.32.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Dec 2025 07:32:47 -0800 (PST) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 506df4cb-d9cb-11f0-9cce-f158ae23cfc8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.com; s=google; t=1765812769; x=1766417569; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=tWfExaDqsghC/g9mOl/LeYRBxy2Sr9vZUZj145GUV9I=; b=Jss7NUyXdZbIIgUvEFFIF87isYrYm0MRlmJKFkHCjF/NxvDnccnNYfb2sAQBvrf7AT G3r+LgUgGd4fFAi2XU/YhNbzUskPSazJKcF5BQ+iW24YOOzj4u8CLITu6JmEt+iVyKyp 31bBgX4nYSUklKMCBgp6/uA/ZrmJLwzBkVEB8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765812769; x=1766417569; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=tWfExaDqsghC/g9mOl/LeYRBxy2Sr9vZUZj145GUV9I=; b=NdmiNzATA0/ierQQVXuInYYQdJrQ3Vs9EgWrM4kQeSTCzM8y1ltHBCODe0QkqIMgo8 VAK0uavvkIqwTE+R4+D5Wm64U83io7vWwQMaUtYF0cMiCxUNa6ceXr8DfqKBj11LmQBf ZG/Cs79Vrg5VvCjKKTyRwqpBnkIuSUDrwr4C+PRaa47/896uopzWByUdy/G2C/fQ4Ip9 lIJlhTpqYoLXsvxBe3Y8P87KrhrLAMiopTGmus4W5If0exN7jDFX9pSSTjey2IHeSYW1 K4gie8U5HEpLoQSn/PHUMCopJnH/AhnEBq8/XMi6OMNqKZfTeWSR5MGdC10frLxGAmBw mTSQ== X-Gm-Message-State: AOJu0Yxea+ftiU6sqx7EyJ6Yvwgd1+jleUX8H18U7w4TpPd50poIIZn5 v1WI5svaNiA9Tvz3Pez0HicRveGzHvJe+l7qNGtKq1coJaIBAykNuDbAJkHjTcVjcoPtUn3U52w 62rLG X-Gm-Gg: AY/fxX62Bs50er2fsuQlOVrVv2l+hPqwMhK1n3FHAlVXQKVKEw7b28r9vLp+6+bLCO6 G1eW0EDY3LU1y+dH2yq++usieSbamQO3MQgNlx+rnieKjVcDDUxJP73WgkUxpenJJsmzNXXt6nv fsQxg1R4yoO3+iudZDpYzd7mE29iPK3Sw0uY6vhCJgmeSe3j5Z7gEQfZamwqlk4yyOqAUtrp/fw OASRdc0X55LhgVBGEhIeYLGj9wxwKXNufeP3jA6RxYAHdP0cSuITeRp8/D378De6CN95hIut10W M0PQejv2NttE9q6iMEyD+CE6SGGHt/flnAI0qFH4GKJU1JU4PprY4g2XA1R0df7e9KvP7pgeccy iAW6GxVF9LUtzq/DVBiDD4+fsCREp8cTgXErqlAkp5suQv+my7Sl33YvK10fvQxmXP6esqx62cN fScXKVMppDOEkW3uybyb6g1x+23TQ+JahW3TlkTuMjYF74iY848YbHLJKZhFJn6w== X-Google-Smtp-Source: AGHT+IHiZNUCGoXP38X0ID+QXAPimIRxmAwySmxrbkelNr7NNi1ANhIHMy2ZDYXh2xRrOjimFLFUag== X-Received: by 2002:a05:600c:1994:b0:477:952d:fc00 with SMTP id 5b1f17b1804b1-47a8f8c0a28mr109337795e9.12.1765812768446; Mon, 15 Dec 2025 07:32:48 -0800 (PST) From: Andrew Cooper To: Xen-devel Cc: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Subject: [PATCH v2] x86/ucode: Adjust parse_ucode() to match other list handling Date: Mon, 15 Dec 2025 15:32:45 +0000 Message-Id: <20251215153245.2675388-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1765824171214154100 parse_ucode() is abnormal compared to similar parsing elsewhere in Xen. Invert the ucode_mod_forced check with respect to the "scan" and integer handling, so we can warn the user when we've elected to ignore the paramete= rs, and yield -EINVAL for any unrecognised list element. Rewrite the ucode=3D command line docs for clarity. No practical change. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 v2: * Rebase by a year. * Explain how to use scan=3D for EFI. --- docs/misc/xen-command-line.pandoc | 66 ++++++++++++++++++++----------- xen/arch/x86/cpu/microcode/core.c | 22 +++++++---- 2 files changed, 57 insertions(+), 31 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line= .pandoc index e92b6d55b556..2b4f80c234e1 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2752,34 +2752,52 @@ performance. Alternatively, selecting `tsx=3D1` will re-enable TSX at the users own = risk. =20 ### ucode -> `=3D List of [ | scan=3D, nmi=3D, digest-check=3D<= bool> ]` +> `=3D List of [ , scan=3D, nmi=3D, digest-check=3D ]` =20 Applicability: x86 Default: `scan` is selectable via Kconfig, `nmi,digest-check` =20 -Controls for CPU microcode loading. For early loading, this parameter can -specify how and where to find the microcode update blob. For late loading, -this parameter specifies if the update happens within a NMI handler. - -'integer' specifies the CPU microcode update blob module index. When posit= ive, -this specifies the n-th module (in the GrUB entry, zero based) to be used -for updating CPU micrcode. When negative, counting starts at the end of -the modules in the GrUB entry (so with the blob commonly being last, -one could specify `ucode=3D-1`). Note that the value of zero is not valid -here (entry zero, i.e. the first module, is always the Dom0 kernel -image). Note further that use of this option has an unspecified effect -when used with xen.efi (there the concept of modules doesn't exist, and -the blob gets specified via the `ucode=3D` config file/section -entry; see [EFI configuration file description](efi.html)). - -'scan' instructs the hypervisor to scan the multiboot images for an cpio -image that contains microcode. Depending on the platform the blob with the -microcode in the cpio name space must be: - - on Intel: kernel/x86/microcode/GenuineIntel.bin - - on AMD : kernel/x86/microcode/AuthenticAMD.bin -When using xen.efi, the `ucode=3D` config file setting takes -precedence over `scan`. The default value for `scan` is set with -`CONFIG_UCODE_SCAN_DEFAULT`. +Controls for CPU microcode loading. + +In order to load microcode at boot, Xen needs to find a suitable update +amongst the modules provided by the bootloader. Two kinds of microcode up= date +are supported: + + 1. Raw microcode containers. The format of the container is CPU vendor + specific. + + 2. CPIO archive. This is Linux's preferred mechanism, and involves having + the raw containers expressed as files + (e.g. `kernel/x86/microcode/{GenuineIntel,AuthenticAMD}.bin`) in a CPIO + archive, typically prepended to the initrd. + +The `` and `scan=3D` options are mutually exclusive and sel= ect +between these two options. Further restrictions exist for booting xen.efi +(see below). + + * The `` option nominates a specific multiboot module as a raw + container (option 1 above). Valid options start from 1 (module 0 is + always the dom0 kernel). A negative number may be used, and will + back-reference from the end of the module list. i.e. `ucode=3D-1` will + nominate the final multiboot module. + + * The `scan=3D` option causes Xen to search all modules in order to find= the + first CPIO archive containing the appropriate file (option 2 above). = The + default for this option can be chosen at build time via + `CONFIG_UCODE_SCAN_DEFAULT`. + +When booting xen.efi natively, the concept of multiboot modules doesn't ex= ist. +Instead: + + * In the [EFI configuration file](efi.html), `ucode=3D` can be= used + to identify a file as a raw container (option 1 above). Use of this + mechanism will disable both `` and `scan=3D`. + + * If `ucode=3D` in the EFI configuration file is not used, it = is + still possible to use `scan=3D` to search all modules. The order of m= odule + is undefined, but there is only a single `ramdisk=3D` + configuration option available. The use of `` for xen.efi is + always undefined. =20 'nmi' determines late loading is performed in NMI handler or just in stop_machine context. In NMI handler, even NMIs are blocked, which is diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode= /core.c index fe47c3a6c18d..87ab623bf9e6 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -115,11 +115,6 @@ void __init microcode_set_module(unsigned int idx) ucode_mod_forced =3D 1; } =20 -/* - * The format is '[|scan=3D, nmi=3D]'. Both options a= re - * optional. If the EFI has forced which of the multiboot payloads is to be - * used, only nmi=3D is parsed. - */ static int __init cf_check parse_ucode(const char *s) { const char *ss; @@ -134,13 +129,24 @@ static int __init cf_check parse_ucode(const char *s) ucode_in_nmi =3D val; else if ( (val =3D parse_boolean("digest-check", s, ss)) >=3D 0 ) opt_digest_check =3D val; - else if ( !ucode_mod_forced ) /* Not forced by EFI */ + else if ( (val =3D parse_boolean("scan", s, ss)) >=3D 0 ) { - if ( (val =3D parse_boolean("scan", s, ss)) >=3D 0 ) + if ( ucode_mod_forced ) + printk(XENLOG_WARNING + "Ignoring ucode=3D%.*s setting; overridden by EFI\n= ", + (int)(ss - s), s); + else { opt_scan =3D val; opt_mod_idx =3D 0; } + } + else if ( isdigit(s[0]) || s[0] =3D=3D '-' ) + { + if ( ucode_mod_forced ) + printk(XENLOG_WARNING + "Ignoring ucode=3D%.*s setting; overridden by EFI\n= ", + (int)(ss - s), s); else { const char *q; @@ -155,6 +161,8 @@ static int __init cf_check parse_ucode(const char *s) opt_scan =3D false; } } + else + rc =3D -EINVAL; =20 s =3D ss + 1; } while ( *ss ); --=20 2.39.5