From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3AABCA0EC3 for ; Tue, 12 Sep 2023 07:57:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231685AbjILH56 (ORCPT ); Tue, 12 Sep 2023 03:57:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231921AbjILH5u (ORCPT ); Tue, 12 Sep 2023 03:57:50 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D204A10C3 for ; Tue, 12 Sep 2023 00:57:46 -0700 (PDT) Message-ID: <20230912065500.823314239@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=jaKHr6eiysuu+qBYXUtlJbn5DXhl3rPJSwWAFNDS4aU=; b=wd5uyinoAXJtlAwc1/gUhJXMFtpSN02/3F8ENRAn43QD528NW/BhR+io1+meFRzccqOqDr K60L7RjA5giU/8rP7Baco89zTH77WFQme+NkVgSH9e5CTQJHQ378UxOgc026MG9VMyQA5m aYOnyrmFRgpHFGLQSXT8Gw0VUz0pOH3m/0BEKI3vPrL13Y+lnNURb8bS9pyL322McmEnKC OGt/HMIG7q9DLO+wbNVWvKEHqzZYJxvHSkIumbozrtLn5Bkch9DB0qq+ZeqCfpJU78OTa/ xQA9/fnIHfp+8TGo+qqIsR60luBo5v3SOTYBt3iTL75Pmiye70d0WRfMbkgaaQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=jaKHr6eiysuu+qBYXUtlJbn5DXhl3rPJSwWAFNDS4aU=; b=o9whDX/taYtY/Cks6BdnIlG6cGIHTpcDiK1AQUv/VhTDVs9ruN9K27I104LJZv50FZHMrE b8TNPJbeH92/rEBQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov , Fenghua Yu , Peter Anvin Subject: [patch V3 01/30] x86/microcode/32: Move early loading after paging enable References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:44 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" 32-bit loads microcode before paging is enabled. The commit which introduced that has zero justification in the changelog. The cover letter has slightly more content, but it does not give any technical justification either: "The problem in current microcode loading method is that we load a microcode way, way too late; ideally we should load it before turning paging on. This may only be practical on 32 bits since we can't get to 64-bit mode without paging on, but we should still do it as early as at all possible." Handwaving word salad with zero technical content. Someone claimed in an offlist conversation that this is required for curing the ATOM erratum AAE44/AAF40/AAG38/AAH41. That erratum requires an microcode update in order to make the usage of PSE safe. But during early boot PSE is completely irrelevant and it is evaluated way later. Neither is it relevant for the AP on single core HT enabled CPUs as the microcode loading on the AP is not doing anything. On dual core CPUs there is a theoretical problem if a split of an executable large page between enabling paging including PSE and loading the microcode happens. But that's only theoretical, it's practically irrelevant because the affected dual core CPUs are 64bit enabled and therefore have paging and PSE enabled before loading the microcode on the second core. So why would it work on 64-bit but not on 32-bit? The erratum: "AAG38 Code Fetch May Occur to Incorrect Address After a Large Page is Split Into 4-Kbyte Pages Problem: If software clears the PS (page size) bit in a present PDE (page directory entry), that will cause linear addresses mapped through this PDE to use 4-KByte pages instead of using a large page after old TLB entries are invalidated. Due to this erratum, if a code fetch uses this PDE before the TLB entry for the large page is invalidated then it may fetch from a different physical address than specified by either the old large page translation or the new 4-KByte page translation. This erratum may also cause speculative code fetches from incorrect addresses= ." The practical relevance for this is exactly zero because there is no splitting of large text pages during early boot-time, i.e. between paging enable and microcode loading, and neither during CPU hotplug. IOW, this load microcode before paging enable is yet another voodoo programming solution in search of a problem. What's worse is that it causes at least two serious problems: 1) When stackprotector is enabled then the microcode loader code has the stackprotector mechanics enabled. The read from the per CPU variable __stack_chk_guard is always accessing the virtual address either directly on UP or via FS on SMP. In physical address mode this results in an access to memory above 3GB. So this works by chance as the hardware returns the same value when there is no RAM at this physical address. When there is RAM populated above 3G then the read is by chance the same as nothing changes that memory during the very early boot stage. That's not necessarily true during runtime CPU hotplug. 2) When function tracing is enabled, then the relevant microcode loader functions and the functions invoked from there will call into the tracing code and evaluate global and per CPU variables in physical address mode. What could potentially go wrong? Cure this and move the microcode loading after the early paging enable and remove the gunk in the microcode loader which is required to handle physical address mode. Signed-off-by: Thomas Gleixner Cc: Fenghua Yu Cc: Peter Anvin Link: https://lore.kernel.org/lkml/1356075872-3054-1-git-send-email-fenghua= .yu@intel.com --- arch/x86/include/asm/microcode.h | 5 - arch/x86/kernel/cpu/common.c | 12 --- arch/x86/kernel/cpu/microcode/amd.c | 31 +------- arch/x86/kernel/cpu/microcode/core.c | 73 ++++---------------- arch/x86/kernel/cpu/microcode/intel.c | 108 +++-----------------------= ----- arch/x86/kernel/cpu/microcode/internal.h | 2=20 arch/x86/kernel/head32.c | 3=20 arch/x86/kernel/head_32.S | 10 -- arch/x86/kernel/smpboot.c | 12 +-- 9 files changed, 41 insertions(+), 215 deletions(-) --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -68,11 +68,6 @@ static inline u32 intel_get_microcode_re =20 return rev; } - -void show_ucode_info_early(void); - -#else /* CONFIG_CPU_SUP_INTEL */ -static inline void show_ucode_info_early(void) { } #endif /* !CONFIG_CPU_SUP_INTEL */ =20 #endif /* _ASM_X86_MICROCODE_H */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2123,8 +2123,6 @@ static inline void setup_getcpu(int cpu) } =20 #ifdef CONFIG_X86_64 -static inline void ucode_cpu_init(int cpu) { } - static inline void tss_setup_ist(struct tss_struct *tss) { /* Set up the per-CPU TSS IST stacks */ @@ -2135,16 +2133,8 @@ static inline void tss_setup_ist(struct /* Only mapped when SEV-ES is active */ tss->x86_tss.ist[IST_INDEX_VC] =3D __this_cpu_ist_top_va(VC); } - #else /* CONFIG_X86_64 */ - -static inline void ucode_cpu_init(int cpu) -{ - show_ucode_info_early(); -} - static inline void tss_setup_ist(struct tss_struct *tss) { } - #endif /* !CONFIG_X86_64 */ =20 static inline void tss_setup_io_bitmap(struct tss_struct *tss) @@ -2200,8 +2190,6 @@ void cpu_init(void) struct task_struct *cur =3D current; int cpu =3D raw_smp_processor_id(); =20 - ucode_cpu_init(cpu); - #ifdef CONFIG_NUMA if (this_cpu_read(numa_node) =3D=3D 0 && early_cpu_to_node(cpu) !=3D NUMA_NO_NODE) --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -456,14 +456,8 @@ static bool early_apply_microcode(u32 cp { struct cont_desc desc =3D { 0 }; struct microcode_amd *mc; - u32 rev, dummy, *new_rev; bool ret =3D false; - -#ifdef CONFIG_X86_32 - new_rev =3D (u32 *)__pa_nodebug(&ucode_new_rev); -#else - new_rev =3D &ucode_new_rev; -#endif + u32 rev, dummy; =20 desc.cpuid_1_eax =3D cpuid_1_eax; =20 @@ -484,8 +478,8 @@ static bool early_apply_microcode(u32 cp return ret; =20 if (!__apply_microcode_amd(mc)) { - *new_rev =3D mc->hdr.patch_id; - ret =3D true; + ucode_new_rev =3D mc->hdr.patch_id; + ret =3D true; } =20 return ret; @@ -514,26 +508,13 @@ static bool get_builtin_microcode(struct =20 static void find_blobs_in_containers(unsigned int cpuid_1_eax, struct cpio= _data *ret) { - struct ucode_cpu_info *uci; struct cpio_data cp; - const char *path; - bool use_pa; - - if (IS_ENABLED(CONFIG_X86_32)) { - uci =3D (struct ucode_cpu_info *)__pa_nodebug(ucode_cpu_info); - path =3D (const char *)__pa_nodebug(ucode_path); - use_pa =3D true; - } else { - uci =3D ucode_cpu_info; - path =3D ucode_path; - use_pa =3D false; - } =20 if (!get_builtin_microcode(&cp, x86_family(cpuid_1_eax))) - cp =3D find_microcode_in_initrd(path, use_pa); + cp =3D find_microcode_in_initrd(ucode_path); =20 /* Needed in load_microcode_amd() */ - uci->cpu_sig.sig =3D cpuid_1_eax; + ucode_cpu_info->cpu_sig.sig =3D cpuid_1_eax; =20 *ret =3D cp; } @@ -562,7 +543,7 @@ int __init save_microcode_in_initrd_amd( enum ucode_state ret; struct cpio_data cp; =20 - cp =3D find_microcode_in_initrd(ucode_path, false); + cp =3D find_microcode_in_initrd(ucode_path); if (!(cp.data && cp.size)) return -EINVAL; =20 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -90,10 +90,7 @@ static bool amd_check_current_patch_leve =20 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy); =20 - if (IS_ENABLED(CONFIG_X86_32)) - levels =3D (u32 *)__pa_nodebug(&final_levels); - else - levels =3D final_levels; + levels =3D final_levels; =20 for (i =3D 0; levels[i]; i++) { if (lvl =3D=3D levels[i]) @@ -105,17 +102,8 @@ static bool amd_check_current_patch_leve static bool __init check_loader_disabled_bsp(void) { static const char *__dis_opt_str =3D "dis_ucode_ldr"; - -#ifdef CONFIG_X86_32 - const char *cmdline =3D (const char *)__pa_nodebug(boot_command_line); - const char *option =3D (const char *)__pa_nodebug(__dis_opt_str); - bool *res =3D (bool *)__pa_nodebug(&dis_ucode_ldr); - -#else /* CONFIG_X86_64 */ const char *cmdline =3D boot_command_line; const char *option =3D __dis_opt_str; - bool *res =3D &dis_ucode_ldr; -#endif =20 /* * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not @@ -123,17 +111,17 @@ static bool __init check_loader_disabled * that's good enough as they don't land on the BSP path anyway. */ if (native_cpuid_ecx(1) & BIT(31)) - return *res; + return true; =20 if (x86_cpuid_vendor() =3D=3D X86_VENDOR_AMD) { if (amd_check_current_patch_level()) - return *res; + return true; } =20 if (cmdline_find_option_bool(cmdline, option) <=3D 0) - *res =3D false; + dis_ucode_ldr =3D false; =20 - return *res; + return dis_ucode_ldr; } =20 void __init load_ucode_bsp(void) @@ -171,20 +159,11 @@ void __init load_ucode_bsp(void) load_ucode_amd_early(cpuid_1_eax); } =20 -static bool check_loader_disabled_ap(void) -{ -#ifdef CONFIG_X86_32 - return *((bool *)__pa_nodebug(&dis_ucode_ldr)); -#else - return dis_ucode_ldr; -#endif -} - void load_ucode_ap(void) { unsigned int cpuid_1_eax; =20 - if (check_loader_disabled_ap()) + if (dis_ucode_ldr) return; =20 cpuid_1_eax =3D native_cpuid_eax(1); @@ -226,40 +205,31 @@ static int __init save_microcode_in_init return ret; } =20 -struct cpio_data find_microcode_in_initrd(const char *path, bool use_pa) +struct cpio_data find_microcode_in_initrd(const char *path) { #ifdef CONFIG_BLK_DEV_INITRD unsigned long start =3D 0; size_t size; =20 #ifdef CONFIG_X86_32 - struct boot_params *params; - - if (use_pa) - params =3D (struct boot_params *)__pa_nodebug(&boot_params); - else - params =3D &boot_params; - - size =3D params->hdr.ramdisk_size; - + size =3D boot_params.hdr.ramdisk_size; /* * Set start only if we have an initrd image. We cannot use initrd_start * because it is not set that early yet. */ if (size) - start =3D params->hdr.ramdisk_image; + start =3D boot_params.hdr.ramdisk_image; =20 -# else /* CONFIG_X86_64 */ +#else /* CONFIG_X86_64 */ size =3D (unsigned long)boot_params.ext_ramdisk_size << 32; size |=3D boot_params.hdr.ramdisk_size; =20 if (size) { start =3D (unsigned long)boot_params.ext_ramdisk_image << 32; start |=3D boot_params.hdr.ramdisk_image; - start +=3D PAGE_OFFSET; } -# endif +#endif =20 /* * Fixup the start address: after reserve_initrd() runs, initrd_start @@ -270,23 +240,10 @@ struct cpio_data find_microcode_in_initr * initrd_gone is for the hotplug case where we've thrown out initrd * already. */ - if (!use_pa) { - if (initrd_gone) - return (struct cpio_data){ NULL, 0, "" }; - if (initrd_start) - start =3D initrd_start; - } else { - /* - * The picture with physical addresses is a bit different: we - * need to get the *physical* address to which the ramdisk was - * relocated, i.e., relocated_ramdisk (not initrd_start) and - * since we're running from physical addresses, we need to access - * relocated_ramdisk through its *physical* address too. - */ - u64 *rr =3D (u64 *)__pa_nodebug(&relocated_ramdisk); - if (*rr) - start =3D *rr; - } + if (initrd_gone) + return (struct cpio_data){ NULL, 0, "" }; + if (initrd_start) + start =3D initrd_start; =20 return find_cpio_data(path, (void *)start, size, NULL); #else /* !CONFIG_BLK_DEV_INITRD */ --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -319,15 +319,8 @@ static void save_microcode_patch(struct if (!intel_find_matching_signature(p->data, uci->cpu_sig.sig, uci->cpu_si= g.pf)) return; =20 - /* - * Save for early loading. On 32-bit, that needs to be a physical - * address as the APs are running from physical addresses, before - * paging has been enabled. - */ - if (IS_ENABLED(CONFIG_X86_32)) - intel_ucode_patch =3D (struct microcode_intel *)__pa_nodebug(p->data); - else - intel_ucode_patch =3D p->data; + /* Save for early loading */ + intel_ucode_patch =3D p->data; } =20 /* @@ -420,66 +413,10 @@ static bool load_builtin_intel_microcode return false; } =20 -static void print_ucode_info(int old_rev, int new_rev, unsigned int date) -{ - pr_info_once("updated early: 0x%x -> 0x%x, date =3D %04x-%02x-%02x\n", - old_rev, - new_rev, - date & 0xffff, - date >> 24, - (date >> 16) & 0xff); -} - -#ifdef CONFIG_X86_32 - -static int delay_ucode_info; -static int current_mc_date; -static int early_old_rev; - -/* - * Print early updated ucode info after printk works. This is delayed info= dump. - */ -void show_ucode_info_early(void) -{ - struct ucode_cpu_info uci; - - if (delay_ucode_info) { - intel_cpu_collect_info(&uci); - print_ucode_info(early_old_rev, uci.cpu_sig.rev, current_mc_date); - delay_ucode_info =3D 0; - } -} - -/* - * At this point, we can not call printk() yet. Delay printing microcode i= nfo in - * show_ucode_info_early() until printk() works. - */ -static void print_ucode(int old_rev, int new_rev, int date) -{ - int *delay_ucode_info_p; - int *current_mc_date_p; - int *early_old_rev_p; - - delay_ucode_info_p =3D (int *)__pa_nodebug(&delay_ucode_info); - current_mc_date_p =3D (int *)__pa_nodebug(¤t_mc_date); - early_old_rev_p =3D (int *)__pa_nodebug(&early_old_rev); - - *delay_ucode_info_p =3D 1; - *current_mc_date_p =3D date; - *early_old_rev_p =3D old_rev; -} -#else - -static inline void print_ucode(int old_rev, int new_rev, int date) -{ - print_ucode_info(old_rev, new_rev, date); -} -#endif - static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) { struct microcode_intel *mc; - u32 rev, old_rev; + u32 rev, old_rev, date; =20 mc =3D uci->mc; if (!mc) @@ -513,11 +450,9 @@ static int apply_microcode_early(struct =20 uci->cpu_sig.rev =3D rev; =20 - if (early) - print_ucode(old_rev, uci->cpu_sig.rev, mc->hdr.date); - else - print_ucode_info(old_rev, uci->cpu_sig.rev, mc->hdr.date); - + date =3D mc->hdr.date; + pr_info_once("updated early: 0x%x -> 0x%x, date =3D %04x-%02x-%02x\n", + old_rev, rev, date & 0xffff, date >> 24, (date >> 16) & 0xff); return 0; } =20 @@ -535,7 +470,7 @@ int __init save_microcode_in_initrd_inte intel_ucode_patch =3D NULL; =20 if (!load_builtin_intel_microcode(&cp)) - cp =3D find_microcode_in_initrd(ucode_path, false); + cp =3D find_microcode_in_initrd(ucode_path); =20 if (!(cp.data && cp.size)) return 0; @@ -551,21 +486,11 @@ int __init save_microcode_in_initrd_inte */ static struct microcode_intel *__load_ucode_intel(struct ucode_cpu_info *u= ci) { - static const char *path; struct cpio_data cp; - bool use_pa; - - if (IS_ENABLED(CONFIG_X86_32)) { - path =3D (const char *)__pa_nodebug(ucode_path); - use_pa =3D true; - } else { - path =3D ucode_path; - use_pa =3D false; - } =20 /* try built-in microcode first */ if (!load_builtin_intel_microcode(&cp)) - cp =3D find_microcode_in_initrd(path, use_pa); + cp =3D find_microcode_in_initrd(ucode_path); =20 if (!(cp.data && cp.size)) return NULL; @@ -591,24 +516,15 @@ void __init load_ucode_intel_bsp(void) =20 void load_ucode_intel_ap(void) { - struct microcode_intel *patch, **iup; struct ucode_cpu_info uci; =20 - if (IS_ENABLED(CONFIG_X86_32)) - iup =3D (struct microcode_intel **) __pa_nodebug(&intel_ucode_patch); - else - iup =3D &intel_ucode_patch; - - if (!*iup) { - patch =3D __load_ucode_intel(&uci); - if (!patch) + if (!intel_ucode_patch) { + intel_ucode_patch =3D __load_ucode_intel(&uci); + if (!intel_ucode_patch) return; - - *iup =3D patch; } =20 - uci.mc =3D *iup; - + uci.mc =3D intel_ucode_patch; apply_microcode_early(&uci, true); } =20 --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -44,7 +44,7 @@ struct microcode_ops { }; =20 extern struct ucode_cpu_info ucode_cpu_info[]; -struct cpio_data find_microcode_in_initrd(const char *path, bool use_pa); +struct cpio_data find_microcode_in_initrd(const char *path); =20 #define MAX_UCODE_COUNT 128 =20 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include =20 @@ -34,6 +35,8 @@ asmlinkage __visible void __init __noret /* Make sure IDT is set up before any exception happens */ idt_setup_early_handler(); =20 + load_ucode_bsp(); + cr4_init_shadow(); =20 sanitize_boot_params(&boot_params); --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -118,11 +118,6 @@ SYM_CODE_START(startup_32) movl %eax, pa(olpc_ofw_pgd) #endif =20 -#ifdef CONFIG_MICROCODE - /* Early load ucode on BSP. */ - call load_ucode_bsp -#endif - /* Create early pagetables. */ call mk_early_pgtbl_32 =20 @@ -157,11 +152,6 @@ SYM_FUNC_START(startup_32_smp) movl %eax,%ss leal -__PAGE_OFFSET(%ecx),%esp =20 -#ifdef CONFIG_MICROCODE - /* Early load ucode on AP. */ - call load_ucode_ap -#endif - .Ldefault_entry: movl $(CR0_STATE & ~X86_CR0_PG),%eax movl %eax,%cr0 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -258,12 +258,9 @@ static void notrace start_secondary(void cpu_init_exception_handling(); =20 /* - * 32-bit systems load the microcode from the ASM startup code for - * historical reasons. - * - * On 64-bit systems load it before reaching the AP alive - * synchronization point below so it is not part of the full per - * CPU serialized bringup part when "parallel" bringup is enabled. + * Load the microcode before reaching the AP alive synchronization + * point below so it is not part of the full per CPU serialized + * bringup part when "parallel" bringup is enabled. * * That's even safe when hyperthreading is enabled in the CPU as * the core code starts the primary threads first and leaves the @@ -276,8 +273,7 @@ static void notrace start_secondary(void * CPUID, MSRs etc. must be strictly serialized to maintain * software state correctness. */ - if (IS_ENABLED(CONFIG_X86_64)) - load_ucode_ap(); + load_ucode_ap(); =20 /* * Synchronization point with the hotplug core. Sets this CPUs From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D0F3CA0EC3 for ; Tue, 12 Sep 2023 07:57:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231905AbjILH6B (ORCPT ); Tue, 12 Sep 2023 03:58:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231571AbjILH5w (ORCPT ); Tue, 12 Sep 2023 03:57:52 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5D808E7C for ; Tue, 12 Sep 2023 00:57:48 -0700 (PDT) Message-ID: <20230912065500.886599632@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505467; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=w4iWy4H04gKoxDxbBdcXl1DLzwa8M24xJYhbSoNX0o4=; b=QVS7DXoHfiAtIMT7nPbf0KrP6V5vPE3x1jqj17hq83l58q7P0CiBSeqOYOSAgszoPRRM9J civFqb+6Pwy9vMgNKeOBngH+zSSwDoNC3ehWh2/r0E9Ek2LswhofmNnOanwBawgZN+WppN 4z0EyFvWIDdcTtbAZr8VTNinktpYQTJ3+rkO0eyI5dIMcCcJTl6t1ZN7xeRxgSpL+AycIp wwDP4veUqz305eFXyzEeWoOs4gN4zU8yJZfYjqOX/+o1vMfhW1U1MMFpo5xv1Z6eLQXRG5 SocWvTc/gCFwxStw5A7ApDzS5l6PNIva4RzMoR3CptQyOQbBDDBLrWY8k6UPgQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505467; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=w4iWy4H04gKoxDxbBdcXl1DLzwa8M24xJYhbSoNX0o4=; b=fR4UnP7Rrd5eP0Du3qjVv8dtgpIH2R/xhVPFAjUnYJjXBL58MlfMA73V6Yj0AMk1m+0KcZ S9mGLs/V6hqSRBCQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 02/30] x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:46 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Stackprotector cannot work before paging is enabled. The read from the per CPU variable __stack_chk_guard is always accessing the virtual address either directly on UP or via FS on SMP. In physical address mode this results in an access to memory above 3GB. So this works by chance as the hardware returns the same value when there is no RAM at this physical address. When there is RAM populated above 3G then the read is by chance the same as nothing changes that memory during the very early boot stage. Stop relying on pure luck and disable the stack protector for the only C function which is called during early boot before paging is enabled. Remove function tracing from the whole source file as there is no way to trace this at all, but in case of CONFIG_DYNAMIC_FTRACE=3Dn mk_early_pgtbl_32() would access global function tracer variables in physcial address mode which again might work by chance. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/Makefile | 1 + arch/x86/kernel/head32.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -16,6 +16,7 @@ CFLAGS_REMOVE_kvmclock.o =3D -pg CFLAGS_REMOVE_ftrace.o =3D -pg CFLAGS_REMOVE_early_printk.o =3D -pg CFLAGS_REMOVE_head64.o =3D -pg +CFLAGS_REMOVE_head32.o =3D -pg CFLAGS_REMOVE_sev.o =3D -pg CFLAGS_REMOVE_rethook.o =3D -pg endif --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c @@ -73,7 +73,8 @@ asmlinkage __visible void __init __noret * always zero at this stage. */ void __init mk_early_pgtbl_32(void); -void __init mk_early_pgtbl_32(void) + +void __init __no_stack_protector mk_early_pgtbl_32(void) { #ifdef __pa #undef __pa From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2505CA0ECA for ; Tue, 12 Sep 2023 07:58:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231909AbjILH6F (ORCPT ); Tue, 12 Sep 2023 03:58:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231622AbjILH5y (ORCPT ); Tue, 12 Sep 2023 03:57:54 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0574F10C6 for ; Tue, 12 Sep 2023 00:57:50 -0700 (PDT) Message-ID: <20230912065500.948602532@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=qRYc4KYBL4S/fSkVnA97uBorXZ9Ql1rG09MbkAiu0bU=; b=i0oQhWKQFG9kbw5Sz3ZhXMknYYRF2yauDcHZ5bgwhKNJ1YLDClZiedHHt7FM0o707kCQA7 OnaZh2vF2j9Hk7XXQrcOsFxYhI+o7/92/F6X6RuSTupy6I/A4oIC1XvyrKhtmHdfl8EQVc jVlcb/XUg+HVpHQu0KKUU/392Kh7dfUFYlEh9RJUHBd7Cl77khCjhTBofzZynfT9bN4jTP /kLmeZEOJmf22h1CIfjxvC1XeNfEZpzYBfLjb1IPPuT41fffeVzM9U3uvN3bdT/b/ewQM8 2hzsSt31t7t0MNc4wWlPqnoNTVpt7PlrojU6mtKYFf+bnZKNC8PtCKsm/8NvDA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=qRYc4KYBL4S/fSkVnA97uBorXZ9Ql1rG09MbkAiu0bU=; b=mbT2ZyvAchIl0ZD8qnVKaUXZVJdAX/92XnGxZ6IWZQ9zdXlrdf2Y605ECHz5mRz+8D4hHW 4u+bHBQruGVT2oDQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov , Ashok Raj Subject: [patch V3 03/30] x86/microcode/intel: Rip out mixed stepping support for Intel CPUs References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:48 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashok Raj Mixed steppings aren't supported on Intel CPUs. Only one patch is required for the entire system. The caching of micro code blobs which match the family and model is therefore pointless and in fact it is disfunctional as CPU hotplug updates use only a single microcode blob, i.e. the one where *intel_ucode_patch points to. Remove the microcode cache and make it an AMD local feature. [ tglx: Save only at the end. Otherwise random microcode ends up in the pointer for early loading ] Originally-by: Thomas Gleixner Signed-off-by: Ashok Raj Signed-off-by: Thomas Gleixner --- V2: Fix the bogus condition - Borislav --- arch/x86/kernel/cpu/microcode/amd.c | 10 ++ arch/x86/kernel/cpu/microcode/core.c | 2=20 arch/x86/kernel/cpu/microcode/intel.c | 133 +++++---------------------= ----- arch/x86/kernel/cpu/microcode/internal.h | 10 -- 4 files changed, 35 insertions(+), 120 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -37,6 +37,16 @@ =20 #include "internal.h" =20 +struct ucode_patch { + struct list_head plist; + void *data; + unsigned int size; + u32 patch_id; + u16 equiv_cpu; +}; + +static LIST_HEAD(microcode_cache); + #define UCODE_MAGIC 0x00414d44 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000 #define UCODE_UCODE_TYPE 0x00000001 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -46,8 +46,6 @@ static bool dis_ucode_ldr =3D true; =20 bool initrd_gone; =20 -LIST_HEAD(microcode_cache); - /* * Synchronization. * --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -33,10 +33,10 @@ static const char ucode_path[] =3D "kernel/x86/microcode/GenuineIntel.bin"; =20 /* Current microcode patch used in early patching on the APs. */ -static struct microcode_intel *intel_ucode_patch; +static struct microcode_intel *intel_ucode_patch __read_mostly; =20 /* last level cache size per core */ -static int llc_size_per_core; +static int llc_size_per_core __ro_after_init; =20 /* microcode format is extended from prescott processors */ struct extended_signature { @@ -253,74 +253,19 @@ static int has_newer_microcode(void *mc, return intel_find_matching_signature(mc, csig, cpf); } =20 -static struct ucode_patch *memdup_patch(void *data, unsigned int size) +static void save_microcode_patch(void *data, unsigned int size) { - struct ucode_patch *p; + struct microcode_header_intel *p; =20 - p =3D kzalloc(sizeof(struct ucode_patch), GFP_KERNEL); - if (!p) - return NULL; - - p->data =3D kmemdup(data, size, GFP_KERNEL); - if (!p->data) { - kfree(p); - return NULL; - } - - return p; -} - -static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, u= nsigned int size) -{ - struct microcode_header_intel *mc_hdr, *mc_saved_hdr; - struct ucode_patch *iter, *tmp, *p =3D NULL; - bool prev_found =3D false; - unsigned int sig, pf; - - mc_hdr =3D (struct microcode_header_intel *)data; - - list_for_each_entry_safe(iter, tmp, µcode_cache, plist) { - mc_saved_hdr =3D (struct microcode_header_intel *)iter->data; - sig =3D mc_saved_hdr->sig; - pf =3D mc_saved_hdr->pf; - - if (intel_find_matching_signature(data, sig, pf)) { - prev_found =3D true; - - if (mc_hdr->rev <=3D mc_saved_hdr->rev) - continue; - - p =3D memdup_patch(data, size); - if (!p) - pr_err("Error allocating buffer %p\n", data); - else { - list_replace(&iter->plist, &p->plist); - kfree(iter->data); - kfree(iter); - } - } - } - - /* - * There weren't any previous patches found in the list cache; save the - * newly found. - */ - if (!prev_found) { - p =3D memdup_patch(data, size); - if (!p) - pr_err("Error allocating buffer for %p\n", data); - else - list_add_tail(&p->plist, µcode_cache); - } + kfree(intel_ucode_patch); + intel_ucode_patch =3D NULL; =20 + p =3D kmemdup(data, size, GFP_KERNEL); if (!p) return; =20 - if (!intel_find_matching_signature(p->data, uci->cpu_sig.sig, uci->cpu_si= g.pf)) - return; - /* Save for early loading */ - intel_ucode_patch =3D p->data; + intel_ucode_patch =3D (struct microcode_intel *)p; } =20 /* @@ -332,6 +277,7 @@ scan_microcode(void *data, size_t size, { struct microcode_header_intel *mc_header; struct microcode_intel *patch =3D NULL; + u32 cur_rev =3D uci->cpu_sig.rev; unsigned int mc_size; =20 while (size) { @@ -341,8 +287,7 @@ scan_microcode(void *data, size_t size, mc_header =3D (struct microcode_header_intel *)data; =20 mc_size =3D get_totalsize(mc_header); - if (!mc_size || - mc_size > size || + if (!mc_size || mc_size > size || intel_microcode_sanity_check(data, false, MC_HEADER_TYPE_MICROCODE) = < 0) break; =20 @@ -354,31 +299,16 @@ scan_microcode(void *data, size_t size, continue; } =20 - if (save) { - save_microcode_patch(uci, data, mc_size); + /* BSP scan: Check whether there is newer microcode */ + if (!save && cur_rev >=3D mc_header->rev) goto next; - } - =20 - if (!patch) { - if (!has_newer_microcode(data, - uci->cpu_sig.sig, - uci->cpu_sig.pf, - uci->cpu_sig.rev)) - goto next; - - } else { - struct microcode_header_intel *phdr =3D &patch->hdr; - - if (!has_newer_microcode(data, - phdr->sig, - phdr->pf, - phdr->rev)) - goto next; - } + /* Save scan: Check whether there is newer or matching microcode */ + if (save && cur_rev !=3D mc_header->rev) + goto next; =20 - /* We have a newer patch, save it. */ patch =3D data; + cur_rev =3D mc_header->rev; =20 next: data +=3D mc_size; @@ -387,6 +317,9 @@ scan_microcode(void *data, size_t size, if (size) return NULL; =20 + if (save && patch) + save_microcode_patch(patch, mc_size); + return patch; } =20 @@ -528,26 +461,10 @@ void load_ucode_intel_ap(void) apply_microcode_early(&uci, true); } =20 -static struct microcode_intel *find_patch(struct ucode_cpu_info *uci) +/* Accessor for microcode pointer */ +static struct microcode_intel *ucode_get_patch(void) { - struct microcode_header_intel *phdr; - struct ucode_patch *iter, *tmp; - - list_for_each_entry_safe(iter, tmp, µcode_cache, plist) { - - phdr =3D (struct microcode_header_intel *)iter->data; - - if (phdr->rev <=3D uci->cpu_sig.rev) - continue; - - if (!intel_find_matching_signature(phdr, - uci->cpu_sig.sig, - uci->cpu_sig.pf)) - continue; - - return iter->data; - } - return NULL; + return intel_ucode_patch; } =20 void reload_ucode_intel(void) @@ -557,7 +474,7 @@ void reload_ucode_intel(void) =20 intel_cpu_collect_info(&uci); =20 - p =3D find_patch(&uci); + p =3D ucode_get_patch(); if (!p) return; =20 @@ -601,7 +518,7 @@ static enum ucode_state apply_microcode_ return UCODE_ERROR; =20 /* Look for a newer patch in our cache: */ - mc =3D find_patch(uci); + mc =3D ucode_get_patch(); if (!mc) { mc =3D uci->mc; if (!mc) @@ -730,7 +647,7 @@ static enum ucode_state generic_load_mic uci->mc =3D (struct microcode_intel *)new_mc; =20 /* Save for CPU hotplug */ - save_microcode_patch(uci, new_mc, new_mc_size); + save_microcode_patch(new_mc, new_mc_size); =20 pr_debug("CPU%d found a matching microcode update with version 0x%x (curr= ent=3D0x%x)\n", cpu, new_rev, uci->cpu_sig.rev); --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -8,16 +8,6 @@ #include #include =20 -struct ucode_patch { - struct list_head plist; - void *data; /* Intel uses only this one */ - unsigned int size; - u32 patch_id; - u16 equiv_cpu; -}; - -extern struct list_head microcode_cache; - struct device; =20 enum ucode_state { From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ACE6DCA0ECA for ; Tue, 12 Sep 2023 07:58:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231946AbjILH6J (ORCPT ); Tue, 12 Sep 2023 03:58:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231628AbjILH5z (ORCPT ); Tue, 12 Sep 2023 03:57:55 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 895B910CB for ; Tue, 12 Sep 2023 00:57:51 -0700 (PDT) Message-ID: <20230912065501.009527288@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=sOJ+sRQt3nfyL5UePtEvx89xEa11XaUFA1X2Va9tGj4=; b=VC+m64f1NSEghCidAPnUeMhh72xF1UtXYpCyT9SE1Bo0ntnBG1TqEFhierCGKqxcyj+51j UTntDrbqA0yBnyI7+bKdDSCVdGGLWOOgGAq5kg+ru4MPIRVga1rFgl+r+kn1xF2DKoXPdB CTeSfFDbTzdBgUL7Anet+F24sHVUft7mfyiuAjHZxF1eFBKYLpfhrSf4LY82IdWK4CesNc 7P+ueJ4JvJD/s2xZYAIFYOxZTcaQLIlWcUT3sxCWSXVWQmlWbowe7tNZMQ4+u8iVkHb/HW BF73iMkVYZyR4/El/5obBGSF9zlj4PiOVqfpq/dupV19+gMLmEa9A9HtpeL5PQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=sOJ+sRQt3nfyL5UePtEvx89xEa11XaUFA1X2Va9tGj4=; b=OLeVeCJtmnPOW04+SrRKrohKMyDny6DsczrcxlMaK4d8/78mD/GpeRwU53uQeB1Uq9tf9Q vbXz5SrLR0ZfKYBA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 04/30] x86/microcode/intel: Simplify scan_microcode() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:49 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Make it readable and comprehensible. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/intel.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -265,25 +265,19 @@ static void save_microcode_patch(void *d return; =20 /* Save for early loading */ - intel_ucode_patch =3D (struct microcode_intel *)p; + intel_ucode_patch =3D (struct microcode_intel *)p; } =20 -/* - * Get microcode matching with BSP's model. Only CPUs with the same model = as - * BSP can stay in the platform. - */ -static struct microcode_intel * -scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool s= ave) +/* Scan CPIO for microcode matching the boot CPUs family, model, stepping = */ +static struct microcode_intel *scan_microcode(void *data, size_t size, + struct ucode_cpu_info *uci, bool save) { struct microcode_header_intel *mc_header; struct microcode_intel *patch =3D NULL; u32 cur_rev =3D uci->cpu_sig.rev; unsigned int mc_size; =20 - while (size) { - if (size < sizeof(struct microcode_header_intel)) - break; - + for (; size >=3D sizeof(struct microcode_header_intel); size -=3D mc_size= , data +=3D mc_size) { mc_header =3D (struct microcode_header_intel *)data; =20 mc_size =3D get_totalsize(mc_header); @@ -291,27 +285,19 @@ scan_microcode(void *data, size_t size, intel_microcode_sanity_check(data, false, MC_HEADER_TYPE_MICROCODE) = < 0) break; =20 - size -=3D mc_size; - - if (!intel_find_matching_signature(data, uci->cpu_sig.sig, - uci->cpu_sig.pf)) { - data +=3D mc_size; + if (!intel_find_matching_signature(data, uci->cpu_sig.sig, uci->cpu_sig.= pf)) continue; - } =20 /* BSP scan: Check whether there is newer microcode */ if (!save && cur_rev >=3D mc_header->rev) - goto next; + continue; =20 /* Save scan: Check whether there is newer or matching microcode */ if (save && cur_rev !=3D mc_header->rev) - goto next; + continue; =20 patch =3D data; cur_rev =3D mc_header->rev; - -next: - data +=3D mc_size; } =20 if (size) From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C43F7CA0ECA for ; Tue, 12 Sep 2023 07:58:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231976AbjILH6N (ORCPT ); Tue, 12 Sep 2023 03:58:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231840AbjILH55 (ORCPT ); Tue, 12 Sep 2023 03:57:57 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5241110C7 for ; Tue, 12 Sep 2023 00:57:53 -0700 (PDT) Message-ID: <20230912065501.070512232@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505471; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=CN2QFAx6JB0LSmuYjwWY54K/mbyCNDPxFixGJ6298Ak=; b=uAr8WVy1xauXNH5nuhSyal+A8QHgW32mnXLnA8qqj9qnC/tW9q7qyPd+kr64cS8xNJF9pO SdClBiuM/6yKRIXuoqQpL37qxmzZ3PRxQKEqrn9873CQUSPZA/UOcjbqF2PbvZ+3eUUny7 YhPFv6ByF/mMmiklzweM+2SaiQsewpJ6Srb6g0uSjovyiOXxU22nkAC6ojDxf0UDJB3flZ hwiuOqfqe+eIBAMRbjJ71EETLbzn9PmmB/fd81uPfCrp1XKXkb3UD8ryBxq8L7XG2baqkW KXqKfSE/9l5J+kzo1KI5m2jy72nZwN9S17rZUN9h/DJDqMg+ZuEQhz7UA3IDGg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505471; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=CN2QFAx6JB0LSmuYjwWY54K/mbyCNDPxFixGJ6298Ak=; b=6nRRBNKGK0sJ+MDapmUWy//UBZFo5Reef+ccpmE7+rXMuOYlFA9VWYhObWgDhqNvxqSnBA kr4oMi2/mD8HJTCA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 05/30] x86/microcode/intel: Simplify and rename generic_load_microcode() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:51 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" so it becomes less obfuscated and rename it because there is nothing generic about it. Signed-off-by: Thomas Gleixner --- V3: Rename to parse_microcode_blobs() - Borislav --- arch/x86/kernel/cpu/microcode/intel.c | 47 ++++++++++++-----------------= ----- 1 file changed, 17 insertions(+), 30 deletions(-) --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -240,19 +240,6 @@ int intel_microcode_sanity_check(void *m } EXPORT_SYMBOL_GPL(intel_microcode_sanity_check); =20 -/* - * Returns 1 if update has been found, 0 otherwise. - */ -static int has_newer_microcode(void *mc, unsigned int csig, int cpf, int n= ew_rev) -{ - struct microcode_header_intel *mc_hdr =3D mc; - - if (mc_hdr->rev <=3D new_rev) - return 0; - - return intel_find_matching_signature(mc, csig, cpf); -} - static void save_microcode_patch(void *data, unsigned int size) { struct microcode_header_intel *p; @@ -561,14 +548,12 @@ static enum ucode_state apply_microcode_ return ret; } =20 -static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *i= ter) +static enum ucode_state parse_microcode_blobs(int cpu, struct iov_iter *it= er) { struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; unsigned int curr_mc_size =3D 0, new_mc_size =3D 0; - enum ucode_state ret =3D UCODE_OK; - int new_rev =3D uci->cpu_sig.rev; + int cur_rev =3D uci->cpu_sig.rev; u8 *new_mc =3D NULL, *mc =3D NULL; - unsigned int csig, cpf; =20 while (iov_iter_count(iter)) { struct microcode_header_intel mc_header; @@ -585,6 +570,7 @@ static enum ucode_state generic_load_mic pr_err("error! Bad data in microcode data file (totalsize too small)\n"= ); break; } + data_size =3D mc_size - sizeof(mc_header); if (data_size > iov_iter_count(iter)) { pr_err("error! Bad data in microcode data file (truncated file?)\n"); @@ -607,16 +593,17 @@ static enum ucode_state generic_load_mic break; } =20 - csig =3D uci->cpu_sig.sig; - cpf =3D uci->cpu_sig.pf; - if (has_newer_microcode(mc, csig, cpf, new_rev)) { - vfree(new_mc); - new_rev =3D mc_header.rev; - new_mc =3D mc; - new_mc_size =3D mc_size; - mc =3D NULL; /* trigger new vmalloc */ - ret =3D UCODE_NEW; - } + if (cur_rev >=3D mc_header.rev) + continue; + + if (!intel_find_matching_signature(mc, uci->cpu_sig.sig, uci->cpu_sig.pf= )) + continue; + + vfree(new_mc); + cur_rev =3D mc_header.rev; + new_mc =3D mc; + new_mc_size =3D mc_size; + mc =3D NULL; } =20 vfree(mc); @@ -636,9 +623,9 @@ static enum ucode_state generic_load_mic save_microcode_patch(new_mc, new_mc_size); =20 pr_debug("CPU%d found a matching microcode update with version 0x%x (curr= ent=3D0x%x)\n", - cpu, new_rev, uci->cpu_sig.rev); + cpu, cur_rev, uci->cpu_sig.rev); =20 - return ret; + return UCODE_NEW; } =20 static bool is_blacklisted(unsigned int cpu) @@ -687,7 +674,7 @@ static enum ucode_state request_microcod kvec.iov_base =3D (void *)firmware->data; kvec.iov_len =3D firmware->size; iov_iter_kvec(&iter, ITER_SOURCE, &kvec, 1, firmware->size); - ret =3D generic_load_microcode(cpu, &iter); + ret =3D parse_microcode_blobs(cpu, &iter); =20 release_firmware(firmware); From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B781CA0EC3 for ; Tue, 12 Sep 2023 07:58:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232050AbjILH6U (ORCPT ); Tue, 12 Sep 2023 03:58:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231915AbjILH6G (ORCPT ); Tue, 12 Sep 2023 03:58:06 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE6D410D0 for ; Tue, 12 Sep 2023 00:57:54 -0700 (PDT) Message-ID: <20230912065501.146684094@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=YKmioiJQ3sncgsUZ7rGcHgZzunvCDH7pLQJNxPbmmRI=; b=BvrcFWMm5+PGIOA+l7zcsZ8u92SGB9pNjwRotmPgz3UO0W9GsTkLL++b4aFOqlh04ejYxI WEK7vS2tO17UdVD5XnD9Dn1X0gpzCfpmIEvUoTjcFeWZBlJN5s60Bzw2LbhWnJq0vVZ5xo Bf5sT9xc8rtdmlKGy377+XgeeX9NJSR+NRm17s5AuuNfZMQBdcuQLovqHHu+o9YaBexi2L uvoad+YiFRPcaX1A8uBPSbvnSSACD8kbZitA7P1a3RYdUPeMk9QnI4CEjew1dZ5lBgP1F2 4NjMHfPuMdAMWn/Qz3TTeosCagiWT0ZsqF69yJc21aGr2v4XGAkE4YAHn4JkDw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=YKmioiJQ3sncgsUZ7rGcHgZzunvCDH7pLQJNxPbmmRI=; b=MGztH/02DST6gJzZFp8kE/G0J7VMtm1f1e3VIuhiayJal5UzsXtHK5Vh02fATrdZwe/PBf bjTK8w1P/RvqnUCg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 06/30] x86/microcode/intel: Cleanup code further References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:52 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner Sanitize the microcode scan loop, fixup printks and move the initrd loading function next to the place where it is used and mark it __init. Signed-off-by: Thomas Gleixner --- V2: Fix changelog - Nikolay --- arch/x86/kernel/cpu/microcode/intel.c | 76 ++++++++++++++---------------= ----- 1 file changed, 32 insertions(+), 44 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -36,7 +36,7 @@ static const char ucode_path[] =3D "kernel static struct microcode_intel *intel_ucode_patch __read_mostly; =20 /* last level cache size per core */ -static int llc_size_per_core __ro_after_init; +static unsigned int llc_size_per_core __ro_after_init; =20 /* microcode format is extended from prescott processors */ struct extended_signature { @@ -296,29 +296,6 @@ static struct microcode_intel *scan_micr return patch; } =20 -static bool load_builtin_intel_microcode(struct cpio_data *cp) -{ - unsigned int eax =3D 1, ebx, ecx =3D 0, edx; - struct firmware fw; - char name[30]; - - if (IS_ENABLED(CONFIG_X86_32)) - return false; - - native_cpuid(&eax, &ebx, &ecx, &edx); - - sprintf(name, "intel-ucode/%02x-%02x-%02x", - x86_family(eax), x86_model(eax), x86_stepping(eax)); - - if (firmware_request_builtin(&fw, name)) { - cp->size =3D fw.size; - cp->data =3D (void *)fw.data; - return true; - } - - return false; -} - static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) { struct microcode_intel *mc; @@ -362,6 +339,28 @@ static int apply_microcode_early(struct return 0; } =20 +static bool load_builtin_intel_microcode(struct cpio_data *cp) +{ + unsigned int eax =3D 1, ebx, ecx =3D 0, edx; + struct firmware fw; + char name[30]; + + if (IS_ENABLED(CONFIG_X86_32)) + return false; + + native_cpuid(&eax, &ebx, &ecx, &edx); + + sprintf(name, "intel-ucode/%02x-%02x-%02x", + x86_family(eax), x86_model(eax), x86_stepping(eax)); + + if (firmware_request_builtin(&fw, name)) { + cp->size =3D fw.size; + cp->data =3D (void *)fw.data; + return true; + } + return false; +} + int __init save_microcode_in_initrd_intel(void) { struct ucode_cpu_info uci; @@ -434,25 +433,16 @@ void load_ucode_intel_ap(void) apply_microcode_early(&uci, true); } =20 -/* Accessor for microcode pointer */ -static struct microcode_intel *ucode_get_patch(void) -{ - return intel_ucode_patch; -} - void reload_ucode_intel(void) { - struct microcode_intel *p; struct ucode_cpu_info uci; =20 intel_cpu_collect_info(&uci); =20 - p =3D ucode_get_patch(); - if (!p) + uci.mc =3D intel_ucode_patch; + if (!uci.mc) return; =20 - uci.mc =3D p; - apply_microcode_early(&uci, false); } =20 @@ -490,8 +480,7 @@ static enum ucode_state apply_microcode_ if (WARN_ON(raw_smp_processor_id() !=3D cpu)) return UCODE_ERROR; =20 - /* Look for a newer patch in our cache: */ - mc =3D ucode_get_patch(); + mc =3D intel_ucode_patch; if (!mc) { mc =3D uci->mc; if (!mc) @@ -682,18 +671,17 @@ static enum ucode_state request_microcod } =20 static struct microcode_ops microcode_intel_ops =3D { - .request_microcode_fw =3D request_microcode_fw, - .collect_cpu_info =3D collect_cpu_info, - .apply_microcode =3D apply_microcode_intel, + .request_microcode_fw =3D request_microcode_fw, + .collect_cpu_info =3D collect_cpu_info, + .apply_microcode =3D apply_microcode_intel, }; =20 -static int __init calc_llc_size_per_core(struct cpuinfo_x86 *c) +static __init void calc_llc_size_per_core(struct cpuinfo_x86 *c) { u64 llc_size =3D c->x86_cache_size * 1024ULL; =20 do_div(llc_size, c->x86_max_cores); - - return (int)llc_size; + llc_size_per_core =3D (unsigned int)llc_size; } =20 struct microcode_ops * __init init_intel_microcode(void) @@ -706,7 +694,7 @@ struct microcode_ops * __init init_intel return NULL; } =20 - llc_size_per_core =3D calc_llc_size_per_core(c); + calc_llc_size_per_core(c); =20 return µcode_intel_ops; } From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5AC7CA0EC3 for ; Tue, 12 Sep 2023 07:58:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232081AbjILH61 (ORCPT ); Tue, 12 Sep 2023 03:58:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231968AbjILH6M (ORCPT ); Tue, 12 Sep 2023 03:58:12 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 641CE10DA for ; Tue, 12 Sep 2023 00:57:56 -0700 (PDT) Message-ID: <20230912065501.208060138@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=xycivm/oTJlbqsNId8Iah6SwofmZC3GQW0sFPIUqyuw=; b=hHgn/P9YFx5yE+Gz+nPDcHbILzrE1snjUOVkOOtaoqpE0f82uoHMbdBuV2mMo632y0Ml6p nPM0BsFHV8nwg2bRSUMTtGEgQNm9zVMT4m2lw4a8sbTxA/PJkveIQ9LNfGfaowZDf3S6/Z E2k0tptXEP+4qmEK18ciJpdKZOAZe0+6dMdXhGuwdbfTTRt2GFkpOOWSUF0xDx9w/qqePA sOhU/pXQz48l6qNWhMoDzFDwmOap7yHqoMURG4eLHNkTpM9Yg0BmD0XwhxxN5F+Z6IeDsj aqoRkgJoVjWWqzlY0qHvWheojqQoxksLBvy3X1NilKFM9YwQG0+afwYenrpUuA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=xycivm/oTJlbqsNId8Iah6SwofmZC3GQW0sFPIUqyuw=; b=Dwrugw6FCmDV59iq8aIISfKR4TfK3YUtkWnj5tDh3/BnmuNgCIY1cKfBg0Uo2m3EI1u1E/ EbFtvfEdUaEfY+DA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 07/30] x86/microcode/intel: Simplify early loading References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:54 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner The early loading code is overly complicated: - It scans the builtin/initrd for microcode not only on the BSP, but also on all APs during early boot and then later in the boot process it scans again to duplicate and save the microcode before initrd goes away. That's a pointless exercise because this can be simply done before bringing up the APs when the memory allocator is up and running. - Saving the microcode from within the scan loop is completely non-obvious and a left over of the microcode cache. This can be done at the call site now which makes it obvious. Rework the code so that only the BSP scans the builtin/initrd microcode once during early boot and save it away in an early initcall for later use. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 4=20 arch/x86/kernel/cpu/microcode/intel.c | 148 +++++++++++++-------------= ----- arch/x86/kernel/cpu/microcode/internal.h | 2=20 3 files changed, 64 insertions(+), 90 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -186,10 +186,6 @@ static int __init save_microcode_in_init int ret =3D -EINVAL; =20 switch (c->x86_vendor) { - case X86_VENDOR_INTEL: - if (c->x86 >=3D 6) - ret =3D save_microcode_in_initrd_intel(); - break; case X86_VENDOR_AMD: if (c->x86 >=3D 0x10) ret =3D save_microcode_in_initrd_amd(cpuid_eax(1)); --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -33,7 +33,7 @@ static const char ucode_path[] =3D "kernel/x86/microcode/GenuineIntel.bin"; =20 /* Current microcode patch used in early patching on the APs. */ -static struct microcode_intel *intel_ucode_patch __read_mostly; +static struct microcode_intel *ucode_patch_va __read_mostly; =20 /* last level cache size per core */ static unsigned int llc_size_per_core __ro_after_init; @@ -240,24 +240,29 @@ int intel_microcode_sanity_check(void *m } EXPORT_SYMBOL_GPL(intel_microcode_sanity_check); =20 -static void save_microcode_patch(void *data, unsigned int size) +static void update_ucode_pointer(struct microcode_intel *mc) { - struct microcode_header_intel *p; + kfree(ucode_patch_va); =20 - kfree(intel_ucode_patch); - intel_ucode_patch =3D NULL; + /* + * Save the virtual address for early loading and for eventual free + * on late loading. + */ + ucode_patch_va =3D mc; +} =20 - p =3D kmemdup(data, size, GFP_KERNEL); - if (!p) - return; +static void save_microcode_patch(struct microcode_intel *patch) +{ + struct microcode_intel *mc; =20 - /* Save for early loading */ - intel_ucode_patch =3D (struct microcode_intel *)p; + mc =3D kmemdup(patch, get_totalsize(&patch->hdr), GFP_KERNEL); + if (mc) + update_ucode_pointer(mc); } =20 /* Scan CPIO for microcode matching the boot CPUs family, model, stepping = */ -static struct microcode_intel *scan_microcode(void *data, size_t size, - struct ucode_cpu_info *uci, bool save) +static __init struct microcode_intel *scan_microcode(void *data, size_t si= ze, + struct ucode_cpu_info *uci) { struct microcode_header_intel *mc_header; struct microcode_intel *patch =3D NULL; @@ -275,35 +280,25 @@ static struct microcode_intel *scan_micr if (!intel_find_matching_signature(data, uci->cpu_sig.sig, uci->cpu_sig.= pf)) continue; =20 - /* BSP scan: Check whether there is newer microcode */ - if (!save && cur_rev >=3D mc_header->rev) - continue; - - /* Save scan: Check whether there is newer or matching microcode */ - if (save && cur_rev !=3D mc_header->rev) + /* Check whether there is newer microcode */ + if (cur_rev >=3D mc_header->rev) continue; =20 patch =3D data; cur_rev =3D mc_header->rev; } =20 - if (size) - return NULL; - - if (save && patch) - save_microcode_patch(patch, mc_size); - - return patch; + return size ? NULL : patch; } =20 -static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) +static enum ucode_state apply_microcode_early(struct ucode_cpu_info *uci, = bool early) { struct microcode_intel *mc; u32 rev, old_rev, date; =20 mc =3D uci->mc; if (!mc) - return 0; + return UCODE_NFOUND; =20 /* * Save us the MSR write below - which is a particular expensive @@ -329,17 +324,17 @@ static int apply_microcode_early(struct =20 rev =3D intel_get_microcode_revision(); if (rev !=3D mc->hdr.rev) - return -1; + return UCODE_ERROR; =20 uci->cpu_sig.rev =3D rev; =20 date =3D mc->hdr.date; pr_info_once("updated early: 0x%x -> 0x%x, date =3D %04x-%02x-%02x\n", old_rev, rev, date & 0xffff, date >> 24, (date >> 16) & 0xff); - return 0; + return UCODE_UPDATED; } =20 -static bool load_builtin_intel_microcode(struct cpio_data *cp) +static __init bool load_builtin_intel_microcode(struct cpio_data *cp) { unsigned int eax =3D 1, ebx, ecx =3D 0, edx; struct firmware fw; @@ -361,89 +356,75 @@ static bool load_builtin_intel_microcode return false; } =20 -int __init save_microcode_in_initrd_intel(void) +static __init struct microcode_intel *get_ucode_from_cpio(struct ucode_cpu= _info *uci) { - struct ucode_cpu_info uci; struct cpio_data cp; =20 - /* - * initrd is going away, clear patch ptr. We will scan the microcode one - * last time before jettisoning and save a patch, if found. Then we will - * update that pointer too, with a stable patch address to use when - * resuming the cores. - */ - intel_ucode_patch =3D NULL; - if (!load_builtin_intel_microcode(&cp)) cp =3D find_microcode_in_initrd(ucode_path); =20 if (!(cp.data && cp.size)) - return 0; + return NULL; =20 - intel_cpu_collect_info(&uci); + intel_cpu_collect_info(uci); =20 - scan_microcode(cp.data, cp.size, &uci, true); - return 0; + return scan_microcode(cp.data, cp.size, uci); } =20 +static struct microcode_intel *ucode_early_pa __initdata; + /* - * @res_patch, output: a pointer to the patch we found. + * Invoked from an early init call to save the microcode blob which was + * selected during early boot when mm was not usable. The microcode must be + * saved because initrd is going away. It's an early init call so the APs + * just can use the pointer and do not have to scan initrd/builtin firmware + * again. */ -static struct microcode_intel *__load_ucode_intel(struct ucode_cpu_info *u= ci) +static int __init save_microcode_from_cpio(void) { - struct cpio_data cp; - - /* try built-in microcode first */ - if (!load_builtin_intel_microcode(&cp)) - cp =3D find_microcode_in_initrd(ucode_path); - - if (!(cp.data && cp.size)) - return NULL; + struct microcode_intel *mc; =20 - intel_cpu_collect_info(uci); + if (!ucode_early_pa) + return 0; =20 - return scan_microcode(cp.data, cp.size, uci, false); + mc =3D __va((void *)ucode_early_pa); + save_microcode_patch(mc); + return 0; } +early_initcall(save_microcode_from_cpio); =20 +/* Load microcode on BSP from CPIO */ void __init load_ucode_intel_bsp(void) { - struct microcode_intel *patch; struct ucode_cpu_info uci; =20 - patch =3D __load_ucode_intel(&uci); - if (!patch) + uci.mc =3D get_ucode_from_cpio(&uci); + if (!uci.mc) return; =20 - uci.mc =3D patch; + if (apply_microcode_early(&uci, true) !=3D UCODE_UPDATED) + return; =20 - apply_microcode_early(&uci, true); + /* Store the physical address as KASLR happens after this. */ + ucode_early_pa =3D (struct microcode_intel *)__pa_nodebug(uci.mc); } =20 void load_ucode_intel_ap(void) { struct ucode_cpu_info uci; =20 - if (!intel_ucode_patch) { - intel_ucode_patch =3D __load_ucode_intel(&uci); - if (!intel_ucode_patch) - return; - } - - uci.mc =3D intel_ucode_patch; - apply_microcode_early(&uci, true); + uci.mc =3D ucode_patch_va; + if (uci.mc) + apply_microcode_early(&uci, true); } =20 +/* Reload microcode on resume */ void reload_ucode_intel(void) { - struct ucode_cpu_info uci; - - intel_cpu_collect_info(&uci); + struct ucode_cpu_info uci =3D { .mc =3D ucode_patch_va, }; =20 - uci.mc =3D intel_ucode_patch; - if (!uci.mc) - return; - - apply_microcode_early(&uci, false); + if (uci.mc) + apply_microcode_early(&uci, false); } =20 static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) @@ -480,7 +461,7 @@ static enum ucode_state apply_microcode_ if (WARN_ON(raw_smp_processor_id() !=3D cpu)) return UCODE_ERROR; =20 - mc =3D intel_ucode_patch; + mc =3D ucode_patch_va; if (!mc) { mc =3D uci->mc; if (!mc) @@ -540,8 +521,8 @@ static enum ucode_state apply_microcode_ static enum ucode_state parse_microcode_blobs(int cpu, struct iov_iter *it= er) { struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; - unsigned int curr_mc_size =3D 0, new_mc_size =3D 0; int cur_rev =3D uci->cpu_sig.rev; + unsigned int curr_mc_size =3D 0; u8 *new_mc =3D NULL, *mc =3D NULL; =20 while (iov_iter_count(iter)) { @@ -591,7 +572,6 @@ static enum ucode_state parse_microcode_ vfree(new_mc); cur_rev =3D mc_header.rev; new_mc =3D mc; - new_mc_size =3D mc_size; mc =3D NULL; } =20 @@ -605,11 +585,11 @@ static enum ucode_state parse_microcode_ if (!new_mc) return UCODE_NFOUND; =20 - vfree(uci->mc); - uci->mc =3D (struct microcode_intel *)new_mc; - /* Save for CPU hotplug */ - save_microcode_patch(new_mc, new_mc_size); + save_microcode_patch((struct microcode_intel *)new_mc); + uci->mc =3D ucode_patch_va; + + vfree(new_mc); =20 pr_debug("CPU%d found a matching microcode update with version 0x%x (curr= ent=3D0x%x)\n", cpu, cur_rev, uci->cpu_sig.rev); --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -107,13 +107,11 @@ static inline void exit_amd_microcode(vo #ifdef CONFIG_CPU_SUP_INTEL void load_ucode_intel_bsp(void); void load_ucode_intel_ap(void); -int save_microcode_in_initrd_intel(void); void reload_ucode_intel(void); struct microcode_ops *init_intel_microcode(void); #else /* CONFIG_CPU_SUP_INTEL */ static inline void load_ucode_intel_bsp(void) { } static inline void load_ucode_intel_ap(void) { } -static inline int save_microcode_in_initrd_intel(void) { return -EINVAL; } static inline void reload_ucode_intel(void) { } static inline struct microcode_ops *init_intel_microcode(void) { return NU= LL; } #endif /* !CONFIG_CPU_SUP_INTEL */ From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BE0CCA0ECA for ; Tue, 12 Sep 2023 07:58:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232013AbjILH63 (ORCPT ); Tue, 12 Sep 2023 03:58:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231686AbjILH6S (ORCPT ); Tue, 12 Sep 2023 03:58:18 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F02B510E7 for ; Tue, 12 Sep 2023 00:57:57 -0700 (PDT) Message-ID: <20230912065501.269244004@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505476; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=HiC6v2fxtRjR8xApH6q4tcaG7wy0kTM5+263Xe7tZgo=; b=rH0ZxaSyiHJj2ThngUo0cJMEKrtEBxu2se0MHjUZ4H5phU6SL3DXCWUTGFmQzMXTCr9523 +UqAOV2MeOgLYj3MdWkaNCADt5W8kViihKF7sQUJi25bSFo4/ADfS78mohgHsiJA9/TpxP 3yiGP5uQO3zOIAs46zf38p6N1D1mNkqVw66/Mpp9FdDMwu+sD/v1mWPwBJXMyD25VnzLpT h4BxG0Dwm9p458LffjoOUCNS5l+0iWIKGF1VaWALzfKTCBwAnmRKMSh97dObcrKyi2OExR i4opU8tPoiEjKjD2xINIw67/e10YBAGRks6cZW688mrDdIb6WME378DG04lpPg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505476; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=HiC6v2fxtRjR8xApH6q4tcaG7wy0kTM5+263Xe7tZgo=; b=elZFAiMqugkD+SD+beAqWnUHSs9h0g52qd3XQmBLlC5T5m7rei6lMNjOY76AC7wh6ACEFA yIcR9Xqz/xfjK0Aw== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 08/30] x86/microcode/intel: Save the microcode only after a successful late-load References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:56 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner There are situations where the late microcode is loaded into memory, but is not applied: 1) The rendevouz fails 2) The microcode is rejected by the CPUs If any of this happens then the pointer which was updated at firmware load time is stale and subsequent CPU hotplug operations either fail to update or create inconsistent microcode state. Save the loaded microcode in a separate pointer from with the late load is attempted and when successful, update the hotplug pointer accordingly via a new micrcode_ops callback. Remove the pointless fallback in the loader to a microcode pointer which is never populated. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 4 ++++ arch/x86/kernel/cpu/microcode/intel.c | 30 +++++++++++++++-----------= ---- arch/x86/kernel/cpu/microcode/internal.h | 1 + 3 files changed, 20 insertions(+), 15 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -400,6 +400,10 @@ static int microcode_reload_late(void) store_cpu_caps(&prev_info); =20 ret =3D stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); + + if (microcode_ops->finalize_late_load) + microcode_ops->finalize_late_load(ret); + if (!ret) { pr_info("Reload succeeded, microcode revision: 0x%x -> 0x%x\n", old, boot_cpu_data.microcode); --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -34,6 +34,7 @@ static const char ucode_path[] =3D "kernel =20 /* Current microcode patch used in early patching on the APs. */ static struct microcode_intel *ucode_patch_va __read_mostly; +static struct microcode_intel *ucode_patch_late __read_mostly; =20 /* last level cache size per core */ static unsigned int llc_size_per_core __ro_after_init; @@ -461,12 +462,9 @@ static enum ucode_state apply_microcode_ if (WARN_ON(raw_smp_processor_id() !=3D cpu)) return UCODE_ERROR; =20 - mc =3D ucode_patch_va; - if (!mc) { - mc =3D uci->mc; - if (!mc) - return UCODE_NFOUND; - } + mc =3D ucode_patch_late; + if (!mc) + return UCODE_NFOUND; =20 /* * Save us the MSR write below - which is a particular expensive @@ -585,15 +583,7 @@ static enum ucode_state parse_microcode_ if (!new_mc) return UCODE_NFOUND; =20 - /* Save for CPU hotplug */ - save_microcode_patch((struct microcode_intel *)new_mc); - uci->mc =3D ucode_patch_va; - - vfree(new_mc); - - pr_debug("CPU%d found a matching microcode update with version 0x%x (curr= ent=3D0x%x)\n", - cpu, cur_rev, uci->cpu_sig.rev); - + ucode_patch_late =3D (struct microcode_intel *)new_mc; return UCODE_NEW; } =20 @@ -650,10 +640,20 @@ static enum ucode_state request_microcod return ret; } =20 +static void finalize_late_load(int result) +{ + if (!result) + save_microcode_patch(ucode_patch_late); + + vfree(ucode_patch_late); + ucode_patch_late =3D NULL; +} + static struct microcode_ops microcode_intel_ops =3D { .request_microcode_fw =3D request_microcode_fw, .collect_cpu_info =3D collect_cpu_info, .apply_microcode =3D apply_microcode_intel, + .finalize_late_load =3D finalize_late_load, }; =20 static __init void calc_llc_size_per_core(struct cpuinfo_x86 *c) --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -31,6 +31,7 @@ struct microcode_ops { */ enum ucode_state (*apply_microcode)(int cpu); int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); + void (*finalize_late_load)(int result); }; =20 extern struct ucode_cpu_info ucode_cpu_info[]; From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 509C8CA0ECA for ; Tue, 12 Sep 2023 07:58:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232097AbjILH6d (ORCPT ); Tue, 12 Sep 2023 03:58:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54228 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232005AbjILH6T (ORCPT ); Tue, 12 Sep 2023 03:58:19 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A770510F9 for ; Tue, 12 Sep 2023 00:57:59 -0700 (PDT) Message-ID: <20230912065501.335403273@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=COGYr1lbubEBgG3WbXJ/GVEKTFAghSZ0FbZctrPsvVg=; b=YzkFuM3cXvL7U+GFXHBgzX+Itn6q5lxrdVInucl/2b4dkqwYdNXJjH8K9kgQpoWv3+57rI Ti3gtX3exvhhqH2WwOX/w4KYF8FcQaIHhYV8YkElUtTyGMaYSqYMTxfIGK7pluirZxNfY3 PuAEkXJeHiK5a11mhHJ7FW0VDbNu1FZr1Gcpu27qIEj6HaSWPtAKj0XsbwGpc+RHccWK31 Znf0STWPS7uyexU07tV2FLRmdW8xZVlyke5er+KQHOkgdlaPO3RRrTBD1idPwana0LCy0e COjldBjzysxhRdHvEQ66GmSxjQ1jBg/3nhXCHuMX3fMUohfH6OsAxhVrV+MvCg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=COGYr1lbubEBgG3WbXJ/GVEKTFAghSZ0FbZctrPsvVg=; b=2HZZaqcxlL+qDqMELaTxx4FwXn7FKdec/94PPTZ8yDAljReKhNA6udFZFPpDyzJyvrEkg4 6v533y9o3NKWbvCg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 09/30] x86/microcode/intel: Switch to kvmalloc() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:57 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner Microcode blobs are getting larger and might soon reach the kmalloc() limit. Switch over kvmalloc(). Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/intel.c | 50 +++++++++++++++++------------= ----- 1 file changed, 26 insertions(+), 24 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -14,7 +14,6 @@ #include #include #include -#include #include #include #include @@ -243,7 +242,7 @@ EXPORT_SYMBOL_GPL(intel_microcode_sanity =20 static void update_ucode_pointer(struct microcode_intel *mc) { - kfree(ucode_patch_va); + kvfree(ucode_patch_va); =20 /* * Save the virtual address for early loading and for eventual free @@ -254,11 +253,14 @@ static void update_ucode_pointer(struct =20 static void save_microcode_patch(struct microcode_intel *patch) { - struct microcode_intel *mc; + unsigned int size =3D get_totalsize(&patch->hdr); + struct microcode_intel *mc =3D NULL; =20 - mc =3D kmemdup(patch, get_totalsize(&patch->hdr), GFP_KERNEL); + mc =3D kvmemdup(patch, size, GFP_KERNEL); if (mc) update_ucode_pointer(mc); + else + pr_err("Unable to allocate microcode memory size: %u\n", size); } =20 /* Scan CPIO for microcode matching the boot CPUs family, model, stepping = */ @@ -530,36 +532,34 @@ static enum ucode_state read_ucode_intel =20 if (!copy_from_iter_full(&mc_header, sizeof(mc_header), iter)) { pr_err("error! Truncated or inaccessible header in microcode data file\= n"); - break; + goto fail; } =20 mc_size =3D get_totalsize(&mc_header); if (mc_size < sizeof(mc_header)) { pr_err("error! Bad data in microcode data file (totalsize too small)\n"= ); - break; + goto fail; } - data_size =3D mc_size - sizeof(mc_header); if (data_size > iov_iter_count(iter)) { pr_err("error! Bad data in microcode data file (truncated file?)\n"); - break; + goto fail; } =20 /* For performance reasons, reuse mc area when possible */ if (!mc || mc_size > curr_mc_size) { - vfree(mc); - mc =3D vmalloc(mc_size); + kvfree(mc); + mc =3D kvmalloc(mc_size, GFP_KERNEL); if (!mc) - break; + goto fail; curr_mc_size =3D mc_size; } =20 memcpy(mc, &mc_header, sizeof(mc_header)); data =3D mc + sizeof(mc_header); if (!copy_from_iter_full(data, data_size, iter) || - intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0= ) { - break; - } + intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0) + goto fail; =20 if (cur_rev >=3D mc_header.rev) continue; @@ -567,24 +567,26 @@ static enum ucode_state read_ucode_intel if (!intel_find_matching_signature(mc, uci->cpu_sig.sig, uci->cpu_sig.pf= )) continue; =20 - vfree(new_mc); + kvfree(new_mc); cur_rev =3D mc_header.rev; new_mc =3D mc; mc =3D NULL; } =20 - vfree(mc); - - if (iov_iter_count(iter)) { - vfree(new_mc); - return UCODE_ERROR; - } + if (iov_iter_count(iter)) + goto fail; =20 + kvfree(mc); if (!new_mc) return UCODE_NFOUND; =20 ucode_patch_late =3D (struct microcode_intel *)new_mc; return UCODE_NEW; + +fail: + kvfree(mc); + kvfree(new_mc); + return UCODE_ERROR; } =20 static bool is_blacklisted(unsigned int cpu) @@ -643,9 +645,9 @@ static enum ucode_state request_microcod static void finalize_late_load(int result) { if (!result) - save_microcode_patch(ucode_patch_late); - - vfree(ucode_patch_late); + update_ucode_pointer(ucode_patch_late); + else + kvfree(ucode_patch_late); ucode_patch_late =3D NULL; } From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AF73CA0EC3 for ; Tue, 12 Sep 2023 07:58:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232163AbjILH6k (ORCPT ); Tue, 12 Sep 2023 03:58:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232046AbjILH6U (ORCPT ); Tue, 12 Sep 2023 03:58:20 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 656951715 for ; Tue, 12 Sep 2023 00:58:01 -0700 (PDT) Message-ID: <20230912065501.405080839@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=xw07BwAqDpIg1aejZ2/Mpq9I8tO564XE8NU6U0bYGnA=; b=f49RL7CZ5JlbcLqs+Vgehqe/Ge2l61PlQY9TjXJLKs5K/AhPszMFATAe9FSENJv/x5lmy9 fdQTp6FR6zAidxZGW2R/TjnY/hdUThr47hWOkkU+zOyw2ScTOv5b9mDsP4Hc9zUpDIBFQM thfBP5zMxlobHVbsmHAwDcM0hczQvmpISja0R3v7mMeME3N41nTXdHv0P2HACiEqioBDs/ Iyvpm6V9LrwlaKD8hi7IXqwK82VsuqwJiB5I4A0fDWu1KmiXRkOmfMYsgCn/1dLSs83va6 4NV1RCj/M8CetjeSE/V7QlfsU2uweZTmCTjq/TxR7/nbKytC/NEy1b0POD9AEQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=xw07BwAqDpIg1aejZ2/Mpq9I8tO564XE8NU6U0bYGnA=; b=StO5y/k6iq/fxKNq058YXPtrinnmV3mX3xUqO57L5MV6rmbNoOuJp/6JO2AGPc2/5XIioQ INYQke4DMRvnS/AQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 10/30] x86/microcode/intel: Unify microcode apply() functions References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:57:59 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Deduplicate the early and late apply() functions. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/intel.c | 105 +++++++++++------------------= ----- 1 file changed, 36 insertions(+), 69 deletions(-) --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -294,12 +294,11 @@ static __init struct microcode_intel *sc return size ? NULL : patch; } =20 -static enum ucode_state apply_microcode_early(struct ucode_cpu_info *uci, = bool early) +static enum ucode_state apply_microcode(struct ucode_cpu_info *uci, struct= microcode_intel *mc, + u32 *cur_rev) { - struct microcode_intel *mc; - u32 rev, old_rev, date; + u32 rev; =20 - mc =3D uci->mc; if (!mc) return UCODE_NFOUND; =20 @@ -308,14 +307,12 @@ static enum ucode_state apply_microcode_ * operation - when the other hyperthread has updated the microcode * already. */ - rev =3D intel_get_microcode_revision(); - if (rev >=3D mc->hdr.rev) { - uci->cpu_sig.rev =3D rev; + *cur_rev =3D intel_get_microcode_revision(); + if (*cur_rev >=3D mc->hdr.rev) { + uci->cpu_sig.rev =3D *cur_rev; return UCODE_OK; } =20 - old_rev =3D rev; - /* * Writeback and invalidate caches before updating microcode to avoid * internal issues depending on what the microcode is updating. @@ -330,13 +327,24 @@ static enum ucode_state apply_microcode_ return UCODE_ERROR; =20 uci->cpu_sig.rev =3D rev; - - date =3D mc->hdr.date; - pr_info_once("updated early: 0x%x -> 0x%x, date =3D %04x-%02x-%02x\n", - old_rev, rev, date & 0xffff, date >> 24, (date >> 16) & 0xff); return UCODE_UPDATED; } =20 +static enum ucode_state apply_microcode_early(struct ucode_cpu_info *uci, = bool early) +{ + struct microcode_intel *mc =3D uci->mc; + enum ucode_state ret; + u32 cur_rev, date; + + ret =3D apply_microcode(uci, mc, &cur_rev); + if (ret =3D=3D UCODE_UPDATED) { + date =3D mc->hdr.date; + pr_info_once("updated early: 0x%x -> 0x%x, date =3D %04x-%02x-%02x\n", + cur_rev, mc->hdr.rev, date & 0xffff, date >> 24, (date >> 16) & 0x= ff); + } + return ret; +} + static __init bool load_builtin_intel_microcode(struct cpio_data *cp) { unsigned int eax =3D 1, ebx, ecx =3D 0, edx; @@ -450,70 +458,29 @@ static int collect_cpu_info(int cpu_num, return 0; } =20 -static enum ucode_state apply_microcode_intel(int cpu) +static enum ucode_state apply_microcode_late(int cpu) { struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; - struct cpuinfo_x86 *c =3D &cpu_data(cpu); - bool bsp =3D c->cpu_index =3D=3D boot_cpu_data.cpu_index; - struct microcode_intel *mc; + struct microcode_intel *mc =3D ucode_patch_late; enum ucode_state ret; - static int prev_rev; - u32 rev; - - /* We should bind the task to the CPU */ - if (WARN_ON(raw_smp_processor_id() !=3D cpu)) - return UCODE_ERROR; - - mc =3D ucode_patch_late; - if (!mc) - return UCODE_NFOUND; + u32 cur_rev; =20 - /* - * Save us the MSR write below - which is a particular expensive - * operation - when the other hyperthread has updated the microcode - * already. - */ - rev =3D intel_get_microcode_revision(); - if (rev >=3D mc->hdr.rev) { - ret =3D UCODE_OK; - goto out; - } - - /* - * Writeback and invalidate caches before updating microcode to avoid - * internal issues depending on what the microcode is updating. - */ - native_wbinvd(); - - /* write microcode via MSR 0x79 */ - wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); - - rev =3D intel_get_microcode_revision(); - - if (rev !=3D mc->hdr.rev) { - pr_err("CPU%d update to revision 0x%x failed\n", - cpu, mc->hdr.rev); + if (WARN_ON_ONCE(smp_processor_id() !=3D cpu)) return UCODE_ERROR; - } =20 - if (bsp && rev !=3D prev_rev) { - pr_info("updated to revision 0x%x, date =3D %04x-%02x-%02x\n", - rev, - mc->hdr.date & 0xffff, - mc->hdr.date >> 24, + ret =3D apply_microcode(uci, mc, &cur_rev); + if (ret !=3D UCODE_UPDATED && ret !=3D UCODE_OK) + return ret; + + if (!cpu && uci->cpu_sig.rev !=3D cur_rev) { + pr_info("Updated to revision 0x%x, date =3D %04x-%02x-%02x\n", + uci->cpu_sig.rev, mc->hdr.date & 0xffff, mc->hdr.date >> 24, (mc->hdr.date >> 16) & 0xff); - prev_rev =3D rev; } =20 - ret =3D UCODE_UPDATED; - -out: - uci->cpu_sig.rev =3D rev; - c->microcode =3D rev; - - /* Update boot_cpu_data's revision too, if we're on the BSP: */ - if (bsp) - boot_cpu_data.microcode =3D rev; + cpu_data(cpu).microcode =3D uci->cpu_sig.rev; + if (!cpu) + boot_cpu_data.microcode =3D uci->cpu_sig.rev; =20 return ret; } @@ -654,7 +621,7 @@ static void finalize_late_load(int resul static struct microcode_ops microcode_intel_ops =3D { .request_microcode_fw =3D request_microcode_fw, .collect_cpu_info =3D collect_cpu_info, - .apply_microcode =3D apply_microcode_intel, + .apply_microcode =3D apply_microcode_late, .finalize_late_load =3D finalize_late_load, }; From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89267CA0ECE for ; Tue, 12 Sep 2023 07:58:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231624AbjILH6m (ORCPT ); Tue, 12 Sep 2023 03:58:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232057AbjILH6V (ORCPT ); Tue, 12 Sep 2023 03:58:21 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A56B1722 for ; Tue, 12 Sep 2023 00:58:02 -0700 (PDT) Message-ID: <20230912065501.467154157@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=mwSPC6sBO3Mtax7VG/Ayowc5WMyDJfVT9RHyC3osMGE=; b=oA2gkW5v4GuBzi/G26ehen714YPvWpaKoetk19ENGTJzeoY/VYc//e6lekJylSeeDH3FH1 pr2dURiPAk2SjSeG/00Tc2BKsjpOZv+TAvAA14CCTl2pYQqzocyNfcY0b9mBrwXLaJlBzp UFW0HbY4xd86eu7IO6mHhq05GSupWYOtaeKYgNzkvtvFutoEqEilCIkZTKag7mXcmqNnnS RKk85lkmYNFzUqECEoCdHXwp229FhdDUN0jXCmd/jhZOiGSo0LHKKc5LWHcLszOetzcf9g Xi6uHFOGlm3bI66asn1201rPioAbb+ZPTzg7H9yKS1XSHN9T055lJzQ0kfTayw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=mwSPC6sBO3Mtax7VG/Ayowc5WMyDJfVT9RHyC3osMGE=; b=bM5+0jXDtcvIORAXYZkEd+WvG4sNwRIP71gTU+S6h950zXuQ3l4L8m6asxopwEAmugncTD x1yLfgAc1yxRnoCg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 11/30] x86/microcode/intel: Rework intel_cpu_collect_info() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:00 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Nothing needs struct ucode_cpu_info. Make it take struct cpu_signature, let it return a boolean and simplify the implementation. Rename it now that the silly name clash with collect_cpu_info() is gone. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/include/asm/cpu.h | 4 ++-- arch/x86/kernel/cpu/microcode/intel.c | 33 +++++++++--------------------= ---- drivers/platform/x86/intel/ifs/load.c | 8 +++----- 3 files changed, 14 insertions(+), 31 deletions(-) --- a/arch/x86/include/asm/cpu.h +++ b/arch/x86/include/asm/cpu.h @@ -73,9 +73,9 @@ static inline void init_ia32_feat_ctl(st =20 extern __noendbr void cet_disable(void); =20 -struct ucode_cpu_info; +struct cpu_signature; =20 -int intel_cpu_collect_info(struct ucode_cpu_info *uci); +void intel_collect_cpu_info(struct cpu_signature *sig); =20 static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned in= t p1, unsigned int s2, unsigned int p2) --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -66,36 +66,21 @@ static inline unsigned int exttable_size return et->count * EXT_SIGNATURE_SIZE + EXT_HEADER_SIZE; } =20 -int intel_cpu_collect_info(struct ucode_cpu_info *uci) +void intel_collect_cpu_info(struct cpu_signature *sig) { - unsigned int val[2]; - unsigned int family, model; - struct cpu_signature csig =3D { 0 }; - unsigned int eax, ebx, ecx, edx; + sig->sig =3D cpuid_eax(1); + sig->pf =3D 0; + sig->rev =3D intel_get_microcode_revision(); =20 - memset(uci, 0, sizeof(*uci)); + if (x86_model(sig->sig) >=3D 5 || x86_family(sig->sig) > 6) { + unsigned int val[2]; =20 - eax =3D 0x00000001; - ecx =3D 0; - native_cpuid(&eax, &ebx, &ecx, &edx); - csig.sig =3D eax; - - family =3D x86_family(eax); - model =3D x86_model(eax); - - if (model >=3D 5 || family > 6) { /* get processor flags from MSR 0x17 */ native_rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]); - csig.pf =3D 1 << ((val[1] >> 18) & 7); + sig->pf =3D 1 << ((val[1] >> 18) & 7); } - - csig.rev =3D intel_get_microcode_revision(); - - uci->cpu_sig =3D csig; - - return 0; } -EXPORT_SYMBOL_GPL(intel_cpu_collect_info); +EXPORT_SYMBOL_GPL(intel_collect_cpu_info); =20 /* * Returns 1 if update has been found, 0 otherwise. @@ -381,7 +366,7 @@ static __init struct microcode_intel *ge if (!(cp.data && cp.size)) return NULL; =20 - intel_cpu_collect_info(uci); + intel_collect_cpu_info(&uci->cpu_sig); =20 return scan_microcode(cp.data, cp.size, uci); } --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -227,7 +227,7 @@ static int scan_chunks_sanity_check(stru =20 static int image_sanity_check(struct device *dev, const struct microcode_h= eader_intel *data) { - struct ucode_cpu_info uci; + struct cpu_signature sig; =20 /* Provide a specific error message when loading an older/unsupported ima= ge */ if (data->hdrver !=3D MC_HEADER_TYPE_IFS) { @@ -240,11 +240,9 @@ static int image_sanity_check(struct dev return -EINVAL; } =20 - intel_cpu_collect_info(&uci); + intel_collect_cpu_info(&sig); =20 - if (!intel_find_matching_signature((void *)data, - uci.cpu_sig.sig, - uci.cpu_sig.pf)) { + if (!intel_find_matching_signature((void *)data, sig.sig, sig.pf)) { dev_err(dev, "cpu signature, processor flags not matching\n"); return -EINVAL; } From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2EDBFCA0ECA for ; Tue, 12 Sep 2023 07:58:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232191AbjILH6o (ORCPT ); Tue, 12 Sep 2023 03:58:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232095AbjILH62 (ORCPT ); Tue, 12 Sep 2023 03:58:28 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6651C1733 for ; Tue, 12 Sep 2023 00:58:04 -0700 (PDT) Message-ID: <20230912065501.530637507@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=ihivJowKww+fe1UCzdxyPRQezAmQeOqgMJYs1huTU/U=; b=wj1dVLTGF6RgQZ93P3v00gpeCt+n3ShYIi8VyQFE55ZOsZOXkp6ajCHFqdMtSDVxOo4qVm s9AoaiRwqEmjibvFZnZ02gCd0yYaNngTLCZqDYCOG5ukSHrxA8gn775Kd++ALwx8y3nlOd Bv875kw34ZDaO/BgQEecef9lrugWjpN7o1YHSLZXFc2HjjejFqfzVNZ0g6mq8Z+vCgW8tt +uBcYa128XANDG0st3buDjsZo2mSUOW4fEJjRwKjuDGu49TyNYqcUwmeebS5G+bymprNke UmBec4clGrp9SVwcPic0rnNj0Cv0hGb2vzGshg6+uPhzouO9mxNgekxQbrUibA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=ihivJowKww+fe1UCzdxyPRQezAmQeOqgMJYs1huTU/U=; b=pjHTtTC9LC4Q6P8H4sYw/dU1Irf8uOq7L4qiAeB9uAO0JCf+WSRPi7+kH1Vcpg4K5aOnMk bkHtbiYKaEiWYLCQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 12/30] x86/microcode/intel: Reuse intel_cpu_collect_info() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:02 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" No point for an almost duplicate function. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/kernel/cpu/microcode/intel.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -425,21 +425,7 @@ void reload_ucode_intel(void) =20 static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) { - struct cpuinfo_x86 *c =3D &cpu_data(cpu_num); - unsigned int val[2]; - - memset(csig, 0, sizeof(*csig)); - - csig->sig =3D cpuid_eax(0x00000001); - - if ((c->x86_model >=3D 5) || (c->x86 > 6)) { - /* get processor flags from MSR 0x17 */ - rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]); - csig->pf =3D 1 << ((val[1] >> 18) & 7); - } - - csig->rev =3D c->microcode; - + intel_collect_cpu_info(csig); return 0; } From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E00ECA0ECF for ; Tue, 12 Sep 2023 07:58:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231949AbjILH6w (ORCPT ); Tue, 12 Sep 2023 03:58:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbjILH6h (ORCPT ); Tue, 12 Sep 2023 03:58:37 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC45F198D for ; Tue, 12 Sep 2023 00:58:05 -0700 (PDT) Message-ID: <20230912065501.592043301@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=KPQ747hpIr0GFPtwS8ofAyiGhdmmSNrNmfk+STn9gD4=; b=nupoqRkkIetoIHhWk6H9LzlH8Ne/sqhNyLvsyTVLCVLoZ4eXAX+jW4SRgsh2hJj2QOZrn3 e42tVNYYz7sjbsh4neSV1SA1oBx6K7absoHOn2e2Ni5xj4IYrwrLpB/pBfNRtUbksd2zn8 h/zHZjGsifAzAVA27pYZcAlv7ulSboghyJX7hN1m1KSzDeBFkItCuMLnXuDMhfjNdQ/Plu 0N9SYtPiVsAJdU4d2/5hIAOngZxprsdnz+23SWfA66Raw9bZLtaiRf/d6mwuHSlQt1D3YX 1PcPCLM0pHbtmin1KHFgJkTpS0FfpVaV8d51oB5hKhibVQP9m2mYHQ7PYvyAFg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=KPQ747hpIr0GFPtwS8ofAyiGhdmmSNrNmfk+STn9gD4=; b=2bD5uX3YOs6c2shQYU267D6hgBS7iSzQ+BPkoXbrdUnEV7jL9wwgAurfQLoEg5CZ6B5L7C WMZ2IbwqgdWp7GDg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 13/30] x86/microcode/intel: Rework intel_find_matching_signature() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:04 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Take a cpu_signature argument and work from there. Move the match() helper next to the callsite as there is no point for having it in a header. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/include/asm/cpu.h | 16 +--------------- arch/x86/kernel/cpu/microcode/intel.c | 31 +++++++++++++++++++----------= -- drivers/platform/x86/intel/ifs/load.c | 2 +- 3 files changed, 21 insertions(+), 28 deletions(-) --- a/arch/x86/include/asm/cpu.h +++ b/arch/x86/include/asm/cpu.h @@ -77,22 +77,8 @@ struct cpu_signature; =20 void intel_collect_cpu_info(struct cpu_signature *sig); =20 -static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned in= t p1, - unsigned int s2, unsigned int p2) -{ - if (s1 !=3D s2) - return false; - - /* Processor flags are either both 0 ... */ - if (!p1 && !p2) - return true; - - /* ... or they intersect. */ - return p1 & p2; -} - extern u64 x86_read_arch_cap_msr(void); -int intel_find_matching_signature(void *mc, unsigned int csig, int cpf); +bool intel_find_matching_signature(void *mc, struct cpu_signature *sig); int intel_microcode_sanity_check(void *mc, bool print_err, int hdr_type); =20 extern struct cpumask cpus_stop_mask; --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -82,29 +82,36 @@ void intel_collect_cpu_info(struct cpu_s } EXPORT_SYMBOL_GPL(intel_collect_cpu_info); =20 -/* - * Returns 1 if update has been found, 0 otherwise. - */ -int intel_find_matching_signature(void *mc, unsigned int csig, int cpf) +static inline bool cpu_signatures_match(struct cpu_signature *s1, unsigned= int sig2, + unsigned int pf2) +{ + if (s1->sig !=3D sig2) + return false; + + /* Processor flags are either both 0 or they intersect. */ + return ((!s1->pf && !pf2) || (s1->pf & pf2)); +} + +bool intel_find_matching_signature(void *mc, struct cpu_signature *sig) { struct microcode_header_intel *mc_hdr =3D mc; - struct extended_sigtable *ext_hdr; struct extended_signature *ext_sig; + struct extended_sigtable *ext_hdr; int i; =20 - if (intel_cpu_signatures_match(csig, cpf, mc_hdr->sig, mc_hdr->pf)) - return 1; + if (cpu_signatures_match(sig, mc_hdr->sig, mc_hdr->pf)) + return true; =20 /* Look for ext. headers: */ if (get_totalsize(mc_hdr) <=3D intel_microcode_get_datasize(mc_hdr) + MC_= HEADER_SIZE) - return 0; + return false; =20 ext_hdr =3D mc + intel_microcode_get_datasize(mc_hdr) + MC_HEADER_SIZE; ext_sig =3D (void *)ext_hdr + EXT_HEADER_SIZE; =20 for (i =3D 0; i < ext_hdr->count; i++) { - if (intel_cpu_signatures_match(csig, cpf, ext_sig->sig, ext_sig->pf)) - return 1; + if (cpu_signatures_match(sig, ext_sig->sig, ext_sig->pf)) + return true; ext_sig++; } return 0; @@ -265,7 +272,7 @@ static __init struct microcode_intel *sc intel_microcode_sanity_check(data, false, MC_HEADER_TYPE_MICROCODE) = < 0) break; =20 - if (!intel_find_matching_signature(data, uci->cpu_sig.sig, uci->cpu_sig.= pf)) + if (!intel_find_matching_signature(data, &uci->cpu_sig)) continue; =20 /* Check whether there is newer microcode */ @@ -502,7 +509,7 @@ static enum ucode_state read_ucode_intel if (cur_rev >=3D mc_header.rev) continue; =20 - if (!intel_find_matching_signature(mc, uci->cpu_sig.sig, uci->cpu_sig.pf= )) + if (!intel_find_matching_signature(mc, &uci->cpu_sig)) continue; =20 kvfree(new_mc); --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -242,7 +242,7 @@ static int image_sanity_check(struct dev =20 intel_collect_cpu_info(&sig); =20 - if (!intel_find_matching_signature((void *)data, sig.sig, sig.pf)) { + if (!intel_find_matching_signature((void *)data, &sig)) { dev_err(dev, "cpu signature, processor flags not matching\n"); return -EINVAL; } From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83396CA0ECE for ; Tue, 12 Sep 2023 07:58:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232055AbjILH6z (ORCPT ); Tue, 12 Sep 2023 03:58:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232127AbjILH6i (ORCPT ); Tue, 12 Sep 2023 03:58:38 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8598219A1 for ; Tue, 12 Sep 2023 00:58:07 -0700 (PDT) Message-ID: <20230912065501.656264495@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=kkIW+v+zNIk9lQpoyroVUgRr0ogOwnyVqvNr/VLjf7s=; b=MmUz0z9xeJcrJnxPWAhM0Sg9irL5LYgARz0uyeEaDH49TpRkPWpFfdIeun756Hw9CzJCgr HcE0+36CM8yqUrZTC3+N4XKggFfmqs2nEeTMUnbrtSA4jYJdoX0SnTEhdUuxl9wTCoqcmF cJfWnR6QFOJNGFZQ2Yn826PEDE0YPyW+1TSBpaa4E6a+8xcf5iVKMGxq9iL/v0X5u1pvTh QfHnC59V/7lkdTO8uDeUTXJ73kaVBLIjBrYgUSSg1rrWw05XdnPI2kFESehEwXhV+bS8LL i8ECiTGFkpP2+uqiFvEGf7ArEgcC/uEfmOCVnq1HmHpawVwzWGAVvFa7CU4qzA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=kkIW+v+zNIk9lQpoyroVUgRr0ogOwnyVqvNr/VLjf7s=; b=k8+2iG5JfnEGJAuQRw8Z7ZzyuRb880eqYgK9XpNXEhGaZUVQv5PAFFf05u5VWP+04t5PSY jE+MezHcy/Fb0gAg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 14/30] x86/microcode/amd: Read revision from hardware in collect_cpu_info_amd() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:05 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Prepare to decrapify the core initialization logic which invokes microcode_ops::apply_microcode() several times just to set cpu_data::microcode. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/kernel/cpu/microcode/amd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -673,12 +673,12 @@ void reload_ucode_amd(unsigned int cpu) =20 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig) { - struct cpuinfo_x86 *c =3D &cpu_data(cpu); struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; + u32 dummy __always_unused; struct ucode_patch *p; =20 csig->sig =3D cpuid_eax(0x00000001); - csig->rev =3D c->microcode; + rdmsr(MSR_AMD64_PATCH_LEVEL, csig->rev, dummy); =20 /* * a patch could have been loaded early, set uci->mc so that From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 806D0CA0ECF for ; Tue, 12 Sep 2023 07:58:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232136AbjILH65 (ORCPT ); Tue, 12 Sep 2023 03:58:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231990AbjILH6j (ORCPT ); Tue, 12 Sep 2023 03:58:39 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 310FD19B5 for ; Tue, 12 Sep 2023 00:58:09 -0700 (PDT) Message-ID: <20230912065501.717580036@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=BeckiNcudXRg0sDRJH13jVMFBVk42CtM+dSN32B7aSQ=; b=TZAUUZfbFIkMxB7TDFN3B3QXILFVgVbeA1b5O7xkC1F9oP4ZMe+6z+rtPLUlE+ZAGz8l0a afdzzj0ff2JLqjXzRKIH4plQ6scDHi6HMOEGW9c9pAyc/7HEs/lp2fV/8cnKR3v6ya/UhU 9ZHT4ZC/LpzVDYmOVIGAhdugWGwGVJMSKPPrfgm92ALWajkz6FlfL+XCEtqyjm/F/I7qrf m0vDkRkgeWaAHyQRJSTpT/V4gX9bI3hq+KUw+/vStE7HtSwagChhDYEcdxI7mzhHrCHvEt pU7aU2maz4YKrO0cph1iTe4Blr/svchFrGRDae2Y72jiodCKaFTQIuT1YFRIkA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=BeckiNcudXRg0sDRJH13jVMFBVk42CtM+dSN32B7aSQ=; b=NeDM9/W0hh5OVKj/sdHfdbGu9I07vQP2nNbKL1tI6b0H388qyyN5JyLK0eqdDShP9FRC/J IrZB9EJ2BrKHT9BQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 15/30] x86/microcode: Remove pointless apply() invocation References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:07 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Microcode is applied on the APs during early bringup. There is no point in trying to apply the microcode again during the hotplug operations and neither at the point where the microcode device is initialized. Collect CPU info and microcode revision in setup_online_cpu() for now. This will move to the CPU hotplug callback in the next step. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/kernel/cpu/microcode/core.c | 34 ++++++------------------------= ---- include/linux/cpuhotplug.h | 1 - 2 files changed, 6 insertions(+), 29 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -511,17 +511,6 @@ static void microcode_fini_cpu(int cpu) microcode_ops->microcode_fini_cpu(cpu); } =20 -static enum ucode_state microcode_init_cpu(int cpu) -{ - struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; - - memset(uci, 0, sizeof(*uci)); - - microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); - - return microcode_ops->apply_microcode(cpu); -} - /** * microcode_bsp_resume - Update boot CPU microcode during resume. */ @@ -540,15 +529,6 @@ static struct syscore_ops mc_syscore_ops .resume =3D microcode_bsp_resume, }; =20 -static int mc_cpu_starting(unsigned int cpu) -{ - enum ucode_state err =3D microcode_ops->apply_microcode(cpu); - - pr_debug("%s: CPU%d, err: %d\n", __func__, cpu, err); - - return err =3D=3D UCODE_ERROR; -} - static int mc_cpu_online(unsigned int cpu) { struct device *dev =3D get_cpu_device(cpu); @@ -576,14 +556,14 @@ static int mc_cpu_down_prep(unsigned int static void setup_online_cpu(struct work_struct *work) { int cpu =3D smp_processor_id(); - enum ucode_state err; + struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; =20 - err =3D microcode_init_cpu(cpu); - if (err =3D=3D UCODE_ERROR) { - pr_err("Error applying microcode on CPU%d\n", cpu); - return; - } + memset(uci, 0, sizeof(*uci)); =20 + microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); + cpu_data(cpu).microcode =3D uci->cpu_sig.rev; + if (!cpu) + boot_cpu_data.microcode =3D uci->cpu_sig.rev; mc_cpu_online(cpu); } =20 @@ -636,8 +616,6 @@ static int __init microcode_init(void) schedule_on_each_cpu(setup_online_cpu); =20 register_syscore_ops(&mc_syscore_ops); - cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:start= ing", - mc_cpu_starting, NULL); cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", mc_cpu_online, mc_cpu_down_prep); =20 --- a/include/linux/cpuhotplug.h +++ b/include/linux/cpuhotplug.h @@ -156,7 +156,6 @@ enum cpuhp_state { CPUHP_AP_IRQ_LOONGARCH_STARTING, CPUHP_AP_IRQ_SIFIVE_PLIC_STARTING, CPUHP_AP_ARM_MVEBU_COHERENCY, - CPUHP_AP_MICROCODE_LOADER, CPUHP_AP_PERF_X86_AMD_UNCORE_STARTING, CPUHP_AP_PERF_X86_STARTING, CPUHP_AP_PERF_X86_AMD_IBS_STARTING, From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5187CA0ECE for ; Tue, 12 Sep 2023 07:59:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232154AbjILH7H (ORCPT ); Tue, 12 Sep 2023 03:59:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232157AbjILH6k (ORCPT ); Tue, 12 Sep 2023 03:58:40 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B32C51BEA for ; Tue, 12 Sep 2023 00:58:10 -0700 (PDT) Message-ID: <20230912065501.777893171@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=dBHUwt2VZzLKlhZD7lus6ZMnFKpXbbWJtwBvilrxafU=; b=WNmU6iY9mLJRMZGkGeQdBmj9PHK4NojOS348gK8kWx9n8wdhoIQtZv+pFsYG1i3+ow8lWJ i5Dmy30dLW1n/mUZasLMRQA8Pzl/HDnc14N+gw75DEqGyTaVK3ZQU/bhF9GNV9Lhl9JcYv s/TD/8kBRb3/AwVOcoKuBpDbrkIK4F6fHySkjTJiSx+314zh33lWZrGuS16Y7pONHPOvm5 RndoYo0gGdYKfoREkUS1gDSMkrXBzPfiogcW85PxfTvfyNbsYfac1qEFedxqXQY5qy8hQ1 CEESiNxNiQnnLFxKJrTdyrXu1uMvArjl+2i/6SbXsARUIJHGfoUeW3M5AtZ+9Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=dBHUwt2VZzLKlhZD7lus6ZMnFKpXbbWJtwBvilrxafU=; b=fyo9/Q/8h/II6rdgCACFg1uN+807cKfPKMZbwfGmdh4g0z+kmveZDimC6jbu4fUdWuETXx WWkhie4MYJZXqRAg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 16/30] x86/microcode: Get rid of the schedule work indirection References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:08 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Scheduling work on all CPUs to collect the microcode information is just another extra step for no value. Let the CPU hotplug callback registration do it. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/kernel/cpu/microcode/core.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -531,8 +531,16 @@ static struct syscore_ops mc_syscore_ops =20 static int mc_cpu_online(unsigned int cpu) { + struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; struct device *dev =3D get_cpu_device(cpu); =20 + memset(uci, 0, sizeof(*uci)); + + microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); + cpu_data(cpu).microcode =3D uci->cpu_sig.rev; + if (!cpu) + boot_cpu_data.microcode =3D uci->cpu_sig.rev; + if (sysfs_create_group(&dev->kobj, &mc_attr_group)) pr_err("Failed to create group for CPU%d\n", cpu); return 0; @@ -553,20 +561,6 @@ static int mc_cpu_down_prep(unsigned int return 0; } =20 -static void setup_online_cpu(struct work_struct *work) -{ - int cpu =3D smp_processor_id(); - struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; - - memset(uci, 0, sizeof(*uci)); - - microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); - cpu_data(cpu).microcode =3D uci->cpu_sig.rev; - if (!cpu) - boot_cpu_data.microcode =3D uci->cpu_sig.rev; - mc_cpu_online(cpu); -} - static struct attribute *cpu_root_microcode_attrs[] =3D { #ifdef CONFIG_MICROCODE_LATE_LOADING &dev_attr_reload.attr, @@ -612,12 +606,9 @@ static int __init microcode_init(void) } } =20 - /* Do per-CPU setup */ - schedule_on_each_cpu(setup_online_cpu); - register_syscore_ops(&mc_syscore_ops); - cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", - mc_cpu_online, mc_cpu_down_prep); + cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", + mc_cpu_online, mc_cpu_down_prep); =20 pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION); From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41D58CA0ECA for ; Tue, 12 Sep 2023 07:59:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231840AbjILH7O (ORCPT ); Tue, 12 Sep 2023 03:59:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232090AbjILH6l (ORCPT ); Tue, 12 Sep 2023 03:58:41 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E6DB2102 for ; Tue, 12 Sep 2023 00:58:12 -0700 (PDT) Message-ID: <20230912065501.838955709@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=29AYhkI+1B+aP2ulSjBZYvwAxHR9z6zN13x7VQxgXac=; b=o5K9GLXM3XJpdsaGpiBbbxvmmBIEGDFBMHADfwXSBVH3+l+2a6D+OMu0ia1mVRFIBR+2/W uqhaCgGahmSxDrsgnpSSfKNZgh2/GoQ9wgUxow4iRFVmePrffytWctRvaSFsl+96+kX74g zlJgwaZvvgCQmI6EiyN6ZGRhVwjXgtKyuA0JdnL86v769V7k0rqWg+VX12BZ81XK90BKrx UDfvQWrLaM5X5TCNsxvuQju+uFM5ejimEM0tmkqd6UFbmMKHK4NoN//og2uzek166vUZS3 SmYm44zVjymVBgVX0RHw8UiGBGFkOnvzrc5lpTvDA2aOkRo55AUu6Zu3sgCdLg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=29AYhkI+1B+aP2ulSjBZYvwAxHR9z6zN13x7VQxgXac=; b=KBTh1d6SrsaSukcbTTTJGUkoMfBfIkLyuLjz/8JnxI6kpyDX2Zvx2BOGrpl8ML2w5Q8AHK rbusKTV3I4h1YaDQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 17/30] x86/microcode: Clean up mc_cpu_down_prep() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:10 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This function has nothing to do with suspend. It's a hotplug callback. Remove the bogus comment. Drop the pointless debug printk. The hotplug core provides tracepoints which track the invocation of those callbacks. Signed-off-by: Thomas Gleixner --- V2: New patch --- arch/x86/kernel/cpu/microcode/core.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -569,16 +569,10 @@ static int mc_cpu_online(unsigned int cp =20 static int mc_cpu_down_prep(unsigned int cpu) { - struct device *dev; - - dev =3D get_cpu_device(cpu); + struct device *dev =3D get_cpu_device(cpu); =20 microcode_fini_cpu(cpu); - - /* Suspend is in progress, only remove the interface */ sysfs_remove_group(&dev->kobj, &mc_attr_group); - pr_debug("%s: CPU%d\n", __func__, cpu); - return 0; } From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDE5CCA0ECA for ; Tue, 12 Sep 2023 08:00:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232395AbjILIAS (ORCPT ); Tue, 12 Sep 2023 04:00:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232101AbjILH6s (ORCPT ); Tue, 12 Sep 2023 03:58:48 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86CB82122 for ; Tue, 12 Sep 2023 00:58:14 -0700 (PDT) Message-ID: <20230912065501.899886649@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505492; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=Q4ru7NAfdX5E2q0WOPskDN2at23E5jYbJEoHUeyYgF4=; b=TcYrBqZ+SVaKkchzBHbrsg1CWP5Totia+mjt1S62DOrsjqpzr2myhzDmfFIJgcXS687mbW pFOMyhPYw8jpSde+jptSKfoqopy4OwRcIptOPXRzK3Oy5VLwwXhWEtJ9fCI3AlPCRon+cv 0SUb4ErB0vBRTyqpalOAIPEe06ER+OkXDhub2TxCTRAuymf8r+Az97vp6QrJMq1+shcrMV GxRR72VZQWjF3Otu8SJb/S6twc+kG986u3b6ZMexDk7rlVcd0+Po/ZpZhTrZDBkCIIMEOc BNBe5aeMhlLyefImUH00Ui4UDUfgY3rvbqsL5x0SMOu5F40pjGAxRhODtXCbxQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505492; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=Q4ru7NAfdX5E2q0WOPskDN2at23E5jYbJEoHUeyYgF4=; b=UWxqK4b75j2w6T5PE8NCAeDHJEJhASRyEfzwys0UndjdljmpMh3VCP9JYa9PpsFxOGYaUG eUkfOtYtJnKPFCDA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 18/30] x86/microcode: Handle "nosmt" correctly References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:12 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner On CPUs where microcode loading is not NMI safe the SMT sibling which is parked in one of the play_dead() variants, these parked CPUs still react on NMIs. So if a NMI hits while the primary thread updates the microcode the resulting behaviour is undefined. The default play_dead() implementation on modern CPUs is using MWAIT, which is not guaranteed to be safe against an microcode update which affects MWAIT. Take the cpus_booted_once_mask into account to detect this case and refuse to load late if the vendor specific driver does not advertise that late loading is NMI safe. AMD stated that this is safe, so mark the AMD driver accordingly. This requirement will be partially lifted in later changes. Signed-off-by: Thomas Gleixner --- arch/x86/Kconfig | 2 - arch/x86/kernel/cpu/microcode/amd.c | 9 +++-- arch/x86/kernel/cpu/microcode/core.c | 51 +++++++++++++++++++-------= ----- arch/x86/kernel/cpu/microcode/internal.h | 13 +++---- 4 files changed, 44 insertions(+), 31 deletions(-) --- --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1314,7 +1314,7 @@ config MICROCODE config MICROCODE_LATE_LOADING bool "Late microcode loading (DANGEROUS)" default n - depends on MICROCODE + depends on MICROCODE && SMP help Loading microcode late, when the system is up and executing instructions is a tricky business and should be avoided if possible. Just the sequen= ce --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -948,10 +948,11 @@ static void microcode_fini_cpu_amd(int c } =20 static struct microcode_ops microcode_amd_ops =3D { - .request_microcode_fw =3D request_microcode_amd, - .collect_cpu_info =3D collect_cpu_info_amd, - .apply_microcode =3D apply_microcode_amd, - .microcode_fini_cpu =3D microcode_fini_cpu_amd, + .request_microcode_fw =3D request_microcode_amd, + .collect_cpu_info =3D collect_cpu_info_amd, + .apply_microcode =3D apply_microcode_amd, + .microcode_fini_cpu =3D microcode_fini_cpu_amd, + .nmi_safe =3D true, }; =20 struct microcode_ops * __init init_amd_microcode(void) --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -326,23 +326,6 @@ static struct platform_device *microcode */ #define SPINUNIT 100 /* 100 nsec */ =20 -static int check_online_cpus(void) -{ - unsigned int cpu; - - /* - * Make sure all CPUs are online. It's fine for SMT to be disabled if - * all the primary threads are still online. - */ - for_each_present_cpu(cpu) { - if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) { - pr_err("Not all CPUs online, aborting microcode update.\n"); - return -EINVAL; - } - } - - return 0; -} =20 static atomic_t late_cpus_in; static atomic_t late_cpus_out; @@ -459,6 +442,35 @@ static int microcode_reload_late(void) return ret; } =20 +/* + * Ensure that all required CPUs which are present and have been booted + * once are online. + * + * To pass this check, all primary threads must be online. + * + * If the microcode load is not safe against NMI then all SMT threads + * must be online as well because they still react on NMI when they are + * soft-offlined and parked in one of the play_dead() variants. So if a + * NMI hits while the primary thread updates the microcode the resulting + * behaviour is undefined. The default play_dead() implementation on + * modern CPUs is using MWAIT, which is also not guaranteed to be safe + * against a microcode update which affects MWAIT. + */ +static bool ensure_cpus_are_online(void) +{ + unsigned int cpu; + + for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { + if (!cpu_online(cpu)) { + if (topology_is_primary_thread(cpu) || !microcode_ops->nmi_safe) { + pr_err("CPU %u not online\n", cpu); + return false; + } + } + } + return true; +} + static ssize_t reload_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t size) @@ -474,9 +486,10 @@ static ssize_t reload_store(struct devic =20 cpus_read_lock(); =20 - ret =3D check_online_cpus(); - if (ret) + if (!ensure_cpus_are_online()) { + ret =3D -EBUSY; goto put; + } =20 tmp_ret =3D microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev= ); if (tmp_ret !=3D UCODE_NEW) --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -20,18 +20,17 @@ enum ucode_state { =20 struct microcode_ops { enum ucode_state (*request_microcode_fw)(int cpu, struct device *dev); - void (*microcode_fini_cpu)(int cpu); =20 /* - * The generic 'microcode_core' part guarantees that - * the callbacks below run on a target cpu when they - * are being called. + * The generic 'microcode_core' part guarantees that the callbacks + * below run on a target cpu when they are being called. * See also the "Synchronization" section in microcode_core.c. */ - enum ucode_state (*apply_microcode)(int cpu); - int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); - void (*finalize_late_load)(int result); + enum ucode_state (*apply_microcode)(int cpu); + int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); + void (*finalize_late_load)(int result); + unsigned int nmi_safe : 1; }; =20 extern struct ucode_cpu_info ucode_cpu_info[]; From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25BA3CA0EDA for ; Tue, 12 Sep 2023 07:59:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232057AbjILH72 (ORCPT ); Tue, 12 Sep 2023 03:59:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231984AbjILH6u (ORCPT ); Tue, 12 Sep 2023 03:58:50 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CFE0F10D7 for ; Tue, 12 Sep 2023 00:58:15 -0700 (PDT) Message-ID: <20230912065501.961705755@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505494; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=1lBdPitYyTH3fsPE7V/4ABSpwPZct6295smjQAkgNa4=; b=ftqcaC+bXsFBXJg518lIMU2YZ+XCbYlWfLkJDQ+ggwR43AVjKULRrKmYqwJVuRHIfb9IM8 mRAN/rfy8F+TTDo+w80gLMR0HUkB2fOzPpk7idfojOGhkANnQSJNq6G8X+7/8WN7fd/ubu 2WBVMLsVVy8Dqgnwus1NkyiVBZTdTwfxUxkVCSjBiOa+ygV4uzKKS4ckvXOMygvDTer8yD XiCG7wG8BjFEKXY1m0Pzq2+Ox47uWhp7NEFECWlTlvqgsHnlwCdjkQGjhFGK1GIEKTQeUG /P/7cmGlDzlyObunNmqVYkjH4X6O3OcRgTakYCtW935HRbXuv5T/GQ8Tm6Y27w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505494; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=1lBdPitYyTH3fsPE7V/4ABSpwPZct6295smjQAkgNa4=; b=5TFRvLxvtYwar2kxPLc4wxw6Uxwqbs5L/fMbICJx4ZHjBGNBNX0dKeScZkx4F7bKzPRf39 ngy7S5oODr13RlDA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 19/30] x86/microcode: Clarify the late load logic References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:13 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner reload_store() is way too complicated. Split the inner workings out and make the following enhancements: - Taint the kernel only when the microcode was actually updated. If. e.g. the rendevouz fails, then nothing happened and there is no reason for tainting. - Return useful error codes Signed-off-by: Thomas Gleixner Reviewed-by: Nikolay Borisov --- arch/x86/kernel/cpu/microcode/core.c | 39 +++++++++++++++---------------= ----- 1 file changed, 17 insertions(+), 22 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -434,11 +434,11 @@ static int microcode_reload_late(void) pr_info("Reload succeeded, microcode revision: 0x%x -> 0x%x\n", old, boot_cpu_data.microcode); microcode_check(&prev_info); + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); } else { pr_info("Reload failed, current microcode revision: 0x%x\n", boot_cpu_data.microcode); } - return ret; } =20 @@ -471,40 +471,35 @@ static bool ensure_cpus_are_online(void) return true; } =20 +static int ucode_load_late_locked(void) +{ + int ret; + + if (!ensure_cpus_are_online()) + return -EBUSY; + + ret =3D microcode_ops->request_microcode_fw(0, µcode_pdev->dev); + if (ret !=3D UCODE_NEW) + return ret =3D=3D UCODE_NFOUND ? -ENOENT : -EBADFD; + return microcode_reload_late(); +} + static ssize_t reload_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t size) { - enum ucode_state tmp_ret =3D UCODE_OK; - int bsp =3D boot_cpu_data.cpu_index; unsigned long val; - ssize_t ret =3D 0; + ssize_t ret; =20 ret =3D kstrtoul(buf, 0, &val); if (ret || val !=3D 1) return -EINVAL; =20 cpus_read_lock(); - - if (!ensure_cpus_are_online()) { - ret =3D -EBUSY; - goto put; - } - - tmp_ret =3D microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev= ); - if (tmp_ret !=3D UCODE_NEW) - goto put; - - ret =3D microcode_reload_late(); -put: + ret =3D ucode_load_late_locked(); cpus_read_unlock(); =20 - if (ret =3D=3D 0) - ret =3D size; - - add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); - - return ret; + return ret ? : size; } =20 static DEVICE_ATTR_WO(reload); From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 826D9CA0ECA for ; Tue, 12 Sep 2023 08:00:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231882AbjILIAD (ORCPT ); Tue, 12 Sep 2023 04:00:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232124AbjILH6x (ORCPT ); Tue, 12 Sep 2023 03:58:53 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20B7710E2 for ; Tue, 12 Sep 2023 00:58:17 -0700 (PDT) Message-ID: <20230912065502.022650614@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=/mf0toaJNTepRqxmdRBH+YrhPsSto1ib/DfMaTt6vf0=; b=g45VjkWr4SZn3yjEAj2eWLFNcRhU+UHPjUtzawCFgwj/Glp/er+bg3ogM+X258L6hsbPhd 8uOzYpmvZJRf5MXhO8pMKfhGcFtfLds6u8ni7NeMIGI6giAtelJvB6oW5/VPgpaszxG82j h+O684VQFMepqlCLQxUPWe2WB2U6G0u90vB9vvVITwx7anvS+JQIMtMQxB82rCbHXH5tPy M432JypKh6p+rafj1Gyz6gRn2mwi8/MZszvSku1nZuIfMXpYgWlbxbxewAJZFdE46sdJ2+ RJid0AjY9zasC7LhtRNAFFMuSVdWdAOumkNDXCA/mXDZoNYwjjF9qmIn2xFgtg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505495; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=/mf0toaJNTepRqxmdRBH+YrhPsSto1ib/DfMaTt6vf0=; b=/tqFuXrIH08IG44vB+PEpoTe/F4Eob70a3awXZKlp3feakto4GsvX4axyQ/YfZtYZlDYvg OyvKE/06FGM4XuDQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 20/30] x86/microcode: Sanitize __wait_for_cpus() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:15 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner The code is too complicated for no reason: - The return value is pointless as this is a strict boolean. - It's way simpler to count down from num_online_cpus() and check for zero. - The timeout argument is pointless as this is always one second. - Touching the NMI watchdog every 100ns does not make any sense, neither does checking every 100ns. This is really not a hotpath operation. Preload the atomic counter with the number of online CPUs and simplify the whole timeout logic. Delay for one microsecond and touch the NMI watchdog once per millisecond. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 41 ++++++++++++++----------------= ----- 1 file changed, 17 insertions(+), 24 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -324,31 +324,24 @@ static struct platform_device *microcode * requirement can be relaxed in the future. Right now, this is conserva= tive * and good. */ -#define SPINUNIT 100 /* 100 nsec */ +static atomic_t late_cpus_in, late_cpus_out; =20 - -static atomic_t late_cpus_in; -static atomic_t late_cpus_out; - -static int __wait_for_cpus(atomic_t *t, long long timeout) +static bool wait_for_cpus(atomic_t *cnt) { - int all_cpus =3D num_online_cpus(); - - atomic_inc(t); - - while (atomic_read(t) < all_cpus) { - if (timeout < SPINUNIT) { - pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", - all_cpus - atomic_read(t)); - return 1; - } + unsigned int timeout; =20 - ndelay(SPINUNIT); - timeout -=3D SPINUNIT; + WARN_ON_ONCE(atomic_dec_return(cnt) < 0); =20 - touch_nmi_watchdog(); + for (timeout =3D 0; timeout < USEC_PER_SEC; timeout++) { + if (!atomic_read(cnt)) + return true; + udelay(1); + if (!(timeout % 1000)) + touch_nmi_watchdog(); } - return 0; + /* Prevent the late comers to make progress and let them time out */ + atomic_inc(cnt); + return false; } =20 /* @@ -366,7 +359,7 @@ static int __reload_late(void *info) * Wait for all CPUs to arrive. A load will not be attempted unless all * CPUs show up. * */ - if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) + if (!wait_for_cpus(&late_cpus_in)) return -1; =20 /* @@ -389,7 +382,7 @@ static int __reload_late(void *info) } =20 wait_for_siblings: - if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC)) + if (!wait_for_cpus(&late_cpus_out)) panic("Timeout during microcode update!\n"); =20 /* @@ -416,8 +409,8 @@ static int microcode_reload_late(void) pr_err("Attempting late microcode loading - it is dangerous and taints th= e kernel.\n"); pr_err("You should switch to early loading, if possible.\n"); =20 - atomic_set(&late_cpus_in, 0); - atomic_set(&late_cpus_out, 0); + atomic_set(&late_cpus_in, num_online_cpus()); + atomic_set(&late_cpus_out, num_online_cpus()); =20 /* * Take a snapshot before the microcode update in order to compare and From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B94B9CA0ECA for ; Tue, 12 Sep 2023 08:00:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232095AbjILIA3 (ORCPT ); Tue, 12 Sep 2023 04:00:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232211AbjILH6y (ORCPT ); Tue, 12 Sep 2023 03:58:54 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3E3610F3 for ; Tue, 12 Sep 2023 00:58:18 -0700 (PDT) Message-ID: <20230912065502.082789879@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=2kqLUw1a4gV9FrIDWZ/O+PSOOuBOB0W9vRdpe8yDcXg=; b=QqaPuXD8otO8MOEIXvyvoMFbgqrpc8ZVKklazBuJHJC9cWBbTtTw1x3eGLytyNxgdmimyp WBzksNyIlnKhE12fHgbaM8Z7xBsWve9SDi2jxGaJmk38DpyRNkAVnQw4QV02fS183isYgS s74li/BXboVIoqEr9LtkbE0rLqY8+Aqec3jyTu+eaJ6gs65O5US7LuWGV98RfmTz/K6N+l 6gorRnyMPBhtqD6COqK2L6x8iHs14w28TNmytckJckq9A5p0idz43iIZweDXN8DnAGJbos CA4rvHzMHsJV8U3RfJAGjOpyk5ofnU5eQDYoMDuHlqRZqCWiyRWr5tbHAQt9nQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=2kqLUw1a4gV9FrIDWZ/O+PSOOuBOB0W9vRdpe8yDcXg=; b=PqPSfxGDhKa1TXBJ4lTbeEw9jb3ASVQZbMMAeaWiCeX7/ccIi0d6SHszRnlHLIpKrgPJVG fTrFWjT0+pB6r5BQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 21/30] x86/microcode: Add per CPU result state References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:16 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner The microcode rendevouz is purely acting on global state, which does not allow to analyze fails in a coherent way. Introduce per CPU state where the results are written into, which allows to analyze the return codes of the individual CPUs. Initialize the state when walking the cpu_present_mask in the online check to avoid another for_each_cpu() loop. Enhance the result print out with that. The structure is intentionally named ucode_ctrl as it will gain control fields in subsequent changes. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 108 ++++++++++++++++++--------= ----- arch/x86/kernel/cpu/microcode/internal.h | 1=20 2 files changed, 65 insertions(+), 44 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -324,6 +324,11 @@ static struct platform_device *microcode * requirement can be relaxed in the future. Right now, this is conserva= tive * and good. */ +struct ucode_ctrl { + enum ucode_state result; +}; + +static DEFINE_PER_CPU(struct ucode_ctrl, ucode_ctrl); static atomic_t late_cpus_in, late_cpus_out; =20 static bool wait_for_cpus(atomic_t *cnt) @@ -344,23 +349,19 @@ static bool wait_for_cpus(atomic_t *cnt) return false; } =20 -/* - * Returns: - * < 0 - on error - * 0 - success (no update done or microcode was updated) - */ -static int __reload_late(void *info) +static int ucode_load_cpus_stopped(void *unused) { int cpu =3D smp_processor_id(); - enum ucode_state err; - int ret =3D 0; + enum ucode_state ret; =20 /* * Wait for all CPUs to arrive. A load will not be attempted unless all * CPUs show up. * */ - if (!wait_for_cpus(&late_cpus_in)) - return -1; + if (!wait_for_cpus(&late_cpus_in)) { + this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT); + return 0; + } =20 /* * On an SMT system, it suffices to load the microcode on one sibling of @@ -369,17 +370,11 @@ static int __reload_late(void *info) * loading attempts happen on multiple threads of an SMT core. See * below. */ - if (cpumask_first(topology_sibling_cpumask(cpu)) =3D=3D cpu) - err =3D microcode_ops->apply_microcode(cpu); - else + if (cpumask_first(topology_sibling_cpumask(cpu)) !=3D cpu) goto wait_for_siblings; =20 - if (err >=3D UCODE_NFOUND) { - if (err =3D=3D UCODE_ERROR) { - pr_warn("Error reloading microcode on CPU %d\n", cpu); - ret =3D -1; - } - } + ret =3D microcode_ops->apply_microcode(cpu); + this_cpu_write(ucode_ctrl.result, ret); =20 wait_for_siblings: if (!wait_for_cpus(&late_cpus_out)) @@ -391,19 +386,18 @@ static int __reload_late(void *info) * per-cpu cpuinfo can be updated with right microcode * revision. */ - if (cpumask_first(topology_sibling_cpumask(cpu)) !=3D cpu) - err =3D microcode_ops->apply_microcode(cpu); + if (cpumask_first(topology_sibling_cpumask(cpu)) =3D=3D cpu) + return 0; =20 - return ret; + ret =3D microcode_ops->apply_microcode(cpu); + this_cpu_write(ucode_ctrl.result, ret); + return 0; } =20 -/* - * Reload microcode late on all CPUs. Wait for a sec until they - * all gather together. - */ -static int microcode_reload_late(void) +static int ucode_load_late_stop_cpus(void) { - int old =3D boot_cpu_data.microcode, ret; + unsigned int cpu, updated =3D 0, failed =3D 0, timedout =3D 0, siblings = =3D 0; + int old_rev =3D boot_cpu_data.microcode; struct cpuinfo_x86 prev_info; =20 pr_err("Attempting late microcode loading - it is dangerous and taints th= e kernel.\n"); @@ -418,26 +412,47 @@ static int microcode_reload_late(void) */ store_cpu_caps(&prev_info); =20 - ret =3D stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); + stop_machine_cpuslocked(ucode_load_cpus_stopped, NULL, cpu_online_mask); + + /* Analyze the results */ + for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { + switch (per_cpu(ucode_ctrl.result, cpu)) { + case UCODE_UPDATED: updated++; break; + case UCODE_TIMEOUT: timedout++; break; + case UCODE_OK: siblings++; break; + default: failed++; break; + } + } =20 if (microcode_ops->finalize_late_load) - microcode_ops->finalize_late_load(ret); + microcode_ops->finalize_late_load(!updated); =20 - if (!ret) { - pr_info("Reload succeeded, microcode revision: 0x%x -> 0x%x\n", - old, boot_cpu_data.microcode); - microcode_check(&prev_info); - add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); - } else { - pr_info("Reload failed, current microcode revision: 0x%x\n", - boot_cpu_data.microcode); + if (!updated) { + /* Nothing changed. */ + if (!failed && !timedout) + return 0; + pr_err("Microcode update failed: %u CPUs failed %u CPUs timed out\n", + failed, timedout); + return -EIO; } - return ret; + + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + pr_info("Microcode load: updated on %u primary CPUs with %u siblings\n", = updated, siblings); + if (failed || timedout) { + pr_err("Microcode load incomplete. %u CPUs timed out or failed\n", + num_online_cpus() - (updated + siblings)); + } + pr_info("Microcode revision: 0x%x -> 0x%x\n", old_rev, boot_cpu_data.micr= ocode); + microcode_check(&prev_info); + + return updated + siblings =3D=3D num_online_cpus() ? 0 : -EIO; } =20 /* - * Ensure that all required CPUs which are present and have been booted - * once are online. + * This function does two things: + * + * 1) Ensure that all required CPUs which are present and have been booted + * once are online. * * To pass this check, all primary threads must be online. * @@ -448,9 +463,12 @@ static int microcode_reload_late(void) * behaviour is undefined. The default play_dead() implementation on * modern CPUs is using MWAIT, which is also not guaranteed to be safe * against a microcode update which affects MWAIT. + * + * 2) Initialize the per CPU control structure */ -static bool ensure_cpus_are_online(void) +static bool ucode_setup_cpus(void) { + struct ucode_ctrl ctrl =3D { .result =3D -1, }; unsigned int cpu; =20 for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { @@ -460,6 +478,8 @@ static bool ensure_cpus_are_online(void) return false; } } + /* Initialize the per CPU state */ + per_cpu(ucode_ctrl, cpu) =3D ctrl; } return true; } @@ -468,13 +488,13 @@ static int ucode_load_late_locked(void) { int ret; =20 - if (!ensure_cpus_are_online()) + if (!ucode_setup_cpus()) return -EBUSY; =20 ret =3D microcode_ops->request_microcode_fw(0, µcode_pdev->dev); if (ret !=3D UCODE_NEW) return ret =3D=3D UCODE_NFOUND ? -ENOENT : -EBADFD; - return microcode_reload_late(); + return ucode_load_late_stop_cpus(); } =20 static ssize_t reload_store(struct device *dev, --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -16,6 +16,7 @@ enum ucode_state { UCODE_UPDATED, UCODE_NFOUND, UCODE_ERROR, + UCODE_TIMEOUT, }; =20 struct microcode_ops { From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C9ACCA0ECE for ; Tue, 12 Sep 2023 08:00:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231965AbjILIAb (ORCPT ); Tue, 12 Sep 2023 04:00:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232075AbjILH7I (ORCPT ); Tue, 12 Sep 2023 03:59:08 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7655269E for ; Tue, 12 Sep 2023 00:58:20 -0700 (PDT) Message-ID: <20230912065502.143157215@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=gvgWHgk38J3qGADoq/3qmkZUlBXc3nLuAkYAzeigZSY=; b=SWeVI0WK8cMrRFB6TR1C+N3NwUVDWm5AVEvmrYmAlTtkOxeZsnexP4ezkMSAciU+eNl3ar v5bKyHND27TzTXabykHUbt2rFrl1Zo6AT9zJHn08MumRY6bP37ei3vUtrp9g9sALQdTEUI JzUDN+lx6PWoDxGZQTym/+yI8uMx++rnqoV5oxW8zmJ1CWTij03I+2fMjFvCKUHbykNKH3 GGF9aE6AvMPqajGwRpdjcEMXECHz2wuZRpoRrlPpBmqBlf2B/pePmS/N/G82Eakr6AWwGW N1XxvNwGWLowdh/b2Lwh6RFhYEr5wbzpxVG5frq1dsD1kzaXv6CvBSYzMT1lRA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=gvgWHgk38J3qGADoq/3qmkZUlBXc3nLuAkYAzeigZSY=; b=4O+bGAnHVHvrD+IwSwWv138yd9cTQPjIWL+EY3XqskIPxyDIl4ucC4C57Zb4vI4Jeij/u4 j4YCHTvq+ybbyqDA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 22/30] x86/microcode: Add per CPU control field References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:18 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner Add a per CPU control field to ucode_ctrl and define constants for it: SCTRL_WAIT indicates that the CPU needs to spinwait with timeout SCTRL_APPLY indicates that the CPU needs to invoke the microcode_apply() callback SCTRL_DONE indicates that the CPU can proceed without invoking the microcode_apply() callback. In theory this could be a global control field, but a global control does not cover the following case: 15 primary CPUs load microcode successfully 1 primary CPU fails and returns with an error code With global control the sibling of the failed CPU would either try again or the whole operation would be aborted with the consequence that the 15 siblings do not invoke the apply path and end up with inconsistent software state. The result in dmesg would be inconsistent too. There are two additional fields added and initialized: ctrl_cpu and secondaries. ctrl_cpu is the CPU number of the primary thread for now, but with the upcoming uniform loading at package or system scope this will be one CPU per package or just one CPU. Secondaries hands the control CPU a CPU mask which will be required to release the secondary CPUs out of the wait loop. Preparatory change for implementing a properly split control flow for primary and secondary CPUs. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -324,8 +324,16 @@ static struct platform_device *microcode * requirement can be relaxed in the future. Right now, this is conserva= tive * and good. */ +enum sibling_ctrl { + SCTRL_WAIT, + SCTRL_APPLY, + SCTRL_DONE, +}; + struct ucode_ctrl { + enum sibling_ctrl ctrl; enum ucode_state result; + unsigned int ctrl_cpu; }; =20 static DEFINE_PER_CPU(struct ucode_ctrl, ucode_ctrl); @@ -468,7 +476,7 @@ static int ucode_load_late_stop_cpus(voi */ static bool ucode_setup_cpus(void) { - struct ucode_ctrl ctrl =3D { .result =3D -1, }; + struct ucode_ctrl ctrl =3D { .ctrl =3D SCTRL_WAIT, .result =3D -1, }; unsigned int cpu; =20 for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { @@ -478,7 +486,15 @@ static bool ucode_setup_cpus(void) return false; } } - /* Initialize the per CPU state */ + + /* + * Initialize the per CPU state. This is core scope for now, + * but prepared to take package or system scope into account. + */ + if (topology_is_primary_thread(cpu)) + ctrl.ctrl_cpu =3D cpu; + else + ctrl.ctrl_cpu =3D cpumask_first(topology_sibling_cpumask(cpu)); per_cpu(ucode_ctrl, cpu) =3D ctrl; } return true; From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C3EFCA0ECA for ; Tue, 12 Sep 2023 08:00:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232243AbjILIAf (ORCPT ); Tue, 12 Sep 2023 04:00:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232169AbjILH7N (ORCPT ); Tue, 12 Sep 2023 03:59:13 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F259926AC for ; Tue, 12 Sep 2023 00:58:21 -0700 (PDT) Message-ID: <20230912065502.202675936@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=tcStbJBYGm1S6mX3lupmzFXgqW4kHxxe4AHt7jQaeKc=; b=TxPEeNSADqF/1espoa4joMFPyaHU6sd/ZlOPhCdIrC7wCV7KkIwcL/CpJ3otO5/BeCCDCo eQM3VPvorqp+UHwR7xfGfR7oqCQMrU6H2AcGCDyFDt8NSD/2zPH3lA7Gbjqn4jFKln0mKf SvzyPyAAw/gjlJuf9mzIRFtSt5z/x0/+/YbOY7SGuSJDaiOaIpxabQPr/ONgil6EmnyV3y sMju8Gu3jM0lADivxRf8YWsQG72GcHPQNwgKPfHr4QMWpvfHJL/RVnxECXZ7eadRM0V1JL YnXR2WMROfkL7M/aK2fvIj7V2oMjuGhCn0C3CVYbwmp0C8NGIvdJYreJzxl/0A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=tcStbJBYGm1S6mX3lupmzFXgqW4kHxxe4AHt7jQaeKc=; b=cAq/Q/RnWWyE8qyo5fCPHQbCSaX+Da2dUskr+Di+xg/82NEnYLBZSh4+X9yo3WN+YSDnT7 fO+si2bL29tUcAAw== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 23/30] x86/microcode: Provide new control functions References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:20 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner The current all in one code is unreadable and really not suited for adding future features like uniform loading with package or system scope. Provide a set of new control functions which split the handling of the primary and secondary CPUs. These will replace the current rendevouz all in one function in the next step. This is intentionally a separate change because diff makes an complete unreadable mess otherwise. So the flow separates the primary and the secondary CPUs into their own functions, which use the control field in the per CPU ucode_ctrl struct. primary() secondary() wait_for_all() wait_for_all() apply_ucode() wait_for_release() release() apply_ucode() Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 86 ++++++++++++++++++++++++++++++= +++++ 1 file changed, 86 insertions(+) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -357,6 +357,92 @@ static bool wait_for_cpus(atomic_t *cnt) return false; } =20 +static bool wait_for_ctrl(void) +{ + unsigned int timeout; + + for (timeout =3D 0; timeout < USEC_PER_SEC; timeout++) { + if (this_cpu_read(ucode_ctrl.ctrl) !=3D SCTRL_WAIT) + return true; + udelay(1); + if (!(timeout % 1000)) + touch_nmi_watchdog(); + } + return false; +} + +static __maybe_unused void ucode_load_secondary(unsigned int cpu) +{ + unsigned int ctrl_cpu =3D this_cpu_read(ucode_ctrl.ctrl_cpu); + enum ucode_state ret; + + /* Initial rendevouz to ensure that all CPUs have arrived */ + if (!wait_for_cpus(&late_cpus_in)) { + pr_err_once("Microcode load: %d CPUs timed out\n", + atomic_read(&late_cpus_in) - 1); + this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT); + return; + } + + /* + * Wait for primary threads to complete. If one of them hangs due + * to the update, there is no way out. This is non-recoverable + * because the CPU might hold locks or resources and confuse the + * scheduler, watchdogs etc. There is no way to safely evacuate the + * machine. + */ + if (!wait_for_ctrl()) + panic("Microcode load: Primary CPU %d timed out\n", ctrl_cpu); + + /* + * If the primary succeeded then invoke the apply() callback, + * otherwise copy the state from the primary thread. + */ + if (this_cpu_read(ucode_ctrl.ctrl) =3D=3D SCTRL_APPLY) + ret =3D microcode_ops->apply_microcode(cpu); + else + ret =3D per_cpu(ucode_ctrl.result, ctrl_cpu); + + this_cpu_write(ucode_ctrl.result, ret); + this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE); +} + +static __maybe_unused void ucode_load_primary(unsigned int cpu) +{ + struct cpumask *secondaries =3D topology_sibling_cpumask(cpu); + enum sibling_ctrl ctrl; + enum ucode_state ret; + unsigned int sibling; + + /* Initial rendevouz to ensure that all CPUs have arrived */ + if (!wait_for_cpus(&late_cpus_in)) { + this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT); + pr_err_once("Microcode load: %d CPUs timed out\n", + atomic_read(&late_cpus_in) - 1); + return; + } + + ret =3D microcode_ops->apply_microcode(cpu); + this_cpu_write(ucode_ctrl.result, ret); + this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE); + + /* + * If the update was successful, let the siblings run the apply() + * callback. If not, tell them it's done. This also covers the + * case where the CPU has uniform loading at package or system + * scope implemented but does not advertise it. + */ + if (ret =3D=3D UCODE_UPDATED || ret =3D=3D UCODE_OK) + ctrl =3D SCTRL_APPLY; + else + ctrl =3D SCTRL_DONE; + + for_each_cpu(sibling, secondaries) { + if (sibling !=3D cpu) + per_cpu(ucode_ctrl.ctrl, sibling) =3D ctrl; + } +} + static int ucode_load_cpus_stopped(void *unused) { int cpu =3D smp_processor_id(); From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92A74CA0EC3 for ; Tue, 12 Sep 2023 08:00:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232268AbjILIAk (ORCPT ); Tue, 12 Sep 2023 04:00:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232220AbjILH7P (ORCPT ); Tue, 12 Sep 2023 03:59:15 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C9142701 for ; Tue, 12 Sep 2023 00:58:23 -0700 (PDT) Message-ID: <20230912065502.265405353@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=tBiZyVFg2RByesw9s33ESky6BK8jMzTV8d/B5WDIvI8=; b=ZZG7THSJj1FSt3wSuX5xQNdGvOs2Cwn2089apJGMssuXfq1xxC47x5KnycQ14WAZUlpObq LG5K2NafGw0BeRifHaJcCodesPMLMGynYR4o4236a2UaIW9VnDPAq01dgYkzt5RLBTVY2N 5gBcFasCpmB8jV/tWJlSr+yHG4puA3xZanxYvLiykuIriKgKb3P+COP0Ty2ZKWiN3hbRCu 3U5uwZb5B7hTJOUsMfXAVcg8fgkHy63KICgOoeOQQtNitjngK5j15G+ejJbP3dRxoXM0o6 PZeAUb1OQ+RESWgmxzLAsZdaGMkbZkWJzI0uXO2fskyM3sEBJgr48qE3Ki3+Kg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=tBiZyVFg2RByesw9s33ESky6BK8jMzTV8d/B5WDIvI8=; b=V/LNYjqIkgOictOpkJfjKYzl3XBC7Nbi3r6Hl6Hajb8CDdxUNdn5x2wQuVSDeT7swWQP5E KEHjxvrP2sdVZGCA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 24/30] x86/microcode: Replace the all in one rendevouz handler References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:21 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner with a new handler which just separates the control flow of primary and secondary CPUs. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 51 ++++++------------------------= ----- 1 file changed, 9 insertions(+), 42 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -337,7 +337,7 @@ struct ucode_ctrl { }; =20 static DEFINE_PER_CPU(struct ucode_ctrl, ucode_ctrl); -static atomic_t late_cpus_in, late_cpus_out; +static atomic_t late_cpus_in; =20 static bool wait_for_cpus(atomic_t *cnt) { @@ -371,7 +371,7 @@ static bool wait_for_ctrl(void) return false; } =20 -static __maybe_unused void ucode_load_secondary(unsigned int cpu) +static void ucode_load_secondary(unsigned int cpu) { unsigned int ctrl_cpu =3D this_cpu_read(ucode_ctrl.ctrl_cpu); enum ucode_state ret; @@ -407,7 +407,7 @@ static __maybe_unused void ucode_load_se this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE); } =20 -static __maybe_unused void ucode_load_primary(unsigned int cpu) +static void ucode_load_primary(unsigned int cpu) { struct cpumask *secondaries =3D topology_sibling_cpumask(cpu); enum sibling_ctrl ctrl; @@ -445,46 +445,14 @@ static __maybe_unused void ucode_load_pr =20 static int ucode_load_cpus_stopped(void *unused) { - int cpu =3D smp_processor_id(); - enum ucode_state ret; - - /* - * Wait for all CPUs to arrive. A load will not be attempted unless all - * CPUs show up. - * */ - if (!wait_for_cpus(&late_cpus_in)) { - this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT); - return 0; - } - - /* - * On an SMT system, it suffices to load the microcode on one sibling of - * the core because the microcode engine is shared between the threads. - * Synchronization still needs to take place so that no concurrent - * loading attempts happen on multiple threads of an SMT core. See - * below. - */ - if (cpumask_first(topology_sibling_cpumask(cpu)) !=3D cpu) - goto wait_for_siblings; + unsigned int cpu =3D smp_processor_id(); =20 - ret =3D microcode_ops->apply_microcode(cpu); - this_cpu_write(ucode_ctrl.result, ret); - -wait_for_siblings: - if (!wait_for_cpus(&late_cpus_out)) - panic("Timeout during microcode update!\n"); - - /* - * At least one thread has completed update on each core. - * For others, simply call the update to make sure the - * per-cpu cpuinfo can be updated with right microcode - * revision. - */ - if (cpumask_first(topology_sibling_cpumask(cpu)) =3D=3D cpu) - return 0; + if (this_cpu_read(ucode_ctrl.ctrl_cpu) =3D=3D cpu) + ucode_load_primary(cpu); + else + ucode_load_secondary(cpu); =20 - ret =3D microcode_ops->apply_microcode(cpu); - this_cpu_write(ucode_ctrl.result, ret); + /* No point to wait here. The CPUs will all wait in stop_machine(). */ return 0; } =20 @@ -498,7 +466,6 @@ static int ucode_load_late_stop_cpus(voi pr_err("You should switch to early loading, if possible.\n"); =20 atomic_set(&late_cpus_in, num_online_cpus()); - atomic_set(&late_cpus_out, num_online_cpus()); =20 /* * Take a snapshot before the microcode update in order to compare and From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F089CA0ECA for ; Tue, 12 Sep 2023 08:00:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232440AbjILIAn (ORCPT ); Tue, 12 Sep 2023 04:00:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232238AbjILH7P (ORCPT ); Tue, 12 Sep 2023 03:59:15 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B35DA2711 for ; Tue, 12 Sep 2023 00:58:25 -0700 (PDT) Message-ID: <20230912065502.327149876@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505503; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=XQeEWe6WdR6oM1asQ2nr00uwr74uMZqlzfl8j1F3xiU=; b=41N+FOZmOtQlwvjGiX1RLxK0vHR1VCly6S/Zss2dkcbmTFMg9sdGEwh/TEuiuYxfR584XA OQ/JySfQN8sY9+ws0djE4+7LszmK+TaN5UMzcv9TyM6XLnwqbqSxxOqf3fqR6C76TRiCL2 eRq5FJMF4ymy5guSJs7dMeAjxxDWWvVoBq3WeTRxVC6zcLLLuyJZanuKoOn4PWOUwWyjt2 wX2NC9XK8S7S/1XszSCiHZvQOYi/RHVGzyYTmehnk+cbOdfpwm9Tca+jBN/1AGMXWr3/P9 0zHZ3ehJ9tdJUqnq+mKS3QqdgiBHg4VKbdpMjJE5UB/wR/EYwH4XNucThkypMg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505503; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=XQeEWe6WdR6oM1asQ2nr00uwr74uMZqlzfl8j1F3xiU=; b=LNbW5uPCaviP6ObvLuRLbPW0FvYw6tiWxSvBzo9G8WNN9YlKy3j5vGWb2jwN4g9tvgCcye 9OSFMWsCvDM+nCCg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 25/30] x86/microcode: Rendezvous and load in NMI References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:23 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner stop_machine() does not prevent the spin-waiting sibling from handling an NMI, which is obviously violating the whole concept of rendezvous. Implement a static branch right in the beginning of the NMI handler which is NOOPed except when enabled by the late loading mechanism. The later loader enables the static branch before stop_machine() is invoked. Each CPU has an nmi_enable in its control structure which indicates whether the CPU should go into the update routine. This is required to bridge the gap between enabling the branch and actually being at the point where it makes sense. Each CPU which arrives in the stopper thread function sets that flag and issues a self NMI right after that. If the NMI function sees the flag clear, it returns. If it's set it clears the flag and enters the rendezvous. This is safe against a real NMI which hits in between setting the flag and sending the NMI to itself. The real NMI will be swallowed by the microcode update and the self NMI will then let stuff continue. Otherwise this would end up with a spurious NMI. Signed-off-by: Thomas Gleixner --- arch/x86/include/asm/microcode.h | 12 ++++++++ arch/x86/kernel/cpu/microcode/core.c | 42 ++++++++++++++++++++++++++= ++--- arch/x86/kernel/cpu/microcode/intel.c | 1=20 arch/x86/kernel/cpu/microcode/internal.h | 3 +- arch/x86/kernel/nmi.c | 4 ++ 5 files changed, 57 insertions(+), 5 deletions(-) --- --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -70,4 +70,16 @@ static inline u32 intel_get_microcode_re } #endif /* !CONFIG_CPU_SUP_INTEL */ =20 +bool microcode_nmi_handler(void); + +#ifdef CONFIG_MICROCODE_LATE_LOADING +DECLARE_STATIC_KEY_FALSE(microcode_nmi_handler_enable); +static __always_inline bool microcode_nmi_handler_enabled(void) +{ + return static_branch_unlikely(µcode_nmi_handler_enable); +} +#else +static __always_inline bool microcode_nmi_handler_enabled(void) { return f= alse; } +#endif + #endif /* _ASM_X86_MICROCODE_H */ --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -31,6 +32,7 @@ #include #include =20 +#include #include #include #include @@ -312,8 +314,10 @@ struct ucode_ctrl { enum sibling_ctrl ctrl; enum ucode_state result; unsigned int ctrl_cpu; + bool nmi_enabled; }; =20 +DEFINE_STATIC_KEY_FALSE(microcode_nmi_handler_enable); static DEFINE_PER_CPU(struct ucode_ctrl, ucode_ctrl); static atomic_t late_cpus_in; =20 @@ -327,7 +331,8 @@ static bool wait_for_cpus(atomic_t *cnt) if (!atomic_read(cnt)) return true; udelay(1); - if (!(timeout % 1000)) + /* If invoked directly, tickle the NMI watchdog */ + if (!microcode_ops->use_nmi && !(timeout % 1000)) touch_nmi_watchdog(); } /* Prevent the late comers to make progress and let them time out */ @@ -343,7 +348,8 @@ static bool wait_for_ctrl(void) if (this_cpu_read(ucode_ctrl.ctrl) !=3D SCTRL_WAIT) return true; udelay(1); - if (!(timeout % 1000)) + /* If invoked directly, tickle the NMI watchdog */ + if (!microcode_ops->use_nmi && !(timeout % 1000)) touch_nmi_watchdog(); } return false; @@ -421,7 +427,7 @@ static void ucode_load_primary(unsigned } } =20 -static int ucode_load_cpus_stopped(void *unused) +static bool microcode_update_handler(void) { unsigned int cpu =3D smp_processor_id(); =20 @@ -430,7 +436,29 @@ static int ucode_load_cpus_stopped(void else ucode_load_secondary(cpu); =20 - /* No point to wait here. The CPUs will all wait in stop_machine(). */ + touch_nmi_watchdog(); + return true; +} + +bool microcode_nmi_handler(void) +{ + if (!this_cpu_read(ucode_ctrl.nmi_enabled)) + return false; + + this_cpu_write(ucode_ctrl.nmi_enabled, false); + return microcode_update_handler(); +} + +static int ucode_load_cpus_stopped(void *unused) +{ + if (microcode_ops->use_nmi) { + /* Enable the NMI handler and raise NMI */ + this_cpu_write(ucode_ctrl.nmi_enabled, true); + apic->send_IPI(smp_processor_id(), NMI_VECTOR); + } else { + /* Just invoke the handler directly */ + microcode_update_handler(); + } return 0; } =20 @@ -451,8 +479,14 @@ static int ucode_load_late_stop_cpus(voi */ store_cpu_caps(&prev_info); =20 + if (microcode_ops->use_nmi) + static_branch_enable_cpuslocked(µcode_nmi_handler_enable); + stop_machine_cpuslocked(ucode_load_cpus_stopped, NULL, cpu_online_mask); =20 + if (microcode_ops->use_nmi) + static_branch_disable_cpuslocked(µcode_nmi_handler_enable); + /* Analyze the results */ for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { switch (per_cpu(ucode_ctrl.result, cpu)) { --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -601,6 +601,7 @@ static struct microcode_ops microcode_in .collect_cpu_info =3D collect_cpu_info, .apply_microcode =3D apply_microcode_late, .finalize_late_load =3D finalize_late_load, + .use_nmi =3D IS_ENABLED(CONFIG_X86_64), }; =20 static __init void calc_llc_size_per_core(struct cpuinfo_x86 *c) --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -31,7 +31,8 @@ struct microcode_ops { enum ucode_state (*apply_microcode)(int cpu); int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); void (*finalize_late_load)(int result); - unsigned int nmi_safe : 1; + unsigned int nmi_safe : 1, + use_nmi : 1; }; =20 extern struct ucode_cpu_info ucode_cpu_info[]; --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c @@ -33,6 +33,7 @@ #include #include #include +#include #include =20 #define CREATE_TRACE_POINTS @@ -343,6 +344,9 @@ static noinstr void default_do_nmi(struc =20 instrumentation_begin(); =20 + if (microcode_nmi_handler_enabled() && microcode_nmi_handler()) + goto out; + handled =3D nmi_handle(NMI_LOCAL, regs); __this_cpu_add(nmi_stats.normal, handled); if (handled) { From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F83FCA0EC3 for ; Tue, 12 Sep 2023 08:00:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232180AbjILIAx (ORCPT ); Tue, 12 Sep 2023 04:00:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232280AbjILH7V (ORCPT ); Tue, 12 Sep 2023 03:59:21 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 505072728 for ; Tue, 12 Sep 2023 00:58:26 -0700 (PDT) Message-ID: <20230912065502.386652173@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=AUqgutA67pCMFlyFQkQb2NLp+uq+lsysGvpYhmGpJnk=; b=vVvNjb6DoESiSCvmGTjtbFzfa6DPy3PuxgW5gY3N6BWwzUWem/iicInu5LX0u55WVg8O1i M/GEc+8CWdLVi0P5WIvTsbFyglGRMwQr9l6Qs9iGuXuq231vJ2UKY0YWJsYTjOFjqx3K9B L8rk331Lhgl9Q0U8OF3e6E2YaqzmNTiv3PuKV88Vv4yizG2fxfK62JGU0BNUubYBeGewug M5xUj3vTDQfuUUC0X4k+DzXp4T9PV2o8PEY5T+/1SczxUe8KCNIaAzLKZb1Y6w5YXUCcd2 DV7o6IR88qpicxCLjSrIJ+Jg0gpPR6WTP7lIlf4lbtSl9dnApReBbaWh+R2/EA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=AUqgutA67pCMFlyFQkQb2NLp+uq+lsysGvpYhmGpJnk=; b=IUFdw3vcZ8X+udEbRs8UFEK1ZPGNlLrfelZKhY1ovRGKza23og2UjRohm8QF+PU2gevEGH rvofICT3kLdzp2CA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 26/30] x86/microcode: Protect against instrumentation References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:24 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner The wait for control loop in which the siblings are waiting for the microcode update on the primary thread must be protected against instrumentation as instrumentation can end up in #INT3, #DB or #PF, which then returns with IRET. That IRET reenables NMI which is the opposite of what the NMI rendezvouz is trying to achieve. Signed-off-by: Thomas Gleixner --- arch/x86/kernel/cpu/microcode/core.c | 112 ++++++++++++++++++++++++++----= ----- 1 file changed, 84 insertions(+), 28 deletions(-) --- --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -319,53 +319,65 @@ struct ucode_ctrl { =20 DEFINE_STATIC_KEY_FALSE(microcode_nmi_handler_enable); static DEFINE_PER_CPU(struct ucode_ctrl, ucode_ctrl); +static unsigned int loops_per_usec; static atomic_t late_cpus_in; =20 -static bool wait_for_cpus(atomic_t *cnt) +static noinstr bool wait_for_cpus(atomic_t *cnt) { - unsigned int timeout; + unsigned int timeout, loops; =20 - WARN_ON_ONCE(atomic_dec_return(cnt) < 0); + WARN_ON_ONCE(raw_atomic_dec_return(cnt) < 0); =20 for (timeout =3D 0; timeout < USEC_PER_SEC; timeout++) { - if (!atomic_read(cnt)) + if (!raw_atomic_read(cnt)) return true; - udelay(1); + + for (loops =3D 0; loops < loops_per_usec; loops++) + cpu_relax(); + /* If invoked directly, tickle the NMI watchdog */ - if (!microcode_ops->use_nmi && !(timeout % 1000)) + if (!microcode_ops->use_nmi && !(timeout % 1000)) { + instrumentation_begin(); touch_nmi_watchdog(); + instrumentation_end(); + } } /* Prevent the late comers to make progress and let them time out */ - atomic_inc(cnt); + raw_atomic_inc(cnt); return false; } =20 -static bool wait_for_ctrl(void) +static noinstr bool wait_for_ctrl(void) { - unsigned int timeout; + unsigned int timeout, loops; =20 for (timeout =3D 0; timeout < USEC_PER_SEC; timeout++) { - if (this_cpu_read(ucode_ctrl.ctrl) !=3D SCTRL_WAIT) + if (raw_cpu_read(ucode_ctrl.ctrl) !=3D SCTRL_WAIT) return true; - udelay(1); + + for (loops =3D 0; loops < loops_per_usec; loops++) + cpu_relax(); + /* If invoked directly, tickle the NMI watchdog */ - if (!microcode_ops->use_nmi && !(timeout % 1000)) + if (!microcode_ops->use_nmi && !(timeout % 1000)) { + instrumentation_begin(); touch_nmi_watchdog(); + instrumentation_end(); + } } return false; } =20 -static void ucode_load_secondary(unsigned int cpu) +/* + * Protected against instrumentation up to the point where the primary + * thread completed the update. See microcode_nmi_handler() for details. + */ +static noinstr bool ucode_load_secondary_wait(unsigned int ctrl_cpu) { - unsigned int ctrl_cpu =3D this_cpu_read(ucode_ctrl.ctrl_cpu); - enum ucode_state ret; - /* Initial rendevouz to ensure that all CPUs have arrived */ if (!wait_for_cpus(&late_cpus_in)) { - pr_err_once("Microcode load: %d CPUs timed out\n", - atomic_read(&late_cpus_in) - 1); this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT); - return; + return false; } =20 /* @@ -375,9 +387,33 @@ static void ucode_load_secondary(unsigne * scheduler, watchdogs etc. There is no way to safely evacuate the * machine. */ - if (!wait_for_ctrl()) - panic("Microcode load: Primary CPU %d timed out\n", ctrl_cpu); + if (wait_for_ctrl()) + return true; + + instrumentation_begin(); + panic("Microcode load: Primary CPU %d timed out\n", ctrl_cpu); + instrumentation_end(); +} =20 +/* + * Protected against instrumentation up to the point where the primary + * thread completed the update. See microcode_nmi_handler() for details. + */ +static noinstr void ucode_load_secondary(unsigned int cpu) +{ + unsigned int ctrl_cpu =3D raw_cpu_read(ucode_ctrl.ctrl_cpu); + enum ucode_state ret; + + if (!ucode_load_secondary_wait(ctrl_cpu)) { + instrumentation_begin(); + pr_err_once("Microcode load: %d CPUs timed out\n", + atomic_read(&late_cpus_in) - 1); + instrumentation_end(); + return; + } + + /* Primary thread completed. Allow to invoke instrumentable code */ + instrumentation_begin(); /* * If the primary succeeded then invoke the apply() callback, * otherwise copy the state from the primary thread. @@ -389,6 +425,7 @@ static void ucode_load_secondary(unsigne =20 this_cpu_write(ucode_ctrl.result, ret); this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE); + instrumentation_end(); } =20 static void ucode_load_primary(unsigned int cpu) @@ -427,25 +464,43 @@ static void ucode_load_primary(unsigned } } =20 -static bool microcode_update_handler(void) +static noinstr bool microcode_update_handler(void) { - unsigned int cpu =3D smp_processor_id(); + unsigned int cpu =3D raw_smp_processor_id(); =20 - if (this_cpu_read(ucode_ctrl.ctrl_cpu) =3D=3D cpu) + if (raw_cpu_read(ucode_ctrl.ctrl_cpu) =3D=3D cpu) { + instrumentation_begin(); ucode_load_primary(cpu); - else + instrumentation_end(); + } else { ucode_load_secondary(cpu); + } =20 + instrumentation_begin(); touch_nmi_watchdog(); + instrumentation_end(); + return true; } =20 -bool microcode_nmi_handler(void) +/* + * Protection against instrumentation is required for CPUs which are not + * safe against an NMI which is delivered to the secondary SMT sibling + * while the primary thread updates the microcode. Instrumentation can end + * up in #INT3, #DB and #PF. The IRET from those exceptions reenables NMI + * which is the opposite of what the NMI rendevouz is trying to achieve. + * + * The primary thread is safe versus instrumentation as the actual + * microcode update handles this correctly. It's only the sibling code + * path which must be NMI safe until the primary thread completed the + * update. + */ +bool noinstr microcode_nmi_handler(void) { - if (!this_cpu_read(ucode_ctrl.nmi_enabled)) + if (!raw_cpu_read(ucode_ctrl.nmi_enabled)) return false; =20 - this_cpu_write(ucode_ctrl.nmi_enabled, false); + raw_cpu_write(ucode_ctrl.nmi_enabled, false); return microcode_update_handler(); } =20 @@ -472,6 +527,7 @@ static int ucode_load_late_stop_cpus(voi pr_err("You should switch to early loading, if possible.\n"); =20 atomic_set(&late_cpus_in, num_online_cpus()); + loops_per_usec =3D loops_per_jiffy / (TICK_NSEC / 1000); =20 /* * Take a snapshot before the microcode update in order to compare and From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F02D6CA0ECA for ; Tue, 12 Sep 2023 08:01:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231873AbjILIBG (ORCPT ); Tue, 12 Sep 2023 04:01:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232209AbjILH7k (ORCPT ); Tue, 12 Sep 2023 03:59:40 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E9972735 for ; Tue, 12 Sep 2023 00:58:28 -0700 (PDT) Message-ID: <20230912065502.447323060@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=5EsTuHLRMt+mh9/+wwjfJDEI240zRMwQu4qtcC7nL1o=; b=JIweMxVumgLN2Jb9TYNX4i6lx3NVqn5j9hplEau6xHGzTKkg+WFNcyVH895L1WO9Gr/1+i icl8vj10fqY31MV0CjcfTOE5k360HfwWOtLcB/NWFttcWmEEfxfOnU041zsrlWql2DC0ix Y8GXH/+U02p7fCXbNWXOiWyqCw22faG2CTXLfz8Diw9xLeyXGeKwq1xrYgDQMTy4LzeR0S tDLVlAOsDRn/8COgxxpX/xySnZZ4N6MXzMKzirgZSm5kwA7kuaXDZYeY2J6GeuUpD2D+6A 7b0cW/oofG4xVoTcbKidHjxIuPXOSR46dEl8JS77wT1MsVsC103GtuOgBWBPYg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=5EsTuHLRMt+mh9/+wwjfJDEI240zRMwQu4qtcC7nL1o=; b=onPRJkE8jmhAVCNUauItBBIxPd3hEt/0KKcvmTt+3Fd5TSeUNrP5uxkLpaQhwhK5kqGQeU MOohhjhtM2pfGlBg== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 27/30] x86/apic: Provide apic_force_nmi_on_cpu() References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:26 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner When SMT siblings are soft-offlined and parked in one of the play_dead() variants they still react on NMI, which is problematic on affected Intel CPUs. The default play_dead() variant uses MWAIT on modern CPUs, which is not guaranteed to be safe when updated concurrently. Right now late loading is prevented when not all SMT siblings are online, but as they still react on NMI, it is possible to bring them out of their park position into a trivial rendevouz handler. Provide a function which allows to do that. I does sanity checks whether the target is in the cpus_booted_once_mask and whether the APIC driver supports it. Mark X2APIC and XAPIC as capable, but exclude 32bit and the UV and NUMACHIP variants as that needs feedback from the relevant experts. Signed-off-by: Thomas Gleixner --- arch/x86/include/asm/apic.h | 5 ++++- arch/x86/kernel/apic/apic_flat_64.c | 2 ++ arch/x86/kernel/apic/ipi.c | 8 ++++++++ arch/x86/kernel/apic/x2apic_cluster.c | 1 + arch/x86/kernel/apic/x2apic_phys.c | 1 + 5 files changed, 16 insertions(+), 1 deletion(-) --- --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -276,7 +276,8 @@ struct apic { =20 u32 disable_esr : 1, dest_mode_logical : 1, - x2apic_set_max_apicid : 1; + x2apic_set_max_apicid : 1, + nmi_to_offline_cpu : 1; =20 u32 (*calc_dest_apicid)(unsigned int cpu); =20 @@ -542,6 +543,8 @@ extern bool default_check_apicid_used(ph extern void default_ioapic_phys_id_map(physid_mask_t *phys_map, physid_mas= k_t *retmap); extern int default_cpu_present_to_apicid(int mps_cpu); =20 +void apic_send_nmi_to_offline_cpu(unsigned int cpu); + #else /* CONFIG_X86_LOCAL_APIC */ =20 static inline unsigned int read_apic_id(void) { return 0; } --- a/arch/x86/kernel/apic/apic_flat_64.c +++ b/arch/x86/kernel/apic/apic_flat_64.c @@ -103,6 +103,7 @@ static struct apic apic_flat __ro_after_ .send_IPI_allbutself =3D default_send_IPI_allbutself, .send_IPI_all =3D default_send_IPI_all, .send_IPI_self =3D default_send_IPI_self, + .nmi_to_offline_cpu =3D true, =20 .read =3D native_apic_mem_read, .write =3D native_apic_mem_write, @@ -175,6 +176,7 @@ static struct apic apic_physflat __ro_af .send_IPI_allbutself =3D default_send_IPI_allbutself, .send_IPI_all =3D default_send_IPI_all, .send_IPI_self =3D default_send_IPI_self, + .nmi_to_offline_cpu =3D true, =20 .read =3D native_apic_mem_read, .write =3D native_apic_mem_write, --- a/arch/x86/kernel/apic/ipi.c +++ b/arch/x86/kernel/apic/ipi.c @@ -97,6 +97,14 @@ void native_send_call_func_ipi(const str __apic_send_IPI_mask(mask, CALL_FUNCTION_VECTOR); } =20 +void apic_send_nmi_to_offline_cpu(unsigned int cpu) +{ + if (WARN_ON_ONCE(!apic->nmi_to_offline_cpu)) + return; + if (WARN_ON_ONCE(!cpumask_test_cpu(cpu, &cpus_booted_once_mask))) + return; + apic->send_IPI(cpu, NMI_VECTOR); +} #endif /* CONFIG_SMP */ =20 static inline int __prepare_ICR2(unsigned int mask) --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c @@ -251,6 +251,7 @@ static struct apic apic_x2apic_cluster _ .send_IPI_allbutself =3D x2apic_send_IPI_allbutself, .send_IPI_all =3D x2apic_send_IPI_all, .send_IPI_self =3D x2apic_send_IPI_self, + .nmi_to_offline_cpu =3D true, =20 .read =3D native_apic_msr_read, .write =3D native_apic_msr_write, --- a/arch/x86/kernel/apic/x2apic_phys.c +++ b/arch/x86/kernel/apic/x2apic_phys.c @@ -166,6 +166,7 @@ static struct apic apic_x2apic_phys __ro .send_IPI_allbutself =3D x2apic_send_IPI_allbutself, .send_IPI_all =3D x2apic_send_IPI_all, .send_IPI_self =3D x2apic_send_IPI_self, + .nmi_to_offline_cpu =3D true, =20 .read =3D native_apic_msr_read, .write =3D native_apic_msr_write, From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBB6ECA0ECA for ; Tue, 12 Sep 2023 08:01:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232455AbjILIBK (ORCPT ); Tue, 12 Sep 2023 04:01:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232319AbjILH7z (ORCPT ); Tue, 12 Sep 2023 03:59:55 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90D762D4C for ; Tue, 12 Sep 2023 00:58:30 -0700 (PDT) Message-ID: <20230912065502.507838060@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=M0PdCWTDbxqvJEjnQT+Zz1AFGlSL0PoJj3xhmsUVjSU=; b=WJFNhXURunT+UUAt0yLxmQJYOM9x7pobFvhwAsGCYnxu1NtcAYYPy136l0anxbcST+2uGD dFhI+2o9Rd5WtByPHl4zHPkIlizrt18BCHsueMwrHHBVsK5ys10C25PbOFb29Qa/23m6dA 3GGQQy2rEHubTdYuKjkMTdOj4+3Qhy0slm18eG2C0hVeKTS/TGZTNDk98OvRhmu7RZe3Wh u/vLdb5QMCji8nn6iO4YFvHwfvhenCdrday43dUYkRkCqnbDQkO+iDDF5AhXhlitXHv4YW gMryfPe+wNz7j9MY2S0N9tKVOuPc4GicGEBhZRzPp0fsGZwnTuBfC7z8+ktJlg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505508; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=M0PdCWTDbxqvJEjnQT+Zz1AFGlSL0PoJj3xhmsUVjSU=; b=qkm8ylO36PDb1/S3GKM+jtPlcSRQCQ6iGq10TaOtVE0DDRHX9WB2UhPfJDyxVifxdM3nLP OqssZpdfx96u1rDQ== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 28/30] x86/microcode: Handle "offline" CPUs correctly References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:28 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner Offline CPUs need to be parked in a safe loop when microcode update is in progress on the primary CPU. Currently offline CPUs are parked in 'mwait_play_dead()', and for Intel CPUs, its not a safe instruction, because 'mwait' instruction can be patched in the new microcode update that can cause instability. - Adds a new microcode state 'UCODE_OFFLINE' to report status on per-cpu basis. - Force NMI on the offline CPUs. Wakeup offline CPUs while the update is in progress and then return them back to 'mwait_play_dead()' after microcode update is complete. Signed-off-by: Thomas Gleixner --- arch/x86/include/asm/microcode.h | 1=20 arch/x86/kernel/cpu/microcode/core.c | 112 ++++++++++++++++++++++++++= +++-- arch/x86/kernel/cpu/microcode/internal.h | 1=20 arch/x86/kernel/nmi.c | 5 + 4 files changed, 113 insertions(+), 6 deletions(-) --- --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -71,6 +71,7 @@ static inline u32 intel_get_microcode_re #endif /* !CONFIG_CPU_SUP_INTEL */ =20 bool microcode_nmi_handler(void); +void microcode_offline_nmi_handler(void); =20 #ifdef CONFIG_MICROCODE_LATE_LOADING DECLARE_STATIC_KEY_FALSE(microcode_nmi_handler_enable); --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -298,8 +298,9 @@ struct ucode_ctrl { =20 DEFINE_STATIC_KEY_FALSE(microcode_nmi_handler_enable); static DEFINE_PER_CPU(struct ucode_ctrl, ucode_ctrl); +static atomic_t late_cpus_in, offline_in_nmi; static unsigned int loops_per_usec; -static atomic_t late_cpus_in; +static cpumask_t cpu_offline_mask; =20 static noinstr bool wait_for_cpus(atomic_t *cnt) { @@ -407,7 +408,7 @@ static noinstr void ucode_load_secondary instrumentation_end(); } =20 -static void ucode_load_primary(unsigned int cpu) +static void __ucode_load_primary(unsigned int cpu) { struct cpumask *secondaries =3D topology_sibling_cpumask(cpu); enum sibling_ctrl ctrl; @@ -443,6 +444,67 @@ static void ucode_load_primary(unsigned } } =20 +static bool ucode_kick_offline_cpus(unsigned int nr_offl) +{ + unsigned int cpu, timeout; + + for_each_cpu(cpu, &cpu_offline_mask) { + /* Enable the rendevouz handler and send NMI */ + per_cpu(ucode_ctrl.nmi_enabled, cpu) =3D true; + apic_send_nmi_to_offline_cpu(cpu); + } + + /* Wait for them to arrive */ + for (timeout =3D 0; timeout < (USEC_PER_SEC / 2); timeout++) { + if (atomic_read(&offline_in_nmi) =3D=3D nr_offl) + return true; + udelay(1); + } + /* Let the others time out */ + return false; +} + +static void ucode_release_offline_cpus(void) +{ + unsigned int cpu; + + for_each_cpu(cpu, &cpu_offline_mask) + per_cpu(ucode_ctrl.ctrl, cpu) =3D SCTRL_DONE; +} + +static void ucode_load_primary(unsigned int cpu) +{ + unsigned int nr_offl =3D cpumask_weight(&cpu_offline_mask); + bool proceed =3D true; + + /* Kick soft-offlined SMT siblings if required */ + if (!cpu && nr_offl) + proceed =3D ucode_kick_offline_cpus(nr_offl); + + /* If the soft-offlined CPUs did not respond, abort */ + if (proceed) + __ucode_load_primary(cpu); + + /* Unconditionally release soft-offlined SMT siblings if required */ + if (!cpu && nr_offl) + ucode_release_offline_cpus(); +} + +/* + * Minimal stub rendevouz handler for soft-offlined CPUs which participate + * in the NMI rendevouz to protect against a concurrent NMI on affected + * CPUs. + */ +void noinstr microcode_offline_nmi_handler(void) +{ + if (!raw_cpu_read(ucode_ctrl.nmi_enabled)) + return; + raw_cpu_write(ucode_ctrl.nmi_enabled, false); + raw_cpu_write(ucode_ctrl.result, UCODE_OFFLINE); + raw_atomic_inc(&offline_in_nmi); + wait_for_ctrl(); +} + static noinstr bool microcode_update_handler(void) { unsigned int cpu =3D raw_smp_processor_id(); @@ -499,6 +561,7 @@ static int ucode_load_cpus_stopped(void static int ucode_load_late_stop_cpus(void) { unsigned int cpu, updated =3D 0, failed =3D 0, timedout =3D 0, siblings = =3D 0; + unsigned int nr_offl, offline =3D 0; int old_rev =3D boot_cpu_data.microcode; struct cpuinfo_x86 prev_info; =20 @@ -506,6 +569,7 @@ static int ucode_load_late_stop_cpus(voi pr_err("You should switch to early loading, if possible.\n"); =20 atomic_set(&late_cpus_in, num_online_cpus()); + atomic_set(&offline_in_nmi, 0); loops_per_usec =3D loops_per_jiffy / (TICK_NSEC / 1000); =20 /* @@ -528,6 +592,7 @@ static int ucode_load_late_stop_cpus(voi case UCODE_UPDATED: updated++; break; case UCODE_TIMEOUT: timedout++; break; case UCODE_OK: siblings++; break; + case UCODE_OFFLINE: offline++; break; default: failed++; break; } } @@ -539,6 +604,13 @@ static int ucode_load_late_stop_cpus(voi /* Nothing changed. */ if (!failed && !timedout) return 0; + + nr_offl =3D cpumask_weight(&cpu_offline_mask); + if (offline < nr_offl) { + pr_warn("%u offline siblings did not respond.\n", + nr_offl - atomic_read(&offline_in_nmi)); + return -EIO; + } pr_err("Microcode update failed: %u CPUs failed %u CPUs timed out\n", failed, timedout); return -EIO; @@ -572,19 +644,49 @@ static int ucode_load_late_stop_cpus(voi * modern CPUs is using MWAIT, which is also not guaranteed to be safe * against a microcode update which affects MWAIT. * - * 2) Initialize the per CPU control structure + * As soft-offlined CPUs still react on NMIs, the SMT sibling + * restriction can be lifted when the vendor driver signals to use NMI + * for rendevouz and the APIC provides a mechanism to send an NMI to a + * soft-offlined CPU. The soft-offlined CPUs are then able to + * participate in the rendezvouz in a trivial stub handler. + * + * 2) Initialize the per CPU control structure and create a cpumask + * which contains "offline"; secondary threads, so they can be handled + * correctly by a control CPU. */ static bool ucode_setup_cpus(void) { struct ucode_ctrl ctrl =3D { .ctrl =3D SCTRL_WAIT, .result =3D -1, }; + bool allow_smt_offline; unsigned int cpu; =20 + allow_smt_offline =3D microcode_ops->nmi_safe || + (microcode_ops->use_nmi && apic->nmi_to_offline_cpu); + + cpumask_clear(&cpu_offline_mask); + for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { + /* + * Offline CPUs sit in one of the play_dead() functions + * with interrupts disabled, but they still react on NMIs + * and execute arbitrary code. Also MWAIT being updated + * while the offline CPU sits there is not necessarily safe + * on all CPU variants. + * + * Mark them in the offline_cpus mask which will be handled + * by CPU0 later in the update process. + * + * Ensure that the primary thread is online so that it is + * guaranteed that all cores are updated. + */ if (!cpu_online(cpu)) { - if (topology_is_primary_thread(cpu) || !microcode_ops->nmi_safe) { - pr_err("CPU %u not online\n", cpu); + if (topology_is_primary_thread(cpu) || !allow_smt_offline) { + pr_err("CPU %u not online, loading aborted\n", cpu); return false; } + cpumask_set_cpu(cpu, &cpu_offline_mask); + per_cpu(ucode_ctrl, cpu) =3D ctrl; + continue; } =20 /* --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -17,6 +17,7 @@ enum ucode_state { UCODE_NFOUND, UCODE_ERROR, UCODE_TIMEOUT, + UCODE_OFFLINE, }; =20 struct microcode_ops { --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c @@ -502,8 +502,11 @@ DEFINE_IDTENTRY_RAW(exc_nmi) if (IS_ENABLED(CONFIG_NMI_CHECK_CPU)) raw_atomic_long_inc(&nsp->idt_calls); =20 - if (IS_ENABLED(CONFIG_SMP) && arch_cpu_is_offline(smp_processor_id())) + if (IS_ENABLED(CONFIG_SMP) && arch_cpu_is_offline(smp_processor_id())) { + if (microcode_nmi_handler_enabled()) + microcode_offline_nmi_handler(); return; + } =20 if (this_cpu_read(nmi_state) !=3D NMI_NOT_RUNNING) { this_cpu_write(nmi_state, NMI_LATCHED); From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9053CA0EC3 for ; Tue, 12 Sep 2023 08:01:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232083AbjILIBj (ORCPT ); Tue, 12 Sep 2023 04:01:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231876AbjILIAG (ORCPT ); Tue, 12 Sep 2023 04:00:06 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20EC52D58 for ; Tue, 12 Sep 2023 00:58:32 -0700 (PDT) Message-ID: <20230912065502.568284573@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505510; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=VdESLJN1UDe6KHq+3VNdkhAeyWMXP2vTFS4VMSOD8jo=; b=YaLzRKQK8+LTZpmgX3paV0GM/G1hHhtrG9N3KG8YaaNQs2KNWHVQE+0wEvHkfIi8lsAIEt x5Np+s61VMdQ5TxNy2GoqmWXM+lhEFTOKnID5KvJvHDLIVoH4SP9pXeXJl0nrAwjSWKpO+ cLjt8FU1BqcouG9gA5P5mxh7ofubs3JJ+sSVcLoLduyoCfEpPT7iXbyfgqG/tvChRy2TSS OtS4uxcz76tvaisuCHtMYFqM8PN6i9dWMvVpAtl57CWIj16PbZKHT0j8g5HwVGPNVH4krF 2QZVCYZRPykScAoZTHKk/MjjJbD00/5Qs7mjynKO3OUSY84+Sv6lALwYnrQxcQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505510; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=VdESLJN1UDe6KHq+3VNdkhAeyWMXP2vTFS4VMSOD8jo=; b=Cosagv9a1arZfw8X5ur0v7Q3gMaEvrlXcCDIrn4psoiXiQrJ+Z9CGOOJ+CZhZnEB4WKfzv 0SW5s+hrTDgba4Bw== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov Subject: [patch V3 29/30] x86/microcode: Prepare for minimal revision check References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:30 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner Applying microcode late can be fatal for the running kernel when the update changes functionality which is in use already in a non-compatible way, e.g. by removing a CPUID bit. There is no way for admins which do not have access to the vendors deep technical support to decide whether late loading of such a microcode is safe or not. Intel has added a new field to the microcode header which tells the minimal microcode revision which is required to be active in the CPU in order to be safe. Provide infrastructure for handling this in the core code and a command line switch which allows to enforce it. If the update is considered safe the kernel is not tainted and the annoying warning message not emitted. If it's enforced and the currently loaded microcode revision is not safe for late loading then the load is aborted. Signed-off-by: Thomas Gleixner --- Documentation/admin-guide/kernel-parameters.txt | 5 ++++ arch/x86/Kconfig | 23 ++++++++++++++++++- arch/x86/kernel/cpu/microcode/amd.c | 3 ++ arch/x86/kernel/cpu/microcode/core.c | 29 ++++++++++++++++++-= ----- arch/x86/kernel/cpu/microcode/intel.c | 3 ++ arch/x86/kernel/cpu/microcode/internal.h | 3 ++ 6 files changed, 58 insertions(+), 8 deletions(-) --- --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3275,6 +3275,11 @@ =20 mga=3D [HW,DRM] =20 + microcode.force_minrev=3D [X86] + Format: + Enable or disable the microcode minimal revision + enforcement for the runtime microcode loader. + min_addr=3Dnn[KMG] [KNL,BOOT,IA-64] All physical memory below this physical address is ignored. =20 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1322,7 +1322,28 @@ config MICROCODE_LATE_LOADING is a tricky business and should be avoided if possible. Just the sequen= ce of synchronizing all cores and SMT threads is one fragile dance which d= oes not guarantee that cores might not softlock after the loading. Therefor= e, - use this at your own risk. Late loading taints the kernel too. + use this at your own risk. Late loading taints the kernel unless the + microcode header indicates that it is safe for late loading via the + minimal revision check. This minimal revision check can be enforced on + the kernel command line with "microcode.minrev=3DY". + +config MICROCODE_LATE_FORCE_MINREV + bool "Enforce late microcode loading minimal revision check" + default n + depends on MICROCODE_LATE_LOADING + help + To prevent that users load microcode late which modifies already + in use features, newer microcodes have a minimum revision field + in the microcode header, which tells the kernel which minimum + revision must be active in the CPU to safely load that new microcode + late into the running system. If disabled the check will not + be enforced but the kernel will be tainted when the minimal + revision check fails. + + This minimal revision check can also be controlled via the + "microcode.minrev" parameter on the kernel command line. + + If unsure say Y. =20 config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -900,6 +900,9 @@ static enum ucode_state request_microcod enum ucode_state ret =3D UCODE_NFOUND; const struct firmware *fw; =20 + if (force_minrev) + return UCODE_NFOUND; + if (c->x86 >=3D 0x15) snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin= ", c->x86); =20 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -46,6 +46,9 @@ static struct microcode_ops *microcode_ops; static bool dis_ucode_ldr =3D true; =20 +bool force_minrev =3D IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV); +module_param(force_minrev, bool, S_IRUSR | S_IWUSR); + bool initrd_gone; =20 /* @@ -558,15 +561,17 @@ static int ucode_load_cpus_stopped(void return 0; } =20 -static int ucode_load_late_stop_cpus(void) +static int ucode_load_late_stop_cpus(bool is_safe) { unsigned int cpu, updated =3D 0, failed =3D 0, timedout =3D 0, siblings = =3D 0; unsigned int nr_offl, offline =3D 0; int old_rev =3D boot_cpu_data.microcode; struct cpuinfo_x86 prev_info; =20 - pr_err("Attempting late microcode loading - it is dangerous and taints th= e kernel.\n"); - pr_err("You should switch to early loading, if possible.\n"); + if (!is_safe) { + pr_err("Late microcode loading without minimal revision check.\n"); + pr_err("You should switch to early loading, if possible.\n"); + } =20 atomic_set(&late_cpus_in, num_online_cpus()); atomic_set(&offline_in_nmi, 0); @@ -616,7 +621,9 @@ static int ucode_load_late_stop_cpus(voi return -EIO; } =20 - add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + if (!is_safe || failed || timedout) + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + pr_info("Microcode load: updated on %u primary CPUs with %u siblings\n", = updated, siblings); if (failed || timedout) { pr_err("Microcode load incomplete. %u CPUs timed out or failed\n", @@ -710,9 +717,17 @@ static int ucode_load_late_locked(void) return -EBUSY; =20 ret =3D microcode_ops->request_microcode_fw(0, µcode_pdev->dev); - if (ret !=3D UCODE_NEW) - return ret =3D=3D UCODE_NFOUND ? -ENOENT : -EBADFD; - return ucode_load_late_stop_cpus(); + + switch (ret) { + case UCODE_NEW: + case UCODE_NEW_SAFE: + break; + case UCODE_NFOUND: + return -ENOENT; + default: + return -EBADFD; + } + return ucode_load_late_stop_cpus(ret =3D=3D UCODE_NEW_SAFE); } =20 static ssize_t reload_store(struct device *dev, --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -470,6 +470,9 @@ static enum ucode_state read_ucode_intel unsigned int curr_mc_size =3D 0; u8 *new_mc =3D NULL, *mc =3D NULL; =20 + if (force_minrev) + return UCODE_NFOUND; + while (iov_iter_count(iter)) { struct microcode_header_intel mc_header; unsigned int mc_size, data_size; --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -13,6 +13,7 @@ struct device; enum ucode_state { UCODE_OK =3D 0, UCODE_NEW, + UCODE_NEW_SAFE, UCODE_UPDATED, UCODE_NFOUND, UCODE_ERROR, @@ -36,6 +37,8 @@ struct microcode_ops { use_nmi : 1; }; =20 +extern bool force_minrev; + extern struct ucode_cpu_info ucode_cpu_info[]; struct cpio_data find_microcode_in_initrd(const char *path); From nobody Thu Dec 18 20:15:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FF4DCA0EC3 for ; Tue, 12 Sep 2023 08:01:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232144AbjILIBo (ORCPT ); Tue, 12 Sep 2023 04:01:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232176AbjILIAX (ORCPT ); Tue, 12 Sep 2023 04:00:23 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 873C62D5F for ; Tue, 12 Sep 2023 00:58:33 -0700 (PDT) Message-ID: <20230912065502.631634574@linutronix.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1694505512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=wqtyBr0f+DByo/zgMoM7oUe4I3Cn1ru+tCLK7XgMuJ0=; b=SrGwwF6+u+lo69AJGhecm1RM+RQhIyd+dUpFL09tQZTcb/y+xqbDxUY8x4B4er/x4Dod7m /0hKATF5R+fHLtvWNQGsLSeGqNR7Pi68sizjhOoTXrkhfElkJkG3PcBfAB2bk6DkNAGEse K5qVdRw30oZ/RWAnA1BbUaDluS/m8soROZas5OlQW7kuh1iMAkaLYBIMjkjvjzRQtsm0es VUUzv+7/eOat+CfzaWnDkm0t61b6oPW249WXZCoDjHjXV8TTkF074dxblefNHa9PIIRCRM 47/CzMWDsbiKg9DG8TPDLtNQMJd5A2djfBtk3UM5wO22MYEJx+MDNmb5IKKADA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1694505512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: references:references; bh=wqtyBr0f+DByo/zgMoM7oUe4I3Cn1ru+tCLK7XgMuJ0=; b=8GNJ3IE+gdmxufx9Yv2Bcb1HvLlevctl7bxX99Z7nB/YvjEK4c7sufulmHrUFG0AXI7nx4 9h3LwGAq0ezMTlAA== From: Thomas Gleixner To: LKML Cc: x86@kernel.org, Borislav Petkov , "Chang S. Bae" , Arjan van de Ven , Nikolay Borisov , Ashok Raj Subject: [patch V3 30/30] x86/microcode/intel: Add a minimum required revision for late-loads References: <20230912065249.695681286@linutronix.de> MIME-Version: 1.0 Date: Tue, 12 Sep 2023 09:58:31 +0200 (CEST) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashok Raj In general users don't have the necessary information to determine whether late loading of a new microcode version is safe and does not modify anything which the currently running kernel uses already, e.g. removal of CPUID bits or behavioural changes of MSRs. To address this issue, Intel has added a "minimum required version" field to a previously reserved field in the microcode header. Microcode updates should only be applied if the current microcode version is equal to, or greater than this minimum required version. Thomas made some suggestions on how meta-data in the microcode file could provide Linux with information to decide if the new microcode is suitable candidate for late loading. But even the "simpler" option requires a lot of metadata and corresponding kernel code to parse it, so the final suggestion was to add the 'minimum required version' field in the header. When microcode changes visible features, microcode will set the minimum required version to its own revision which prevents late loading. Old microcode blobs have the minimum revision field always set to 0, which indicates that there is no information and the kernel considers it as unsafe. This is a pure OS software mechanism. The hardware/firmware ignores this header field. For early loading there is no restriction because OS visible features are enumerated after the early load and therefor a change has no effect. The check is always enabled, but by default not enforced. It can be enforced via Kconfig or kernel command line. If enforced, the kernel refuses to late load microcode with a minium required version field which is zero or when the currently loaded microcode revision is smaller than the minimum required revision. If not enforced the load happens independent of the revision check to stay compatible with the existing behaviour, but it influences the decision whether the kernel is tainted or not. If the check signals that the late load is safe, then the kernel is not tainted. Early loading is not affected by this. [ tglx: Massaged changelog and fixed up the implementation ] Suggested-by: Thomas Gleixner Signed-off-by: Ashok Raj Signed-off-by: Thomas Gleixner --- arch/x86/include/asm/microcode.h | 3 +- arch/x86/kernel/cpu/microcode/intel.c | 37 +++++++++++++++++++++++++++++= +---- 2 files changed, 35 insertions(+), 5 deletions(-) --- --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -36,7 +36,8 @@ struct microcode_header_intel { unsigned int datasize; unsigned int totalsize; unsigned int metasize; - unsigned int reserved[2]; + unsigned int min_req_ver; + unsigned int reserved; }; =20 struct microcode_intel { --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -463,16 +463,40 @@ static enum ucode_state apply_microcode_ return ret; } =20 +static bool ucode_validate_minrev(struct microcode_header_intel *mc_header) +{ + int cur_rev =3D boot_cpu_data.microcode; + + /* + * When late-loading, ensure the header declares a minimum revision + * required to perform a late-load. The previously reserved field + * is 0 in older microcode blobs. + */ + if (!mc_header->min_req_ver) { + pr_info("Unsafe microcode update: Microcode header does not specify a re= quired min version\n"); + return false; + } + + /* + * Check whether the minimum revision specified in the header is either + * greater or equal to the current revision. + */ + if (cur_rev < mc_header->min_req_ver) { + pr_info("Unsafe microcode update: Current revision 0x%x too old\n", cur_= rev); + pr_info("Current should be at 0x%x or higher. Use early loading instead\= n", mc_header->min_req_ver); + return false; + } + return true; +} + static enum ucode_state read_ucode_intel(int cpu, struct iov_iter *iter) { struct ucode_cpu_info *uci =3D ucode_cpu_info + cpu; + bool is_safe, new_is_safe =3D false; int cur_rev =3D uci->cpu_sig.rev; unsigned int curr_mc_size =3D 0; u8 *new_mc =3D NULL, *mc =3D NULL; =20 - if (force_minrev) - return UCODE_NFOUND; - while (iov_iter_count(iter)) { struct microcode_header_intel mc_header; unsigned int mc_size, data_size; @@ -515,9 +539,14 @@ static enum ucode_state read_ucode_intel if (!intel_find_matching_signature(mc, &uci->cpu_sig)) continue; =20 + is_safe =3D ucode_validate_minrev(&mc_header); + if (force_minrev && !is_safe) + continue; + kvfree(new_mc); cur_rev =3D mc_header.rev; new_mc =3D mc; + new_is_safe =3D is_safe; mc =3D NULL; } =20 @@ -529,7 +558,7 @@ static enum ucode_state read_ucode_intel return UCODE_NFOUND; =20 ucode_patch_late =3D (struct microcode_intel *)new_mc; - return UCODE_NEW; + return new_is_safe ? UCODE_NEW_SAFE : UCODE_NEW; =20 fail: kvfree(mc);