From nobody Sun Feb 8 05:29:06 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F36762FBDE0 for ; Fri, 30 Jan 2026 19:49:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.9 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769802593; cv=none; b=fii16jEBki1zynXn/bCY1Um5N0fJbXI1+JroF5NmIwOo48Qech7ID8+tLkSlhqUd1PTu29gSdtmTEjLYJvxOJA35ydSevWotgLrEum+A+f/PMLvHb+zsSXL/OpamyxMOTM9WGuCcPGRjC83sxW38aLJWRXbeiY8jUWMSbdzwXoE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769802593; c=relaxed/simple; bh=XaU2BEu5/XVvdoAMkTc7YIq5YAfh/dEnIW0WEuM4wAc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=qL84rUUllmLNmLqs3/wfyFfIHTsQEseHjeS57pgxzungnnrSp8asG+A09DBlO3HMgDZXDLnD9QFKp6Ohi8ihBXoBOLx6545+37XZ4IE0NcX/Qnf51f5ljeNxpSCWpWoEpOGl23JYeF10qA8rKUDIHed42Vkok24xgY0Sde8C2wI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Dcm3M1bj; arc=none smtp.client-ip=198.175.65.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Dcm3M1bj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769802591; x=1801338591; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=XaU2BEu5/XVvdoAMkTc7YIq5YAfh/dEnIW0WEuM4wAc=; b=Dcm3M1bjPmAGNXmMK+u0h1LzXHCm2/ZkwfkJygWGc0GEt290VxTNLNTl Fi5VsP10oDgtzZp2kThQ4Tg9FtHyWy7Px6cp1d5C+AemAclFhGtGJvZla /rGpoRqBuo8RiPYEGM5Z5LKRb52tXDZUxkOFswQeTbB2At7xsBn+89kSL wOY+69Jo+tyyH5svs4EU9F6bJ3Yft9MKID4N9THhAmtA67iynltJtLpoR NYej5Of5iUHAP/TQt8QLdnVvnwvbUt3J85TnAJUK6r/hzl3aCZK0zdu1o zXz8S/LPmj4zLFLCkpuib6527pES/5I083r6IAejhnuBLc2CS/EHrt/eK w==; X-CSE-ConnectionGUID: qdPr0RO+TwaUfxD2K6qnwg== X-CSE-MsgGUID: m7S8o7aWRZaYkhoIIXpuHg== X-IronPort-AV: E=McAfee;i="6800,10657,11687"; a="93714058" X-IronPort-AV: E=Sophos;i="6.21,263,1763452800"; d="scan'208";a="93714058" Received: from fmviesa009.fm.intel.com ([10.60.135.149]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jan 2026 11:49:50 -0800 X-CSE-ConnectionGUID: AGOPN8g5TfGGz220aJVt1Q== X-CSE-MsgGUID: M6KkSGkLRdSFqP5Lrs0i1g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,263,1763452800"; d="scan'208";a="209339590" Received: from sohilmeh.sc.intel.com ([172.25.103.65]) by fmviesa009.fm.intel.com with ESMTP; 30 Jan 2026 11:49:49 -0800 From: Sohil Mehta To: Dave Hansen , Borislav Petkov , x86@kernel.org Cc: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Pawan Gupta , Dave Hansen , Nikolay Borisov , Andrew Cooper , Sohil Mehta , linux-kernel@vger.kernel.org Subject: [PATCH v4] scripts/x86/intel: Add a script to update the old microcode list Date: Fri, 30 Jan 2026 11:47:53 -0800 Message-ID: <20260130194753.672739-1-sohil.mehta@intel.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The kernel maintains a table of minimum expected microcode revisions for Intel CPUs in intel-ucode-defs.h. Systems with microcode older than these revisions are flagged with X86_BUG_OLD_MICROCODE. The static list of microcode revisions needs to be updated periodically in response to releases of the official microcode at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git. Introduce a simple script to extract the revision information from the microcode files and print it in the precise format expected by the microcode header. Maintaining the script in the kernel tree ensures a central location that a submitter can use to generate the kernel-specific update. This not only reduces the possibility of errors but also makes it easier to validate the changes for reviewers and maintainers. Typically, someone at Intel would see a new public release, wait for at least three months to ensure the update is stable, run this script to refresh the intel-ucode-defs.h file, and send a patch upstream to update the mainline and stable versions. Having a standard update script and a defined process minimizes the ambiguity when refreshing the old microcode list. As always, there can be exceptions to this process which should be supported with appropriate justification. Originally-by: Dave Hansen Signed-off-by: Sohil Mehta --- v4: - Add suggested timeline to the update process. - Include platform ID information based on Dave's series: https://lore.kernel.org/all/20260119195047.86E3C696@davehans-spike.ostc.= intel.com/ This patch should be applied after the bug-fix series has merged. v3: https://lore.kernel.org/lkml/20250825171510.3332029-1-sohil.mehta@intel= .com/ - Include motivation for having the script in the kernel. (Boris) - Update instructions to clarify typical usage. (Boris) --- MAINTAINERS | 1 + scripts/update-intel-ucode-defs.py | 128 +++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100755 scripts/update-intel-ucode-defs.py diff --git a/MAINTAINERS b/MAINTAINERS index 0d044a58cbfe..861c0c42c95d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -28245,6 +28245,7 @@ S: Maintained F: Documentation/admin-guide/hw-vuln/ F: arch/x86/include/asm/nospec-branch.h F: arch/x86/kernel/cpu/bugs.c +F: scripts/update-intel-ucode-defs.py =20 X86 MCE INFRASTRUCTURE M: Tony Luck diff --git a/scripts/update-intel-ucode-defs.py b/scripts/update-intel-ucod= e-defs.py new file mode 100755 index 000000000000..50ec47cea1c5 --- /dev/null +++ b/scripts/update-intel-ucode-defs.py @@ -0,0 +1,128 @@ +#!/usr/bin/python3 +# SPDX-License-Identifier: GPL-2.0 +import argparse +import re +import shutil +import subprocess +import sys +import os + +script =3D os.path.relpath(__file__) + +DESCRIPTION =3D f""" +For Intel CPUs, update the microcode revisions that determine +X86_BUG_OLD_MICROCODE. + +This script is intended to be run in response to releases of the +official Intel microcode GitHub repository: +https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git + +It takes the Intel microcode files as input and uses iucode-tool to +extract the revision information. It prints the output in the format +expected by intel-ucode-defs.h. + +Usage: + ./{script} /path/to/microcode/files > /path/to/intel-ucode-defs.h + +Typically, someone at Intel would see a new public release, wait for at +least three months to ensure the update is stable, run this script to +refresh the intel-ucode-defs.h file, and send a patch upstream to update +the mainline and stable versions. + +As always, there can be exceptions to the above process which should be +supported by appropriate justification. +""" + +parser =3D argparse.ArgumentParser(description=3DDESCRIPTION, + formatter_class=3Dargparse.RawDescription= HelpFormatter) +parser.add_argument('ucode_files', nargs=3D'+', help=3D'Path(s) to the mic= rocode files') + +args =3D parser.parse_args() + +# Process the microcode files using iucode-tool +if shutil.which("iucode-tool") is None: + print("Error: iucode-tool not found, please install it", file=3Dsys.st= derr) + sys.exit(1) + +cmd =3D ['iucode-tool', '--list-all' ] +cmd.extend(args.ucode_files) + +process =3D subprocess.Popen(cmd, stdout=3Dsubprocess.PIPE, universal_newl= ines=3DTrue) +process.wait() +if process.returncode !=3D 0: + print("Error: iucode-tool ran into an error, exiting", file=3Dsys.stde= rr) + sys.exit(1) + +# Functions to extract family, model, and stepping +def bits(val, bottom, top): + mask =3D (1 << (top + 1 - bottom)) - 1 + mask =3D mask << bottom + return (val & mask) >> bottom + +def family(sig): + if bits(sig, 8, 11) =3D=3D 0xf: + return bits(sig, 8, 11) + bits(sig, 20, 27) + return bits(sig, 8, 11) + +def model(sig): + return bits(sig, 4, 7) | (bits(sig, 16, 19) << 4) + +def step(sig): + return bits(sig, 0, 3) + +# Parse the output of iucode-tool +ucode_list =3D [] +for line in process.stdout: + if line.find(" sig ") =3D=3D -1: + continue + sig =3D re.search('sig (0x[0-9a-fA-F]+)', line).group(1) + rev =3D re.search('rev (0x[0-9a-fA-F]+)', line).group(1) + pfm =3D re.search('pf_mask (0x[0-9a-fA-F]+)', line).group(1) + sig =3D int(sig, 16) + rev =3D int(rev, 16) + pfm =3D int(pfm, 16) + debug_rev =3D bits(rev, 31, 31) + if debug_rev !=3D 0: + print("Error: Debug ucode file found, exiting", file=3Dsys.stderr) + sys.exit(1) + + ucrev =3D {} + ucrev['sig'] =3D sig + ucrev['platforms'] =3D pfm + ucrev['rev'] =3D rev + ucode_list.append(ucrev) + +# Remove duplicates, if any +ucode_dict =3D {} +for rev in ucode_list: + ucode_key =3D (rev['sig'], rev['platforms']) + existing =3D ucode_dict.get(ucode_key) + if existing is not None: + # If the existing one is newer, just move on: + if existing['rev'] > rev['rev']: + continue + ucode_dict[ucode_key] =3D rev + +# Prepare the microcode entries +ucode_entries =3D [] +for ucode_key in ucode_dict: + rev =3D ucode_dict[ucode_key] + sig =3D rev['sig'] + ucode_entries.append({ + 'family': family(sig), + 'model': model(sig), + 'steppings': 1 << step(sig), + 'platforms': rev['platforms'], + 'rev': rev['rev'], + 'sig': sig + }) + +if not ucode_entries: + print("Error: No valid microcode files found, exiting", file=3Dsys.std= err) + sys.exit(1) + +# Sort and print the microcode entries +ucode_entries.sort(key=3Dlambda x: (x['family'], x['model'], x['steppings'= ], x['platforms'])) +for entry in ucode_entries: + print("{ .flags =3D X86_CPU_ID_FLAG_ENTRY_VALID, .vendor =3D X86_VENDO= R_INTEL, .family =3D 0x%x, .model =3D 0x%02x, .steppings =3D 0x%04x, .plat= form_mask =3D 0x%02x, .driver_data =3D 0x%x }," % + (entry['family'], entry['model'], entry['steppings'], entry['pla= tforms'], entry['rev'])) --=20 2.43.0