From patchwork Tue Sep 12 07:57:43 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Gleixner <tglx@linutronix.de>
X-Patchwork-Id: 13834
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9ecd:0:b0:3f2:4152:657d with SMTP id t13csp244701vqx;
        Tue, 12 Sep 2023 00:58:50 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGTYPbdOwnreJenvwStQeFPeFZRwltiJFm+cp8ugz1NTFqP12EIWFwwexZT3Cpj6k6G90Pf
X-Received: by 2002:a05:6808:23cb:b0:3a8:84a9:242c with SMTP id
 bq11-20020a05680823cb00b003a884a9242cmr14983786oib.42.1694505530670;
        Tue, 12 Sep 2023 00:58:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694505530; cv=none;
        d=google.com; s=arc-20160816;
        b=AjG2X+qArliCW+689j+8QaTigVp07xnpwi1bwt9qmLmRQXhOUK40GZNysGHxeV2GAr
         ehztwOEGMgTBSNIRVHeqANZHh/eO9QLYah2h0GB+ZY3FigLLMO7YhzLikkWFxzyKDwwB
         NcDRIEAbGeUFn7kA3o9LZbmUrcl+0hb9HL6PYl7IWn1ha5kLkYVYCvz1ndpyo5fqpTFy
         lCA2JAgaa6JtC0Wbgq/dMqTAGkT880I62dP3X2heGeQvnEQz9Sh7ctzpmAFKSbYXQ1yU
         Fs3HNSknwRNcuEAyTmZRg/+p3s28xqbPyrEjEqGGCccLofFuF0dPiIRVe1qeH2HTjwiq
         qbug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:date:subject:cc:to:from:dkim-signature
         :dkim-signature:message-id;
        bh=AJw1wx6YPuzaZhvYGTfk54O9w+U0r7o+iwnk/Je3HJs=;
        fh=u57tXYamzTrJA+Ht8n1u7SfTMptrQaIb6LVW+jsaYf4=;
        b=gRBJ3cNoDtH6X4/xP/QvY7K5Kj8ythhptVvUJT/hkpTFYnG5Xmq/DtREl8RkoY28EG
         K/HuwKbAUVE347j+f1SKq24d7jKRVTg5fg6J3D9vgxeJkUF1xFzmGVeYqsG7/661AqM+
         DpB8XiuKf20Q0bvbvLe9ADmUO+nbHpZ/fOro2cz4IkYN/nfvFOQTsOH5gnvfY0eKBe4Z
         Eh3U0sFczCOW2b+vVZTfD1hxxEjymS/xRGWFblquMM18uXm4Au9+bMBNbOSrWwY0pEbv
         IBl3XCb4We1oR75oraYWh8jZAuOETsLoXc8AWg2gOuhcVE6FE+tc3gvxBBltUtLaTh1X
         i1YA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=IOD0lYYw;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:5 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5])
        by mx.google.com with ESMTPS id
 v184-20020a6389c1000000b00565f24af893si7397946pgd.22.2023.09.12.00.58.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 12 Sep 2023 00:58:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:5 as permitted sender)
 client-ip=2620:137:e000::3:5;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=IOD0lYYw;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::3:5 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id DC653804A9D3;
	Tue, 12 Sep 2023 00:58:03 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.8 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231881AbjILH5u (ORCPT <rfc822;pwkd43@gmail.com> + 39 others);
        Tue, 12 Sep 2023 03:57:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47648 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231822AbjILH5t (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Sep 2023 03:57:49 -0400
Received: from galois.linutronix.de (Galois.linutronix.de
 [IPv6:2a0a:51c0:0:12e:550::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6426310C2
        for <linux-kernel@vger.kernel.org>;
 Tue, 12 Sep 2023 00:57:45 -0700 (PDT)
Message-ID: <20230912065249.695681286@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1694505463;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc; bh=AJw1wx6YPuzaZhvYGTfk54O9w+U0r7o+iwnk/Je3HJs=;
        b=IOD0lYYwGmgzv3nD4SUAMPlshas3CHBw0PElNpSBV0G/pJL/FeV1R8/Cfxk78uvibLQQUE
        4kbrcUvzwpgS2hWqbEDgpDb8OpUkjD+QAOyIk9d8a1ilty6z1R37Q0jn2mCEIYiWUybMaz
        s/1XHE4PVQSl3U8pJuHFNpvz3O1dTxc0BKd1H4NF1FcZuYN3z7mUjF5aC+wItlYnGA7kfP
        gjdhsxsvAruGrf/1QVPvaocokP04EdOBEqAS0PrxzpYl3R88dGcHCVwjqno5QWeCDgEKed
        lAsaDw7gjF0eTu1wi+p0MR+/CtfABsv34PyHu7mC84KQUutLiheFsUw6FvZI1g==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1694505463;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc; bh=AJw1wx6YPuzaZhvYGTfk54O9w+U0r7o+iwnk/Je3HJs=;
        b=QsEQK975y5S1rul1ukUb6TKuSlENYV0iOnMCxQZf4vQoooPb90SaKQjrIEEGVzLwQeK0P0
        88jgn0Fxuh4MR6CA==
From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: x86@kernel.org, Borislav Petkov <bp@alien8.de>,
        "Chang S. Bae" <chang.seok.bae@intel.com>,
        Arjan van de Ven <arjan@linux.intel.com>,
        Nikolay Borisov <nik.borisov@suse.com>
Subject: [patch V3 00/30] x86/microcode: Cleanup and late loading enhancements
Date: Tue, 12 Sep 2023 09:57:43 +0200 (CEST)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
 Tue, 12 Sep 2023 00:58:03 -0700 (PDT)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1776817831269839655
X-GMAIL-MSGID: 1776817831269839655

This is a follow up on:

  https://lore.kernel.org/lkml/20230812194003.682298127@linutronix.de

Late microcode loading is desired by enterprise users. Late loading is
problematic as it requires detailed knowledge about the change and an
analysis whether this change modifies something which is already in use by
the kernel. Large enterprise customers have engineering teams and access to
deep technical vendor support. The regular admin does not have such
resources, so the kernel has always tainted the kernel after late loading.

Intel recently added a new previously reserved field to the microcode
header which contains the minimal microcode revision which must be running
on the CPU to make the load safe. This field is 0 in all older microcode
revisions, which the kernel assumes to be unsafe. Minimal revision checking
can be enforced via Kconfig or kernel command line. It then refuses to load
an unsafe revision. The default loads unsafe revisions like before and
taints the kernel. If a safe revision is loaded the kernel is not tainted.

But that does not solve all other known problems with late loading:

    - Late loading on current Intel CPUs is unsafe vs. NMI when
      hyperthreading is enabled. If a NMI hits the secondary sibling while
      the primary loads the microcode, the machine can crash.

    - Soft offline SMT siblings which are playing dead with MWAIT can cause
      damage too when the microcode update modifies MWAIT. That's a
      realistic scenario in the context of 'nosmt' mitigations. :(

Neither the core code nor the Intel specific code handles any of this at all.

While trying to implement this, I stumbled over disfunctional, horribly
complex and redundant code, which I decided to clean up first so the new
functionality can be added on a clean slate.

So the series has several sections:

   1) Move the 32bit early loading after paging enable

   2) Cleanup of the Intel specific code

   3) Implementation of proper core control logic to handle the NMI safe
      requirements

   4) Support for minimal revision check in the core and the Intel specific
      parts.

Changes vs. V2:

  - Rebased on v6.5-rc1

  - Removed the 32bit oddity of invoking the microcode loader before
    paging is enabled.

  - Some minor improvements.

The series is also available from git:

   git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git ucode-v3

Thanks,

	tglx
---
 Documentation/admin-guide/kernel-parameters.txt |    5 
 arch/x86/Kconfig                                |   25 
 arch/x86/include/asm/apic.h                     |    5 
 arch/x86/include/asm/cpu.h                      |   20 
 arch/x86/include/asm/microcode.h                |   16 
 arch/x86/kernel/Makefile                        |    1 
 arch/x86/kernel/apic/apic_flat_64.c             |    2 
 arch/x86/kernel/apic/ipi.c                      |    8 
 arch/x86/kernel/apic/x2apic_cluster.c           |    1 
 arch/x86/kernel/apic/x2apic_phys.c              |    1 
 arch/x86/kernel/cpu/common.c                    |   12 
 arch/x86/kernel/cpu/microcode/amd.c             |   57 --
 arch/x86/kernel/cpu/microcode/core.c            |  643 +++++++++++++++--------
 arch/x86/kernel/cpu/microcode/intel.c           |  659 ++++++------------------
 arch/x86/kernel/cpu/microcode/internal.h        |   32 -
 arch/x86/kernel/head32.c                        |    6 
 arch/x86/kernel/head_32.S                       |   10 
 arch/x86/kernel/nmi.c                           |    9 
 arch/x86/kernel/smpboot.c                       |   12 
 drivers/platform/x86/intel/ifs/load.c           |    8 
 include/linux/cpuhotplug.h                      |    1 
 21 files changed, 740 insertions(+), 793 deletions(-)