From patchwork Mon Oct 9 12:29:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 150058 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a888:0:b0:403:3b70:6f57 with SMTP id x8csp1833928vqo; Mon, 9 Oct 2023 05:32:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEm+CLzUnQsGp2QGq2BwrilErfP4TxcbUXpDSz8s+26br5qLORGoRNNFcWt0BpGdIp4Je2c X-Received: by 2002:a05:6a20:3d92:b0:133:be9d:a9e6 with SMTP id s18-20020a056a203d9200b00133be9da9e6mr17810092pzi.17.1696854757292; Mon, 09 Oct 2023 05:32:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696854757; cv=none; d=google.com; s=arc-20160816; b=g302p9cgLhl/X/cXWfj5wPxmUIsL9M/XeldYfg5Nl0uTKuGNkXYJK+YnsIXBupdg3Z uWP1qhddNuDzgm+03Tb95kLNATLX+LVQBEQy55Wy9RdJ8SygmNPD5Y7bb1ncvfQ7RlbQ z8mnfWinHZ/VVmFoqZlHeNjLkSwUBUtL2pOyWCzqd92icSv7p5iQYLxozhV/O2pPBFAe jvKdIWV1UERZ9QohDvZzusjEaSKJwER1HZgqxHcuwRs05vD54Bb9Nl3KGjkshfAzy4Ev 0F92RFlr6e8Te1I4Vm22EZxeOId+x76dJbz2mH5uBuRnddtHu3Q/v1BP0WDwx6oNdiB2 i6Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=HxdaJDZeGMS8xqoj5FzWWGtKH6jp7I263SOrIAEW08c=; fh=LWlv3U+xZ3+vQt4tlJRIlKl5VzN7iFjjE/bzRmlxKDA=; b=kefhDlnDYWRwGlCwalfHvei+Wodg4de7QxXsMvpN17U6poyqm0F6UvfRfMQSUZYmQw quEvGTEgW712stecqPpG8LBZ4iZO+1eVROAswD83WbKdYBQNuc6zaFoTAtLoiJurnO3o eqap+as0grRKtHm8jAbjY+4mXz9MpkE8sqd3sVpv9qdStthTmtKe89QPsxlaBgXTxsr9 C4pWjYo7bDR8d+sCCMGy/UWlOEkFb1K58s4KmmM78FSS2G5bY1vyR0YNkQMVM5dvevyu Rj6X4+cbofMChg9UncGlm99APjTGh8rEm4/FLbTjUTDnM9JJWc9zZY1V7TYcI84vU0hV iSaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=S2F9uGjO; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id j71-20020a638b4a000000b00589878c0a5bsi7471633pge.71.2023.10.09.05.32.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Oct 2023 05:32:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=S2F9uGjO; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 60E6180A73D8; Mon, 9 Oct 2023 05:30:58 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376467AbjJIMao (ORCPT + 18 others); Mon, 9 Oct 2023 08:30:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346556AbjJIM3z (ORCPT ); Mon, 9 Oct 2023 08:29:55 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36BD7AC; Mon, 9 Oct 2023 05:29:51 -0700 (PDT) Date: Mon, 09 Oct 2023 12:29:48 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1696854589; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HxdaJDZeGMS8xqoj5FzWWGtKH6jp7I263SOrIAEW08c=; b=S2F9uGjOVKL9HjRrKDD/7pQuS9hG8l+DwAdEeUMk4j3JlvnWxjj1USkFJ4H2zKxpcotF6a E0rods+vJOjCPjIrtFi8TixLNS/sCI5Dxmyg2olfcCG0KfBslEnZL0dbpCnVWHGLxqMIWg X41ltZzrO4a9RTngxxmPIeb42/YhMfit5xp9yOgwc1AiCbDAgImUamF6mwNQF41ojFUn5S +mruRWBaJH85s/uC6uCqKhRUmH+Nbd1WFBQq0kKE6n6PFVCQEJeWT1i8+UXTSWK/QREe/s bxF6eejwE6UlITLFCjPJsq+/TxYLNpsb1FzJG2GIRrs2RYDAsE6/Wic58v8s6Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1696854589; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HxdaJDZeGMS8xqoj5FzWWGtKH6jp7I263SOrIAEW08c=; b=Rr0Wucxk6SWRgirfmrSKZ78fbe1vrfigfgbKGYuKAwgWld31snQqEyR7RGoNZ3+urd7mVK fMAK1SeDdx2GQCDw== From: "tip-bot2 for Thomas Gleixner" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/microcode] x86/microcode: Handle "nosmt" correctly Cc: Thomas Gleixner , "Borislav Petkov (AMD)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20231002115903.087472735@linutronix.de> References: <20231002115903.087472735@linutronix.de> MIME-Version: 1.0 Message-ID: <169685458886.3135.6138319724353794375.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 09 Oct 2023 05:30:58 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778666451136961211 X-GMAIL-MSGID: 1779281173628248859 The following commit has been merged into the x86/microcode branch of tip: Commit-ID: 10adb827276a944adf06e56b84f45d6ff9ebdd7a Gitweb: https://git.kernel.org/tip/10adb827276a944adf06e56b84f45d6ff9ebdd7a Author: Thomas Gleixner AuthorDate: Mon, 02 Oct 2023 13:59:56 +02:00 Committer: Borislav Petkov (AMD) CommitterDate: Fri, 06 Oct 2023 15:12:23 +02:00 x86/microcode: Handle "nosmt" correctly On CPUs where microcode loading is not NMI-safe the SMT siblings which are parked in one of the play_dead() variants still react to NMIs. So if an NMI hits while the primary thread updates the microcode the resulting behaviour is undefined. The default play_dead() implementation on modern CPUs is using MWAIT which is not guaranteed to be safe against a microcode update which affects MWAIT. Take the cpus_booted_once_mask into account to detect this case and refuse to load late if the vendor specific driver does not advertise that late loading is NMI safe. AMD stated that this is safe, so mark the AMD driver accordingly. This requirement will be partially lifted in later changes. Signed-off-by: Thomas Gleixner Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20231002115903.087472735@linutronix.de --- arch/x86/Kconfig | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 9 ++-- arch/x86/kernel/cpu/microcode/core.c | 51 ++++++++++++++--------- arch/x86/kernel/cpu/microcode/internal.h | 13 ++---- 4 files changed, 44 insertions(+), 31 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 66bfaba..c46ebd1 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1316,7 +1316,7 @@ config MICROCODE config MICROCODE_LATE_LOADING bool "Late microcode loading (DANGEROUS)" default n - depends on MICROCODE + depends on MICROCODE && SMP help Loading microcode late, when the system is up and executing instructions is a tricky business and should be avoided if possible. Just the sequence diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 0f15e82..a760e13 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -909,10 +909,11 @@ static void microcode_fini_cpu_amd(int cpu) } static struct microcode_ops microcode_amd_ops = { - .request_microcode_fw = request_microcode_amd, - .collect_cpu_info = collect_cpu_info_amd, - .apply_microcode = apply_microcode_amd, - .microcode_fini_cpu = microcode_fini_cpu_amd, + .request_microcode_fw = request_microcode_amd, + .collect_cpu_info = collect_cpu_info_amd, + .apply_microcode = apply_microcode_amd, + .microcode_fini_cpu = microcode_fini_cpu_amd, + .nmi_safe = true, }; struct microcode_ops * __init init_amd_microcode(void) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 0038126..02e9e5d 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -283,23 +283,6 @@ static struct platform_device *microcode_pdev; */ #define SPINUNIT 100 /* 100 nsec */ -static int check_online_cpus(void) -{ - unsigned int cpu; - - /* - * Make sure all CPUs are online. It's fine for SMT to be disabled if - * all the primary threads are still online. - */ - for_each_present_cpu(cpu) { - if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) { - pr_err("Not all CPUs online, aborting microcode update.\n"); - return -EINVAL; - } - } - - return 0; -} static atomic_t late_cpus_in; static atomic_t late_cpus_out; @@ -416,6 +399,35 @@ static int microcode_reload_late(void) return ret; } +/* + * Ensure that all required CPUs which are present and have been booted + * once are online. + * + * To pass this check, all primary threads must be online. + * + * If the microcode load is not safe against NMI then all SMT threads + * must be online as well because they still react to NMIs when they are + * soft-offlined and parked in one of the play_dead() variants. So if a + * NMI hits while the primary thread updates the microcode the resulting + * behaviour is undefined. The default play_dead() implementation on + * modern CPUs uses MWAIT, which is also not guaranteed to be safe + * against a microcode update which affects MWAIT. + */ +static bool ensure_cpus_are_online(void) +{ + unsigned int cpu; + + for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) { + if (!cpu_online(cpu)) { + if (topology_is_primary_thread(cpu) || !microcode_ops->nmi_safe) { + pr_err("CPU %u not online\n", cpu); + return false; + } + } + } + return true; +} + static ssize_t reload_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t size) @@ -431,9 +443,10 @@ static ssize_t reload_store(struct device *dev, cpus_read_lock(); - ret = check_online_cpus(); - if (ret) + if (!ensure_cpus_are_online()) { + ret = -EBUSY; goto put; + } tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev); if (tmp_ret != UCODE_NEW) diff --git a/arch/x86/kernel/cpu/microcode/internal.h b/arch/x86/kernel/cpu/microcode/internal.h index 051b795..a36439c 100644 --- a/arch/x86/kernel/cpu/microcode/internal.h +++ b/arch/x86/kernel/cpu/microcode/internal.h @@ -20,18 +20,17 @@ enum ucode_state { struct microcode_ops { enum ucode_state (*request_microcode_fw)(int cpu, struct device *dev); - void (*microcode_fini_cpu)(int cpu); /* - * The generic 'microcode_core' part guarantees that - * the callbacks below run on a target cpu when they - * are being called. + * The generic 'microcode_core' part guarantees that the callbacks + * below run on a target CPU when they are being called. * See also the "Synchronization" section in microcode_core.c. */ - enum ucode_state (*apply_microcode)(int cpu); - int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); - void (*finalize_late_load)(int result); + enum ucode_state (*apply_microcode)(int cpu); + int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); + void (*finalize_late_load)(int result); + unsigned int nmi_safe : 1; }; extern struct ucode_cpu_info ucode_cpu_info[];