From patchwork Fri Jan 13 17:29:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ashok Raj <ashok.raj@intel.com>
X-Patchwork-Id: 43502
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp401292wrt;
        Fri, 13 Jan 2023 09:47:28 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXsyFH+9o12V76sOi7mydh5PLFllEJm1yUGX8x/sItW033HcHD2Cj8fIlOtH3Jv5ZixYnoQA
X-Received: by 2002:a17:902:740b:b0:194:5068:ff1d with SMTP id
 g11-20020a170902740b00b001945068ff1dmr10052398pll.16.1673632047889;
        Fri, 13 Jan 2023 09:47:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673632047; cv=none;
        d=google.com; s=arc-20160816;
        b=apS/40+7z+Vq8Bk2qIYfoKvLslmu4jaWPm6YIWJZ9Cd+frVVe3R70+Ua+wpbB2D4b7
         aJ7pe/cIapEx8QNKRVrr+D5/sMq/LIGSTuQQZHUHhcVANWNyWnu4btUkhcneUJP2g053
         Hgy0c1YnyPokm5xFpkCx8Y9ptVRcNEPFKTcriUQcfJQBdKG4WrPiO1mfAb1RPHvkbZLr
         Q/J8XdvqDpA5CV1ZlZ+5O2NTZxLYGsYNssTqS36iMfF5UKMf/sHYmLRlDmIl+l4mEH9S
         +x4Qk5Gyy/mS1z5HN1ile6jhQ17vhfRiKjbTVTVHwZic5CS2U0/N8FENpOjhU67Awq9K
         YaIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Ux1Xey2buJWvkhuTLMBtt5OXo2vB6Pu6JWTw5l/NP1U=;
        b=FBGGkcpX69q+kEyvWnicbFavEq8fL+ktYIklcKKL30ML3sjQlx3ob5cC019CZmEQa5
         yZNLaW0h8yf6PNGe+lch+1I52Mx2ZHXQlh13nyk7otda/v1tFWqHNACIT1gwLub3lGd1
         Zoa/uFpSAQQS0SCrD1SFQDkbXOp0LnQm94ICH/LLBXuZqbPs/PVIwMgpqJTVIUPVUwCA
         zgfcmIo/4p1m3obIjX/lYT//fFHyslNrOvC8LgjimjPD6MA0Jdw4N2in4FmNicteNhI1
         hDg8Op0CIriZaWOPp0zo3Yd0bOBsBowW+EKUyEXMIsWJcBDihH/FGvGz5rWH5nlOce96
         ODOQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=RYSW8+g2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 w10-20020a1709029a8a00b0018929930a0bsi4689978plp.414.2023.01.13.09.47.14;
        Fri, 13 Jan 2023 09:47:27 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=RYSW8+g2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229708AbjAMRnp (ORCPT <rfc822;callmefire3@gmail.com>
        + 99 others); Fri, 13 Jan 2023 12:43:45 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52900 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229812AbjAMRnK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2023 12:43:10 -0500
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F1AE6C053
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Jan 2023 09:29:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673630973; x=1705166973;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=4EqDfmlWSpjXzy20Qe0hd2hnLS19EqiJq6uAIZI/d1Q=;
  b=RYSW8+g2iqBhkqpAtnhLdScqjZnkUkq8ezWbOC1scR7TRGfYGFbBCE9Y
   rK+tqLgGeHOnWbActuc1OyE1yd8dbGFIVusMobWFGsnviXmzJ1xOtrn7y
   uBYDNYQNeu7UQxG/Me7Ova4zldrX3gYYZTDkmHIqZyPTFPJOvS2x1Uaqh
   Xxs3hauiMtzRCnqFhOoaRKrcZJ3lHnU8iNTG4wM3603/h6iGtKEpHwLGN
   7NtVwJiuiKaj6mzD0NMIfNy2dVQGmAjYm8EbuKUYX+eOEhGqBqIkJ4T9N
   8d3l9s3eC1xujt+QrZpsVExhOf1qRhDqE0dEjyAlg4W8hLfckaNC8x7Ic
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304429995"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="304429995"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:32 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089917"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="766089917"
Received: from araj-ucode.jf.intel.com ([10.23.0.19])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:32 -0800
From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>,
        Thomas Gleixner <tglx@linutronix.de>
Cc: Ashok Raj <ashok.raj@intel.com>, Tony Luck <tony.luck@intel.com>,
        LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Alison Schofield <alison.schofield@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Stefan Talpalaru <stefantalpalaru@yahoo.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Jonathan Corbet <corbet@lwn.net>,
        "Rafael J . Wysocki" <rafael@kernel.org>,
        Peter Zilstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Cooper <Andrew.Cooper3@citrix.com>
Subject: [PATCH v1 Part2 1/5] x86/microcode: Move late load warning to the
 same function that taints kernel
Date: Fri, 13 Jan 2023 09:29:16 -0800
Message-Id: <20230113172920.113612-2-ashok.raj@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com>
References: <20230113172920.113612-1-ashok.raj@intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754930398424967674?=
X-GMAIL-MSGID: =?utf-8?q?1754930398424967674?=

Currently the warning about late loading and tainting are issued from two
different functions.

Later patches will re-enable microcode late-loading.

Having both messages in the same function helps issuing warnings only
when required.

Move the warning from microcode_reload_late() -> reload_store() where the
kernel tainting also happens.

No functional changes.

Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: x86 <x86@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Thomas Gleixner (Intel) <tglx@linutronix.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Stefan Talpalaru <stefantalpalaru@yahoo.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Peter Zilstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
---
 arch/x86/kernel/cpu/microcode/core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index d7cbc83df9b6..c361882baf63 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -441,9 +441,6 @@ static int microcode_reload_late(void)
 	int old = boot_cpu_data.microcode, ret;
 	struct cpuinfo_x86 prev_info;
 
-	pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
-	pr_err("You should switch to early loading, if possible.\n");
-
 	atomic_set(&late_cpus_in,  0);
 	atomic_set(&late_cpus_out, 0);
 
@@ -494,6 +491,9 @@ static ssize_t reload_store(struct device *dev,
 	if (tmp_ret != UCODE_NEW)
 		goto put;
 
+	pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
+	pr_err("You should switch to early loading, if possible.\n");
+
 	mutex_lock(&microcode_mutex);
 	ret = microcode_reload_late();
 	mutex_unlock(&microcode_mutex);

From patchwork Fri Jan 13 17:29:17 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ashok Raj <ashok.raj@intel.com>
X-Patchwork-Id: 43503
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp401357wrt;
        Fri, 13 Jan 2023 09:47:38 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXsvvT6uz2QaJbDLEE/DVD2TIkhbbLrNxbGRaFEOoKdI0/kNludcTyEOY4WvyJpzePG/wRjZ
X-Received: by 2002:a17:903:482:b0:192:f961:c391 with SMTP id
 jj2-20020a170903048200b00192f961c391mr35601678plb.53.1673632058271;
        Fri, 13 Jan 2023 09:47:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673632058; cv=none;
        d=google.com; s=arc-20160816;
        b=liPpmrcjGDVYU3PeHX9HgH4scQOBI+XLaoR/eOOfPb0oPVvxAv64eoyfdVGL6wlECE
         0BsrYzZl+NEItHFVlo3LE5XeVhCQVrLmYrSsvQvlScAVa9e5uJpGXNjvG5ZScZwou3ye
         Ud/XwweMDkSTl+KU8dZ3ozBUOo2ZqJp7PwLzlyUPOVGPYW6m3iD+AF9ZrWLdlpTDxUe1
         g4K0nIQ4ubVdFLOy2hWl6FD3nprtv/e9tsxBBPdEVxghiQZO7QWmGH4+9zQDoE0PCXan
         o6jBfC9FC0xZsj1dH9doIH8NLmNk2NNQvnOa1Eyl3OicAZzJtk0pKBQAi/IthHXnUACO
         fCkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=+AwtK+304pex1mKuQQizBmpM6yZoOYYp049cY3Wlbrw=;
        b=TKBdOgNeEuIlmsO/SSNMH7SJe7tvTE6Pa00HmkQrEXk5c0+zLtilXeZItu5xmsn+FD
         m8mdnNFkC1bdqkArTV9MSxqzlj/4zZWewiYCLahYe9m9ZekMFvakbbzBo9jdsNN6gVJa
         RjrJBDkzfpe5sSS2QwmDMQlrI/hCcaZLNHqu8ogs6ZimMV1JL2n2398iICZ5BAy1qxxS
         gY+Ax0a+XtzEaO9TMW4hmNu6ihUjBT0jgFOB0oDIVKrGhLZMAgxBS4Vpu9qMcZ3MXMnC
         iY+T6UxMAozfz8f8v/hZuLcG8ZR3od0U1WZ0fmoaepoY8eddq8WmUhr7cG4R3FQfrRlA
         gWMQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=MJ1PM5Z7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 z9-20020a170902834900b0018929921900si19681880pln.80.2023.01.13.09.47.26;
        Fri, 13 Jan 2023 09:47:38 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=MJ1PM5Z7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230048AbjAMRnu (ORCPT <rfc822;callmefire3@gmail.com>
        + 99 others); Fri, 13 Jan 2023 12:43:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52910 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230110AbjAMRnK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2023 12:43:10 -0500
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11C06C13B6
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Jan 2023 09:29:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673630974; x=1705166974;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Qte1q7+HJ25CNkhwh20t40WstQdc3MZAPVeyWl46Tfk=;
  b=MJ1PM5Z7K2+hF2X9mR4mxAK8yHv97ILzgFZW1gHAWZVkAHIhN5/nlExh
   20uuhoW+b2iYgVc4FX+d8Rdg0p8t1nUYhidOmQr1f+/mUdfP7IYqfoD9s
   zCzaHbmNcfxvfryxYkL08hRJV82w46ah6PsKroohc/LA84YGuXeHVdQV8
   oOwzLvUVde0qXNq05wwbYrJkTASD1ndKsic2jTsRFGK8IMkMhBWRqNzL5
   MtszwpqTSjpQXLP/NodBnhyk83hfi/aTXZcYqKuhJ0YM7Xw8I1TueWYE7
   4BGIcO6lOFHcL5DhdCn99Y37pfBmn0r89REpT8ML1yeOYHI0F8913/vXz
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430006"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="304430006"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:32 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089920"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="766089920"
Received: from araj-ucode.jf.intel.com ([10.23.0.19])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:32 -0800
From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>,
        Thomas Gleixner <tglx@linutronix.de>
Cc: Ashok Raj <ashok.raj@intel.com>,
        LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Tony Luck <tony.luck@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Alison Schofield <alison.schofield@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Stefan Talpalaru <stefantalpalaru@yahoo.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Jonathan Corbet <corbet@lwn.net>,
        "Rafael J . Wysocki" <rafael@kernel.org>,
        Peter Zilstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Cooper <Andrew.Cooper3@citrix.com>
Subject: [PATCH v1 Part2 2/5] x86/microcode/intel: Add minimum required
 revision to microcode header
Date: Fri, 13 Jan 2023 09:29:17 -0800
Message-Id: <20230113172920.113612-3-ashok.raj@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com>
References: <20230113172920.113612-1-ashok.raj@intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754930408735326734?=
X-GMAIL-MSGID: =?utf-8?q?1754930408735326734?=

In general users don't have the necessary information to determine
whether a late loading of a new microcode version has removed any feature
(MSR, CPUID etc) between what is currently loaded and this new microcode.
To address this issue, Intel has added a "minimum required version" field
to a previously reserved field in the file header. Microcode updates
should only be applied if the current microcode version is equal
to, or greater than this minimum required version.

Thomas made some suggestions[1] on how meta-data in the microcode file
could provide Linux with information to decide if the new microcode is
suitable candidate for late loading. But even the "simpler" option#1
requires a lot of metadata and corresponding kernel code to parse it.

The proposal here is an even simpler option. Simply "OS visible features"
such as CPUID and MSRs are the only two examples. The microcode must not
change these OS visible features because they cause problems after late
loading. When microcode changes features, microcode will change the min_rev
to prevent such microcodes from being late loaded.

Pseudo code for late loading is as follows:

if header.min_required_id == 0
        This is old format microcode, block late loading
else if current_ucode_version < header.min_required_id
        Current version is too old, block late loading of this microcode.
else
        OK to proceed with late loading.

Any microcode that modifies the interface to an OS-visible feature
will set the min_version to itself. This will enforce this microcode is
not suitable for late loading unless the currently loaded revision is
greater or equal to the new microcode affecting the change.

The enforcement is not in hardware and limited to kernel loader enforcing
the requirement. It is not required for early loading of microcode to
enforce this requirement, since the new features are only
evaluated after early loading in the boot process.

Check if the new microcode specifies the minimum version for safe late
loading. Otherwise reject late load.

Test cases covered:

1. With new kernel, attempting to load an older format microcode with the
   min_rev=0 should be blocked by kernel.

   [  210.541802] Late loading denied: Microcode header does not specify a
   required min version.

2. New microcode with a non-zero min_rev in the header, but the specified
   min_rev is greater than what is currently loaded in the CPU should be
   blocked by kernel.

   245.139828] microcode: Late loading denied: Current revision 0x8f685300 is too old to update, must be at 0xaa000050 version or higher. Use early loading instead.

3. New microcode with a min_rev < currently loaded should allow loading the
   microcode

4. Build initrd with microcode that has min_rev=0, or min_rev > currently
   loaded should permit early loading microcode from initrd.

[1] https://lore.kernel.org/linux-kernel/alpine.DEB.2.21.1909062237580.1902@nanos.tec.linutronix.de/

Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: x86 <x86@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Thomas Gleixner (Intel) <tglx@linutronix.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Stefan Talpalaru <stefantalpalaru@yahoo.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Peter Zilstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
---
 arch/x86/include/asm/microcode_intel.h |  3 ++-
 arch/x86/kernel/cpu/microcode/intel.c  | 34 +++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h
index f1fa979e05bf..e83afe919b10 100644
--- a/arch/x86/include/asm/microcode_intel.h
+++ b/arch/x86/include/asm/microcode_intel.h
@@ -15,7 +15,8 @@ struct microcode_header_intel {
 	unsigned int            datasize;
 	unsigned int            totalsize;
 	unsigned int            metasize;
-	unsigned int            reserved[2];
+	unsigned int		min_req_ver;
+	unsigned int		reserved3;
 };
 
 struct microcode_intel {
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 0cdff9ed2a4e..6046f90a47b2 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -137,6 +137,33 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne
 		intel_ucode_patch = p->data;
 }
 
+static int is_lateload_safe(struct microcode_header_intel *mc_header)
+{
+	struct ucode_cpu_info uci;
+
+	/*
+	 * When late-loading, ensure the header declares a minimum revision
+	 * required to perform a late-load.
+	 */
+	if (!mc_header->min_req_ver) {
+		pr_warn("Late loading denied: Microcode header does not specify a required min version\n");
+		return -EINVAL;
+	}
+
+	intel_cpu_collect_info(&uci);
+
+	/*
+	 * Enforce the minimum revision specified in the header is either
+	 * greater or equal to the current revision.
+	 */
+	if (uci.cpu_sig.rev < mc_header->min_req_ver) {
+		pr_warn("Late loading denied: Current revision 0x%x too old to update, must be at 0x%x or higher. Use early loading instead\n",
+			uci.cpu_sig.rev, mc_header->min_req_ver);
+		return -EINVAL;
+	}
+	return 0;
+}
+
 /*
  * Get microcode matching with BSP's model. Only CPUs with the same model as
  * BSP can stay in the platform.
@@ -678,7 +705,9 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter)
 		memcpy(mc, &mc_header, sizeof(mc_header));
 		data = mc + sizeof(mc_header);
 		if (!copy_from_iter_full(data, data_size, iter) ||
-		    intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0) {
+		    intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0 ||
+		    is_lateload_safe(&mc_header)) {
+			ret = UCODE_ERROR;
 			break;
 		}
 
@@ -701,6 +730,9 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter)
 		return UCODE_ERROR;
 	}
 
+	if (ret == UCODE_ERROR)
+		return ret;
+
 	if (!new_mc)
 		return UCODE_NFOUND;
 

From patchwork Fri Jan 13 17:29:18 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ashok Raj <ashok.raj@intel.com>
X-Patchwork-Id: 43504
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp401394wrt;
        Fri, 13 Jan 2023 09:47:43 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvZB0dH48EmFk2idrto3qn+ETlfYA1GBWbktPlkYz5diMVXmrgEoenLJrMiQifrDEBC4/3g
X-Received: by 2002:a05:6a20:6da0:b0:ad:d633:3235 with SMTP id
 gl32-20020a056a206da000b000add6333235mr87538044pzb.19.1673632063137;
        Fri, 13 Jan 2023 09:47:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673632063; cv=none;
        d=google.com; s=arc-20160816;
        b=RrMB0lOMMr1SQxCTqld/cAP0iatUCzc5faUNvdzYlhaSaC1wWIQYOKscH1vTc+eajm
         enNAEY0dWIVcjqYGmYgmcbfZiqTXLGNEi1hGO/LYzHPuyXBaLfdyEQSz9Z8keQNEX8f5
         bcjnzepBdC6O5RbDA5XFRH7sxflz4fDl/LjJugfPLcSaOi4mmWx+fXWm4L/n4iQDWgwG
         zbFU+AAuN967/0myymeG7NHifvIoVOSPbX9r4kV9ofer43Z6gI9R0i7uuBwXcXkzOGWS
         KnZ04YRlZtnsuhGmandXtTwGCobc1rZLbppJjaRMwZ15VTlfJOq4ovfMnD4EilFEnXy4
         zkZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=hbBMY50hFpGbVzq2PS2cZfLILmL5lA8SfRIiEWRLGbQ=;
        b=dwQwwQFO2yLSDhk6MgBKzYCGiqYM1hMuyb9WIkIYAQT373fORlHIB/YP/n+Q3EjPXl
         AiZkpgMHNuBpa7MjThDfqJmBQPHEYm08Ty6wXKH2dT8ZqBpykxAlOyO0FnEY0pjwQgpZ
         ZKXK9MggfEy2u2wmFBAkjkA6R6ABwDkmKLkfweNzbzg8mSy3R5m6zOaZgJuO0cpepOeO
         lUtuLiwGtJwWL4JABb9dXVdqRNupdlmsjVHt0m0GKKqO8+SUZJqNhbQvZGUy4WefMDcb
         iK/EZulAY2UDeW5Is5HIaKIYiGYjafDGZhih/06y85zHmSUsQ+IP2TFfY8Z9EqVNZeXl
         Lx3g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="T/Wz+cVB";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 h3-20020a056a00170300b0056d789ba707si22728605pfc.294.2023.01.13.09.47.30;
        Fri, 13 Jan 2023 09:47:43 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="T/Wz+cVB";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229470AbjAMRnz (ORCPT <rfc822;callmefire3@gmail.com>
        + 99 others); Fri, 13 Jan 2023 12:43:55 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52912 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229968AbjAMRnK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2023 12:43:10 -0500
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CFAF6C04C
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Jan 2023 09:29:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673630974; x=1705166974;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=+uJwRo55xEtpfWrqsz+KfZkuGz/Ne+Z1O6pvkdQS4hM=;
  b=T/Wz+cVBLImMHu2qVkshVH917Ai7jZBLsLLaGj1MPQRapkPFvB5Or/rB
   Wl3oQFN96dmcOJOfmehWUIVzNiHnc0ism5qjgzEXkfgwgH+7twL6aCy9y
   v8JFi7z9rSB/5K501AUnm28bGI1UaZ5Rwr7k6DzGPswQoguUoSwPXK38R
   fyaNRRK3C5E610U0wVgvvcWCMBcM6IrIRa6t/A7+PBT768uynkZMUQY8O
   f4U8G+RGY3SBXPlTeyBOOeXr+QppFRzr5hU0Un6gDerDals3UoUQuUive
   V2M8BX9c4AiLHPnLGNniGvzHMOdi0rAKHFywPLSBBiQ/q193pvNbOtGJe
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430017"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="304430017"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:33 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089924"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="766089924"
Received: from araj-ucode.jf.intel.com ([10.23.0.19])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:32 -0800
From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>,
        Thomas Gleixner <tglx@linutronix.de>
Cc: Ashok Raj <ashok.raj@intel.com>, Tony Luck <tony.luck@intel.com>,
        LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Alison Schofield <alison.schofield@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Stefan Talpalaru <stefantalpalaru@yahoo.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Jonathan Corbet <corbet@lwn.net>,
        "Rafael J . Wysocki" <rafael@kernel.org>,
        Peter Zilstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Cooper <Andrew.Cooper3@citrix.com>
Subject: [PATCH v1 Part2 3/5] x86/microcode: Add a generic mechanism to
 declare support for minrev
Date: Fri, 13 Jan 2023 09:29:18 -0800
Message-Id: <20230113172920.113612-4-ashok.raj@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com>
References: <20230113172920.113612-1-ashok.raj@intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754930414426641008?=
X-GMAIL-MSGID: =?utf-8?q?1754930414426641008?=

Intel microcode adds some meta-data to report a minimum required revision
before this new microcode can be safely late loaded. There are no generic
mechanism to declare support for all vendors.

Add generic support to microcode core to declare such support, this allows
late-loading to be permitted in those architectures that report support
for safe late loading.

Late loading has added support for

- New images declaring a required minimum base version before a late-load
  is performed.

Tainting only happens on architectures that don't support minimum required
version reporting.

Add a new variable in microcode_ops to allow an architecture to declare
support for safe microcode late loading.

Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: x86 <x86@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Thomas Gleixner (Intel) <tglx@linutronix.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Stefan Talpalaru <stefantalpalaru@yahoo.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Peter Zilstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
---
 arch/x86/include/asm/microcode.h      |  2 ++
 arch/x86/kernel/cpu/microcode/core.c  | 25 ++++++++++++++++++++-----
 arch/x86/kernel/cpu/microcode/intel.c |  1 +
 arch/x86/Kconfig                      |  7 ++++---
 4 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index d5a58bde091c..3d48143e84a9 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -33,6 +33,8 @@ enum ucode_state {
 };
 
 struct microcode_ops {
+	bool safe_late_load;
+
 	enum ucode_state (*request_microcode_fw) (int cpu, struct device *);
 
 	void (*microcode_fini_cpu) (int cpu);
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index c361882baf63..446ddf3fcc29 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -472,6 +472,7 @@ static ssize_t reload_store(struct device *dev,
 	enum ucode_state tmp_ret = UCODE_OK;
 	int bsp = boot_cpu_data.cpu_index;
 	unsigned long val;
+	bool safe_late_load = false;
 	ssize_t ret = 0;
 
 	ret = kstrtoul(buf, 0, &val);
@@ -487,13 +488,22 @@ static ssize_t reload_store(struct device *dev,
 	if (ret)
 		goto put;
 
+	safe_late_load = microcode_ops->safe_late_load;
+
+	/*
+	 * If safe loading indication isn't present, bail out.
+	 */
+	if (!safe_late_load) {
+		pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
+		pr_err("You should switch to early loading, if possible.\n");
+		ret = -EINVAL;
+		goto put;
+	}
+
 	tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev);
 	if (tmp_ret != UCODE_NEW)
 		goto put;
 
-	pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
-	pr_err("You should switch to early loading, if possible.\n");
-
 	mutex_lock(&microcode_mutex);
 	ret = microcode_reload_late();
 	mutex_unlock(&microcode_mutex);
@@ -501,11 +511,16 @@ static ssize_t reload_store(struct device *dev,
 put:
 	cpus_read_unlock();
 
+	/*
+	 * Only taint if a successful load and vendor doesn't support
+	 * safe_late_load
+	 */
+	if (!(ret && safe_late_load))
+		add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
+
 	if (ret == 0)
 		ret = size;
 
-	add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
-
 	return ret;
 }
 
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 6046f90a47b2..eba4f463ef1c 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -806,6 +806,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device)
 }
 
 static struct microcode_ops microcode_intel_ops = {
+	.safe_late_load			  = true,
 	.request_microcode_fw             = request_microcode_fw,
 	.collect_cpu_info                 = collect_cpu_info,
 	.apply_microcode                  = apply_microcode_intel,
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 3604074a878b..ddc4130e6f8c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1352,15 +1352,16 @@ config MICROCODE_AMD
 	  processors will be enabled.
 
 config MICROCODE_LATE_LOADING
-	bool "Late microcode loading (DANGEROUS)"
-	default n
+	bool "Late microcode loading"
+	default y
 	depends on MICROCODE
 	help
 	  Loading microcode late, when the system is up and executing instructions
 	  is a tricky business and should be avoided if possible. Just the sequence
 	  of synchronizing all cores and SMT threads is one fragile dance which does
 	  not guarantee that cores might not softlock after the loading. Therefore,
-	  use this at your own risk. Late loading taints the kernel too.
+	  use this at your own risk. Late loading taints the kernel, if it
+	  doesn't support a minimum required base version before an update.
 
 config X86_MSR
 	tristate "/dev/cpu/*/msr - Model-specific register support"

From patchwork Fri Jan 13 17:29:19 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ashok Raj <ashok.raj@intel.com>
X-Patchwork-Id: 43498
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp400932wrt;
        Fri, 13 Jan 2023 09:46:40 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXty+KLNAEI3vvIaVggmvKyxnU/q8msHtCTYrtZWj4iY66A+GUjePWQ/GYNZSPElrtXyJcIJ
X-Received: by 2002:a17:90a:c086:b0:226:cf55:913f with SMTP id
 o6-20020a17090ac08600b00226cf55913fmr12048872pjs.29.1673632000431;
        Fri, 13 Jan 2023 09:46:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673632000; cv=none;
        d=google.com; s=arc-20160816;
        b=Tc1X6cwdNlZqflcM4sQC5iOkSziGj1pTbDPVK7M5ZsNzJbEpPfeGizs/sG/uscOn+2
         +a856dWemIqxFNEGMAeMf+qoyYGX0GYTe4eknby6Ea0+8zXQexLpcJPsGgvnCRmq74R8
         +/97K8ACfdOS6UCI/Awg+c92oljxsxG40Ts9Im/rfglHUCHB4lbELAh+PesIm6m5GFGb
         NLx0kR98teUuTu3NK0njv59FbXnFUba7azxjo/4v24+x+IERDpb++xH54MI9C1WsPfxK
         /gaYrzhzpGtgLpimAXi50etzJMu+Q0d+Fkx7TcbtKUxy/5RT+CLahFyLMUrmcsvslQ/v
         lEAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=oQ7cF0kAMPAt+0YdS3hvzI9ngmp4jInVOpAUO6gzrv0=;
        b=Ituv3mZt95Xw7Kx4sRw29xB2xyo3pf3gJAEhFZ9x6Aijtnwfq0UEFdnym1Qxri/uY7
         IllMgG6DEIgKYevYYCDRtaJxcs+RlmoFZ81LB3BvZyfUSs1moGNhX6TnYkvQpdiJZ5K8
         YvW+NkhAWW6NbvcOY6yB2X2hvFsqHTHbkzM1uG5Q8SIloYRXmVA5iJ7JfvZ8451kVvvf
         4V0Rh+oWn84qjfCkoKPvnyBGmnM67BJs5ZRCFAgHMuH2af90419czxhZ4q0WqKi9w6Hn
         CEb0UBdu/tWkj41DMAKvjI95zvamuS6/WQGkf+vWRAMUqy8j9xYNqiIQ/AwyoFlsU+Du
         EHOQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=RC0sG3Mf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 w7-20020a17090a460700b00212fb7e54ddsi19637827pjg.81.2023.01.13.09.46.28;
        Fri, 13 Jan 2023 09:46:40 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=RC0sG3Mf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230123AbjAMRn6 (ORCPT <rfc822;callmefire3@gmail.com>
        + 99 others); Fri, 13 Jan 2023 12:43:58 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52914 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230007AbjAMRnL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2023 12:43:11 -0500
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC1736C050
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Jan 2023 09:29:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673630974; x=1705166974;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=eF7Pboz7JZJBXxVsvwQjcSE5Pxeikn70RVh0Nt52pQs=;
  b=RC0sG3Mfu1d++/NIj3ZTlrlMYeT0RijgHt8mfwqYaaEKPzr+pTnLsgji
   QX9oZlkgCejlklVXhrRU8M1ybbVCoF6R8oOzu/cO5TB7ozHJ0zTemWqj9
   YawweHGpQRJQ5L1W4XzuIjmwoQSHI45bT+PxBD/9nX54LmzB2/XI16jo6
   CiNpFIPmyaJMBoFHLk39tcLYopw9LfRpmvV4yteyxfIlmcJqR5jv54I6d
   uNbRWCJYQJyD8gqmb1HK2y2xiwAZK1/2CY4h0aULjx7dwbUA8xxS3o9WX
   Ldm9eN6yC16WwOIA/tTCWTY8spmDzL26R2kYRAK1BUUR0AL1NwRAgeb8B
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430028"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="304430028"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:33 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089928"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="766089928"
Received: from araj-ucode.jf.intel.com ([10.23.0.19])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:33 -0800
From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>,
        Thomas Gleixner <tglx@linutronix.de>
Cc: Ashok Raj <ashok.raj@intel.com>, Tony Luck <tony.luck@intel.com>,
        LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Dave Hansen <dave.hansen@intel.com>,
        Alison Schofield <alison.schofield@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Stefan Talpalaru <stefantalpalaru@yahoo.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Jonathan Corbet <corbet@lwn.net>,
        "Rafael J . Wysocki" <rafael@kernel.org>,
        Peter Zilstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Cooper <Andrew.Cooper3@citrix.com>
Subject: [PATCH v1 Part2 4/5] x86/microcode/intel: Drop wbinvd() from
 microcode loading
Date: Fri, 13 Jan 2023 09:29:19 -0800
Message-Id: <20230113172920.113612-5-ashok.raj@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com>
References: <20230113172920.113612-1-ashok.raj@intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754930348188983298?=
X-GMAIL-MSGID: =?utf-8?q?1754930348188983298?=

Some older processors had a bad interaction when updating microcode if the
caches were dirty causing machine checks. The wbinvd() was added to
mitigate that before performing microcode updates. Now that Linux checks
for the minimum version before performing an update, those microcode
revisions can't be loaded.

Remove calls to wbinvd().

Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: x86 <x86@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Thomas Gleixner (Intel) <tglx@linutronix.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Stefan Talpalaru <stefantalpalaru@yahoo.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Peter Zilstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
---
 arch/x86/kernel/cpu/microcode/intel.c | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index eba4f463ef1c..68a3c5569cd2 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -415,12 +415,6 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early)
 		return UCODE_OK;
 	}
 
-	/*
-	 * Writeback and invalidate caches before updating microcode to avoid
-	 * internal issues depending on what the microcode is updating.
-	 */
-	native_wbinvd();
-
 	/* write microcode via MSR 0x79 */
 	native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits);
 
@@ -624,12 +618,6 @@ static enum ucode_state apply_microcode_intel(int cpu)
 		goto out;
 	}
 
-	/*
-	 * Writeback and invalidate caches before updating microcode to avoid
-	 * internal issues depending on what the microcode is updating.
-	 */
-	native_wbinvd();
-
 	/* write microcode via MSR 0x79 */
 	wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits);
 

From patchwork Fri Jan 13 17:29:20 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ashok Raj <ashok.raj@intel.com>
X-Patchwork-Id: 43499
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp400947wrt;
        Fri, 13 Jan 2023 09:46:42 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXu5Be88rjSxcyb+iWaSJGCqNfUdn2Fey3Pk/X/IJEZ4tqUT946wqomosdvbS0cX2WGTbroh
X-Received: by 2002:a17:902:b407:b0:192:bdf8:1a58 with SMTP id
 x7-20020a170902b40700b00192bdf81a58mr40517090plr.50.1673632002095;
        Fri, 13 Jan 2023 09:46:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673632002; cv=none;
        d=google.com; s=arc-20160816;
        b=WcOVk3OnfEf0d/1/RhOqtZTg79ZRJJCW+6wWOlNl23kjpdMoKA0cIXbz6BAqP0L//I
         52bM9sDKizRf2f6Z858PcpyAM6EMgp2i6OkuZ/sC51+71BS73qjChXTAp3bJvMsRsZ4V
         II27WsskK7nMiYWt2oRInj2GGpTdGthlpmCMemm7SEqHg3Rnznqlw/UpwZyd8L+ORNE7
         H8GIPd4WMYjxe7tbccTUEMl0Emw7T+wyDKIvUUHIrBGZCmck+//SbbJcVOvMBiiHngUj
         vZSpknbswJ4CAxSfwxePq5mC6+uASJOjXPdyhgXCjcOLg0d5Ygz3cQBRG5jchBUE4GMU
         wXxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=WHb8JTG3jsfwmAuZTWMSdfupMqv5Vu5ZnFpJqUtjDgw=;
        b=xuY8QYxSPDl10ujrSVufewxpjz4RtT9yH4wzYmP2kmb5qx1hSIEpNimoa0ulScilBf
         ywPOLDl1mtZtaw3iGAPpGN484fcKs+XG4aJqBrrhSavylBTsP5yreNByu2MnD4t6R7hp
         UrqrYgmP9Hi+ThFKSOA4F2CClpXVIGPMzXuE10R9cSZWc09809nOU+1Fv9ujp1J8vd2v
         8QQ5CPxVx3TG8NSdN5mrg5fuC0h/6ZpaIoGeFJ89ozwIZcLrng0/ns2FTr2QOCIGBDmT
         rn/IRI55VxtrieyqO6MwIuEBf1z/ddsiyFYdttW/h/Itkd59YLeuaJAcmOJGTCNjE7gr
         TfYw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=n+hglCmV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 a21-20020a63e855000000b004ad0429ab7csi11860937pgk.405.2023.01.13.09.46.29;
        Fri, 13 Jan 2023 09:46:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=n+hglCmV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230374AbjAMRoD (ORCPT <rfc822;callmefire3@gmail.com>
        + 99 others); Fri, 13 Jan 2023 12:44:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53880 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230132AbjAMRnL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2023 12:43:11 -0500
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF93E6C051
        for <linux-kernel@vger.kernel.org>;
 Fri, 13 Jan 2023 09:29:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673630974; x=1705166974;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=13rDlRrWtSaYMdkY5P+PHEVg2xd/vRWLrnc0TqjnqHE=;
  b=n+hglCmV/37XU2riL74OQcmOZM991MxKDJpEGn5ml/qbCDfK3Sbt8ZLd
   Uzl6cZcT9PyNV6/RK0+4dRghKO8Q6R1UAJCn8AZQtc5CQ9CN4ZZA42Dj1
   Mt9s8uyu2U8oRkHCAuaJNIXbleg8zubpqXrTFJfBxzJMcNh/iF93+QGVC
   G2AUYwSM/mLrcfelYbdbnNqZIIgxeTl9S8nVRpkEXpRH+9aBybiKOaVfR
   ca+ecaWqEkpHOoVShHTZq25v9dqlBZbrrlxtTb/MyLskc5NXj8SrvrrLk
   krM2SPwYNFjfsuygVYb28zzUbv6pY6dnvGfDbAXktY0V73cK4vCWCvbEZ
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430038"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="304430038"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:33 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089937"
X-IronPort-AV: E=Sophos;i="5.97,214,1669104000";
   d="scan'208";a="766089937"
Received: from araj-ucode.jf.intel.com ([10.23.0.19])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Jan 2023 09:29:33 -0800
From: Ashok Raj <ashok.raj@intel.com>
To: Borislav Petkov <bp@alien8.de>,
        Thomas Gleixner <tglx@linutronix.de>
Cc: Ashok Raj <ashok.raj@intel.com>,
        LKML <linux-kernel@vger.kernel.org>, x86 <x86@kernel.org>,
        Ingo Molnar <mingo@kernel.org>,
        Tony Luck <tony.luck@intel.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Alison Schofield <alison.schofield@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Stefan Talpalaru <stefantalpalaru@yahoo.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Jonathan Corbet <corbet@lwn.net>,
        "Rafael J . Wysocki" <rafael@kernel.org>,
        Peter Zilstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Cooper <Andrew.Cooper3@citrix.com>
Subject: [PATCH v1 Part2 5/5] x86/microcode: Provide an option to override
 minrev enforcement
Date: Fri, 13 Jan 2023 09:29:20 -0800
Message-Id: <20230113172920.113612-6-ashok.raj@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com>
References: <20230113172920.113612-1-ashok.raj@intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754930350392078085?=
X-GMAIL-MSGID: =?utf-8?q?1754930350392078085?=

Minimum Required Revision (minrev) is enforced strictly. All new patches
will have a minrev that is not zero. But there might be a transition time
for some that need this enforcement to be relaxed.

When the override is enabled, the kernel will be tainted.

Provide a debugfs variable to override the minrev enforcement.

Signed-off-by: Ashok Raj <ashok.raj@intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: x86 <x86@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Alison Schofield <alison.schofield@intel.com>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Thomas Gleixner (Intel) <tglx@linutronix.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Stefan Talpalaru <stefantalpalaru@yahoo.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Peter Zilstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Cooper <Andrew.Cooper3@citrix.com>
---
This patch is optional.
---
 arch/x86/include/asm/microcode.h      |  2 ++
 arch/x86/kernel/cpu/microcode/core.c  | 13 ++++++++++++-
 arch/x86/kernel/cpu/microcode/intel.c |  8 ++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index 3d48143e84a9..d82f22d50ebd 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -16,6 +16,8 @@ struct ucode_patch {
 
 extern struct list_head microcode_cache;
 
+extern bool override_minrev;
+
 struct cpu_signature {
 	unsigned int sig;
 	unsigned int pf;
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 446ddf3fcc29..5ed60c6c8e8d 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -24,6 +24,7 @@
 #include <linux/miscdevice.h>
 #include <linux/capability.h>
 #include <linux/firmware.h>
+#include <linux/debugfs.h>
 #include <linux/kernel.h>
 #include <linux/delay.h>
 #include <linux/mutex.h>
@@ -44,7 +45,9 @@
 #define DRIVER_VERSION	"2.2"
 
 static struct microcode_ops	*microcode_ops;
+static struct dentry		*dentry_ucode;
 static bool dis_ucode_ldr = true;
+bool override_minrev;
 
 bool initrd_gone;
 
@@ -497,7 +500,11 @@ static ssize_t reload_store(struct device *dev,
 		pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
 		pr_err("You should switch to early loading, if possible.\n");
 		ret = -EINVAL;
-		goto put;
+
+		if (!override_minrev)
+			goto put;
+
+		pr_err("Overriding minrev\n");
 	}
 
 	tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev);
@@ -688,7 +695,11 @@ static int __init microcode_init(void)
 	cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
 				  mc_cpu_online, mc_cpu_down_prep);
 
+	dentry_ucode = debugfs_create_dir("microcode", NULL);
+	debugfs_create_bool("override_minrev", 0644, dentry_ucode, &override_minrev);
+
 	pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION);
+	pr_info("Override minrev %s\n", override_minrev ? "enabled" : "disabled");
 
 	return 0;
 
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 68a3c5569cd2..172e1f166844 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -141,6 +141,14 @@ static int is_lateload_safe(struct microcode_header_intel *mc_header)
 {
 	struct ucode_cpu_info uci;
 
+	/*
+	 * If minrev is bypassed via debugfs, then allow late-load.
+	 */
+	if (override_minrev) {
+		pr_info("Bypassing minrev enforcement via debugfs\n");
+		return 0;
+	}
+
 	/*
 	 * When late-loading, ensure the header declares a minimum revision
 	 * required to perform a late-load.