From patchwork Fri Jan 13 17:29:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ashok Raj X-Patchwork-Id: 43502 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp401292wrt; Fri, 13 Jan 2023 09:47:28 -0800 (PST) X-Google-Smtp-Source: AMrXdXsyFH+9o12V76sOi7mydh5PLFllEJm1yUGX8x/sItW033HcHD2Cj8fIlOtH3Jv5ZixYnoQA X-Received: by 2002:a17:902:740b:b0:194:5068:ff1d with SMTP id g11-20020a170902740b00b001945068ff1dmr10052398pll.16.1673632047889; Fri, 13 Jan 2023 09:47:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673632047; cv=none; d=google.com; s=arc-20160816; b=apS/40+7z+Vq8Bk2qIYfoKvLslmu4jaWPm6YIWJZ9Cd+frVVe3R70+Ua+wpbB2D4b7 aJ7pe/cIapEx8QNKRVrr+D5/sMq/LIGSTuQQZHUHhcVANWNyWnu4btUkhcneUJP2g053 Hgy0c1YnyPokm5xFpkCx8Y9ptVRcNEPFKTcriUQcfJQBdKG4WrPiO1mfAb1RPHvkbZLr Q/J8XdvqDpA5CV1ZlZ+5O2NTZxLYGsYNssTqS36iMfF5UKMf/sHYmLRlDmIl+l4mEH9S +x4Qk5Gyy/mS1z5HN1ile6jhQ17vhfRiKjbTVTVHwZic5CS2U0/N8FENpOjhU67Awq9K YaIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ux1Xey2buJWvkhuTLMBtt5OXo2vB6Pu6JWTw5l/NP1U=; b=FBGGkcpX69q+kEyvWnicbFavEq8fL+ktYIklcKKL30ML3sjQlx3ob5cC019CZmEQa5 yZNLaW0h8yf6PNGe+lch+1I52Mx2ZHXQlh13nyk7otda/v1tFWqHNACIT1gwLub3lGd1 Zoa/uFpSAQQS0SCrD1SFQDkbXOp0LnQm94ICH/LLBXuZqbPs/PVIwMgpqJTVIUPVUwCA zgfcmIo/4p1m3obIjX/lYT//fFHyslNrOvC8LgjimjPD6MA0Jdw4N2in4FmNicteNhI1 hDg8Op0CIriZaWOPp0zo3Yd0bOBsBowW+EKUyEXMIsWJcBDihH/FGvGz5rWH5nlOce96 ODOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RYSW8+g2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w10-20020a1709029a8a00b0018929930a0bsi4689978plp.414.2023.01.13.09.47.14; Fri, 13 Jan 2023 09:47:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RYSW8+g2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229708AbjAMRnp (ORCPT + 99 others); Fri, 13 Jan 2023 12:43:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229812AbjAMRnK (ORCPT ); Fri, 13 Jan 2023 12:43:10 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F1AE6C053 for ; Fri, 13 Jan 2023 09:29:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673630973; x=1705166973; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4EqDfmlWSpjXzy20Qe0hd2hnLS19EqiJq6uAIZI/d1Q=; b=RYSW8+g2iqBhkqpAtnhLdScqjZnkUkq8ezWbOC1scR7TRGfYGFbBCE9Y rK+tqLgGeHOnWbActuc1OyE1yd8dbGFIVusMobWFGsnviXmzJ1xOtrn7y uBYDNYQNeu7UQxG/Me7Ova4zldrX3gYYZTDkmHIqZyPTFPJOvS2x1Uaqh Xxs3hauiMtzRCnqFhOoaRKrcZJ3lHnU8iNTG4wM3603/h6iGtKEpHwLGN 7NtVwJiuiKaj6mzD0NMIfNy2dVQGmAjYm8EbuKUYX+eOEhGqBqIkJ4T9N 8d3l9s3eC1xujt+QrZpsVExhOf1qRhDqE0dEjyAlg4W8hLfckaNC8x7Ic w==; X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304429995" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="304429995" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:32 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089917" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="766089917" Received: from araj-ucode.jf.intel.com ([10.23.0.19]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:32 -0800 From: Ashok Raj To: Borislav Petkov , Thomas Gleixner Cc: Ashok Raj , Tony Luck , LKML , x86 , Ingo Molnar , Dave Hansen , Alison Schofield , Reinette Chatre , Tom Lendacky , Stefan Talpalaru , David Woodhouse , Benjamin Herrenschmidt , Jonathan Corbet , "Rafael J . Wysocki" , Peter Zilstra , Andy Lutomirski , Andrew Cooper Subject: [PATCH v1 Part2 1/5] x86/microcode: Move late load warning to the same function that taints kernel Date: Fri, 13 Jan 2023 09:29:16 -0800 Message-Id: <20230113172920.113612-2-ashok.raj@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com> References: <20230113172920.113612-1-ashok.raj@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754930398424967674?= X-GMAIL-MSGID: =?utf-8?q?1754930398424967674?= Currently the warning about late loading and tainting are issued from two different functions. Later patches will re-enable microcode late-loading. Having both messages in the same function helps issuing warnings only when required. Move the warning from microcode_reload_late() -> reload_store() where the kernel tainting also happens. No functional changes. Signed-off-by: Ashok Raj Reviewed-by: Tony Luck Cc: LKML Cc: x86 Cc: Ingo Molnar Cc: Tony Luck Cc: Dave Hansen Cc: Alison Schofield Cc: Reinette Chatre Cc: Thomas Gleixner (Intel) Cc: Tom Lendacky Cc: Stefan Talpalaru Cc: David Woodhouse Cc: Benjamin Herrenschmidt Cc: Jonathan Corbet Cc: Rafael J. Wysocki Cc: Peter Zilstra (Intel) Cc: Andy Lutomirski Cc: Andrew Cooper --- arch/x86/kernel/cpu/microcode/core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index d7cbc83df9b6..c361882baf63 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -441,9 +441,6 @@ static int microcode_reload_late(void) int old = boot_cpu_data.microcode, ret; struct cpuinfo_x86 prev_info; - pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); - pr_err("You should switch to early loading, if possible.\n"); - atomic_set(&late_cpus_in, 0); atomic_set(&late_cpus_out, 0); @@ -494,6 +491,9 @@ static ssize_t reload_store(struct device *dev, if (tmp_ret != UCODE_NEW) goto put; + pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); + pr_err("You should switch to early loading, if possible.\n"); + mutex_lock(µcode_mutex); ret = microcode_reload_late(); mutex_unlock(µcode_mutex); From patchwork Fri Jan 13 17:29:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ashok Raj X-Patchwork-Id: 43503 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp401357wrt; Fri, 13 Jan 2023 09:47:38 -0800 (PST) X-Google-Smtp-Source: AMrXdXsvvT6uz2QaJbDLEE/DVD2TIkhbbLrNxbGRaFEOoKdI0/kNludcTyEOY4WvyJpzePG/wRjZ X-Received: by 2002:a17:903:482:b0:192:f961:c391 with SMTP id jj2-20020a170903048200b00192f961c391mr35601678plb.53.1673632058271; Fri, 13 Jan 2023 09:47:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673632058; cv=none; d=google.com; s=arc-20160816; b=liPpmrcjGDVYU3PeHX9HgH4scQOBI+XLaoR/eOOfPb0oPVvxAv64eoyfdVGL6wlECE 0BsrYzZl+NEItHFVlo3LE5XeVhCQVrLmYrSsvQvlScAVa9e5uJpGXNjvG5ZScZwou3ye Ud/XwweMDkSTl+KU8dZ3ozBUOo2ZqJp7PwLzlyUPOVGPYW6m3iD+AF9ZrWLdlpTDxUe1 g4K0nIQ4ubVdFLOy2hWl6FD3nprtv/e9tsxBBPdEVxghiQZO7QWmGH4+9zQDoE0PCXan o6jBfC9FC0xZsj1dH9doIH8NLmNk2NNQvnOa1Eyl3OicAZzJtk0pKBQAi/IthHXnUACO fCkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+AwtK+304pex1mKuQQizBmpM6yZoOYYp049cY3Wlbrw=; b=TKBdOgNeEuIlmsO/SSNMH7SJe7tvTE6Pa00HmkQrEXk5c0+zLtilXeZItu5xmsn+FD m8mdnNFkC1bdqkArTV9MSxqzlj/4zZWewiYCLahYe9m9ZekMFvakbbzBo9jdsNN6gVJa RjrJBDkzfpe5sSS2QwmDMQlrI/hCcaZLNHqu8ogs6ZimMV1JL2n2398iICZ5BAy1qxxS gY+Ax0a+XtzEaO9TMW4hmNu6ihUjBT0jgFOB0oDIVKrGhLZMAgxBS4Vpu9qMcZ3MXMnC iY+T6UxMAozfz8f8v/hZuLcG8ZR3od0U1WZ0fmoaepoY8eddq8WmUhr7cG4R3FQfrRlA gWMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=MJ1PM5Z7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z9-20020a170902834900b0018929921900si19681880pln.80.2023.01.13.09.47.26; Fri, 13 Jan 2023 09:47:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=MJ1PM5Z7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230048AbjAMRnu (ORCPT + 99 others); Fri, 13 Jan 2023 12:43:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230110AbjAMRnK (ORCPT ); Fri, 13 Jan 2023 12:43:10 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11C06C13B6 for ; Fri, 13 Jan 2023 09:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673630974; x=1705166974; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Qte1q7+HJ25CNkhwh20t40WstQdc3MZAPVeyWl46Tfk=; b=MJ1PM5Z7K2+hF2X9mR4mxAK8yHv97ILzgFZW1gHAWZVkAHIhN5/nlExh 20uuhoW+b2iYgVc4FX+d8Rdg0p8t1nUYhidOmQr1f+/mUdfP7IYqfoD9s zCzaHbmNcfxvfryxYkL08hRJV82w46ah6PsKroohc/LA84YGuXeHVdQV8 oOwzLvUVde0qXNq05wwbYrJkTASD1ndKsic2jTsRFGK8IMkMhBWRqNzL5 MtszwpqTSjpQXLP/NodBnhyk83hfi/aTXZcYqKuhJ0YM7Xw8I1TueWYE7 4BGIcO6lOFHcL5DhdCn99Y37pfBmn0r89REpT8ML1yeOYHI0F8913/vXz w==; X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430006" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="304430006" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:32 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089920" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="766089920" Received: from araj-ucode.jf.intel.com ([10.23.0.19]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:32 -0800 From: Ashok Raj To: Borislav Petkov , Thomas Gleixner Cc: Ashok Raj , LKML , x86 , Ingo Molnar , Tony Luck , Dave Hansen , Alison Schofield , Reinette Chatre , Tom Lendacky , Stefan Talpalaru , David Woodhouse , Benjamin Herrenschmidt , Jonathan Corbet , "Rafael J . Wysocki" , Peter Zilstra , Andy Lutomirski , Andrew Cooper Subject: [PATCH v1 Part2 2/5] x86/microcode/intel: Add minimum required revision to microcode header Date: Fri, 13 Jan 2023 09:29:17 -0800 Message-Id: <20230113172920.113612-3-ashok.raj@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com> References: <20230113172920.113612-1-ashok.raj@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754930408735326734?= X-GMAIL-MSGID: =?utf-8?q?1754930408735326734?= In general users don't have the necessary information to determine whether a late loading of a new microcode version has removed any feature (MSR, CPUID etc) between what is currently loaded and this new microcode. To address this issue, Intel has added a "minimum required version" field to a previously reserved field in the file header. Microcode updates should only be applied if the current microcode version is equal to, or greater than this minimum required version. Thomas made some suggestions[1] on how meta-data in the microcode file could provide Linux with information to decide if the new microcode is suitable candidate for late loading. But even the "simpler" option#1 requires a lot of metadata and corresponding kernel code to parse it. The proposal here is an even simpler option. Simply "OS visible features" such as CPUID and MSRs are the only two examples. The microcode must not change these OS visible features because they cause problems after late loading. When microcode changes features, microcode will change the min_rev to prevent such microcodes from being late loaded. Pseudo code for late loading is as follows: if header.min_required_id == 0 This is old format microcode, block late loading else if current_ucode_version < header.min_required_id Current version is too old, block late loading of this microcode. else OK to proceed with late loading. Any microcode that modifies the interface to an OS-visible feature will set the min_version to itself. This will enforce this microcode is not suitable for late loading unless the currently loaded revision is greater or equal to the new microcode affecting the change. The enforcement is not in hardware and limited to kernel loader enforcing the requirement. It is not required for early loading of microcode to enforce this requirement, since the new features are only evaluated after early loading in the boot process. Check if the new microcode specifies the minimum version for safe late loading. Otherwise reject late load. Test cases covered: 1. With new kernel, attempting to load an older format microcode with the min_rev=0 should be blocked by kernel. [ 210.541802] Late loading denied: Microcode header does not specify a required min version. 2. New microcode with a non-zero min_rev in the header, but the specified min_rev is greater than what is currently loaded in the CPU should be blocked by kernel. 245.139828] microcode: Late loading denied: Current revision 0x8f685300 is too old to update, must be at 0xaa000050 version or higher. Use early loading instead. 3. New microcode with a min_rev < currently loaded should allow loading the microcode 4. Build initrd with microcode that has min_rev=0, or min_rev > currently loaded should permit early loading microcode from initrd. [1] https://lore.kernel.org/linux-kernel/alpine.DEB.2.21.1909062237580.1902@nanos.tec.linutronix.de/ Suggested-by: Thomas Gleixner Signed-off-by: Ashok Raj Cc: LKML Cc: x86 Cc: Ingo Molnar Cc: Tony Luck Cc: Dave Hansen Cc: Alison Schofield Cc: Reinette Chatre Cc: Thomas Gleixner (Intel) Cc: Tom Lendacky Cc: Stefan Talpalaru Cc: David Woodhouse Cc: Benjamin Herrenschmidt Cc: Jonathan Corbet Cc: Rafael J. Wysocki Cc: Peter Zilstra (Intel) Cc: Andy Lutomirski Cc: Andrew Cooper --- arch/x86/include/asm/microcode_intel.h | 3 ++- arch/x86/kernel/cpu/microcode/intel.c | 34 +++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h index f1fa979e05bf..e83afe919b10 100644 --- a/arch/x86/include/asm/microcode_intel.h +++ b/arch/x86/include/asm/microcode_intel.h @@ -15,7 +15,8 @@ struct microcode_header_intel { unsigned int datasize; unsigned int totalsize; unsigned int metasize; - unsigned int reserved[2]; + unsigned int min_req_ver; + unsigned int reserved3; }; struct microcode_intel { diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 0cdff9ed2a4e..6046f90a47b2 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -137,6 +137,33 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne intel_ucode_patch = p->data; } +static int is_lateload_safe(struct microcode_header_intel *mc_header) +{ + struct ucode_cpu_info uci; + + /* + * When late-loading, ensure the header declares a minimum revision + * required to perform a late-load. + */ + if (!mc_header->min_req_ver) { + pr_warn("Late loading denied: Microcode header does not specify a required min version\n"); + return -EINVAL; + } + + intel_cpu_collect_info(&uci); + + /* + * Enforce the minimum revision specified in the header is either + * greater or equal to the current revision. + */ + if (uci.cpu_sig.rev < mc_header->min_req_ver) { + pr_warn("Late loading denied: Current revision 0x%x too old to update, must be at 0x%x or higher. Use early loading instead\n", + uci.cpu_sig.rev, mc_header->min_req_ver); + return -EINVAL; + } + return 0; +} + /* * Get microcode matching with BSP's model. Only CPUs with the same model as * BSP can stay in the platform. @@ -678,7 +705,9 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) memcpy(mc, &mc_header, sizeof(mc_header)); data = mc + sizeof(mc_header); if (!copy_from_iter_full(data, data_size, iter) || - intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0) { + intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0 || + is_lateload_safe(&mc_header)) { + ret = UCODE_ERROR; break; } @@ -701,6 +730,9 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) return UCODE_ERROR; } + if (ret == UCODE_ERROR) + return ret; + if (!new_mc) return UCODE_NFOUND; From patchwork Fri Jan 13 17:29:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ashok Raj X-Patchwork-Id: 43504 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp401394wrt; Fri, 13 Jan 2023 09:47:43 -0800 (PST) X-Google-Smtp-Source: AMrXdXvZB0dH48EmFk2idrto3qn+ETlfYA1GBWbktPlkYz5diMVXmrgEoenLJrMiQifrDEBC4/3g X-Received: by 2002:a05:6a20:6da0:b0:ad:d633:3235 with SMTP id gl32-20020a056a206da000b000add6333235mr87538044pzb.19.1673632063137; Fri, 13 Jan 2023 09:47:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673632063; cv=none; d=google.com; s=arc-20160816; b=RrMB0lOMMr1SQxCTqld/cAP0iatUCzc5faUNvdzYlhaSaC1wWIQYOKscH1vTc+eajm enNAEY0dWIVcjqYGmYgmcbfZiqTXLGNEi1hGO/LYzHPuyXBaLfdyEQSz9Z8keQNEX8f5 bcjnzepBdC6O5RbDA5XFRH7sxflz4fDl/LjJugfPLcSaOi4mmWx+fXWm4L/n4iQDWgwG zbFU+AAuN967/0myymeG7NHifvIoVOSPbX9r4kV9ofer43Z6gI9R0i7uuBwXcXkzOGWS KnZ04YRlZtnsuhGmandXtTwGCobc1rZLbppJjaRMwZ15VTlfJOq4ovfMnD4EilFEnXy4 zkZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hbBMY50hFpGbVzq2PS2cZfLILmL5lA8SfRIiEWRLGbQ=; b=dwQwwQFO2yLSDhk6MgBKzYCGiqYM1hMuyb9WIkIYAQT373fORlHIB/YP/n+Q3EjPXl AiZkpgMHNuBpa7MjThDfqJmBQPHEYm08Ty6wXKH2dT8ZqBpykxAlOyO0FnEY0pjwQgpZ ZKXK9MggfEy2u2wmFBAkjkA6R6ABwDkmKLkfweNzbzg8mSy3R5m6zOaZgJuO0cpepOeO lUtuLiwGtJwWL4JABb9dXVdqRNupdlmsjVHt0m0GKKqO8+SUZJqNhbQvZGUy4WefMDcb iK/EZulAY2UDeW5Is5HIaKIYiGYjafDGZhih/06y85zHmSUsQ+IP2TFfY8Z9EqVNZeXl Lx3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="T/Wz+cVB"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h3-20020a056a00170300b0056d789ba707si22728605pfc.294.2023.01.13.09.47.30; Fri, 13 Jan 2023 09:47:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="T/Wz+cVB"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229470AbjAMRnz (ORCPT + 99 others); Fri, 13 Jan 2023 12:43:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52912 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229968AbjAMRnK (ORCPT ); Fri, 13 Jan 2023 12:43:10 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CFAF6C04C for ; Fri, 13 Jan 2023 09:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673630974; x=1705166974; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+uJwRo55xEtpfWrqsz+KfZkuGz/Ne+Z1O6pvkdQS4hM=; b=T/Wz+cVBLImMHu2qVkshVH917Ai7jZBLsLLaGj1MPQRapkPFvB5Or/rB Wl3oQFN96dmcOJOfmehWUIVzNiHnc0ism5qjgzEXkfgwgH+7twL6aCy9y v8JFi7z9rSB/5K501AUnm28bGI1UaZ5Rwr7k6DzGPswQoguUoSwPXK38R fyaNRRK3C5E610U0wVgvvcWCMBcM6IrIRa6t/A7+PBT768uynkZMUQY8O f4U8G+RGY3SBXPlTeyBOOeXr+QppFRzr5hU0Un6gDerDals3UoUQuUive V2M8BX9c4AiLHPnLGNniGvzHMOdi0rAKHFywPLSBBiQ/q193pvNbOtGJe A==; X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430017" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="304430017" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:33 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089924" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="766089924" Received: from araj-ucode.jf.intel.com ([10.23.0.19]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:32 -0800 From: Ashok Raj To: Borislav Petkov , Thomas Gleixner Cc: Ashok Raj , Tony Luck , LKML , x86 , Ingo Molnar , Dave Hansen , Alison Schofield , Reinette Chatre , Tom Lendacky , Stefan Talpalaru , David Woodhouse , Benjamin Herrenschmidt , Jonathan Corbet , "Rafael J . Wysocki" , Peter Zilstra , Andy Lutomirski , Andrew Cooper Subject: [PATCH v1 Part2 3/5] x86/microcode: Add a generic mechanism to declare support for minrev Date: Fri, 13 Jan 2023 09:29:18 -0800 Message-Id: <20230113172920.113612-4-ashok.raj@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com> References: <20230113172920.113612-1-ashok.raj@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754930414426641008?= X-GMAIL-MSGID: =?utf-8?q?1754930414426641008?= Intel microcode adds some meta-data to report a minimum required revision before this new microcode can be safely late loaded. There are no generic mechanism to declare support for all vendors. Add generic support to microcode core to declare such support, this allows late-loading to be permitted in those architectures that report support for safe late loading. Late loading has added support for - New images declaring a required minimum base version before a late-load is performed. Tainting only happens on architectures that don't support minimum required version reporting. Add a new variable in microcode_ops to allow an architecture to declare support for safe microcode late loading. Signed-off-by: Ashok Raj Reviewed-by: Tony Luck Cc: LKML Cc: x86 Cc: Ingo Molnar Cc: Tony Luck Cc: Dave Hansen Cc: Alison Schofield Cc: Reinette Chatre Cc: Thomas Gleixner (Intel) Cc: Tom Lendacky Cc: Stefan Talpalaru Cc: David Woodhouse Cc: Benjamin Herrenschmidt Cc: Jonathan Corbet Cc: Rafael J. Wysocki Cc: Peter Zilstra (Intel) Cc: Andy Lutomirski Cc: Andrew Cooper --- arch/x86/include/asm/microcode.h | 2 ++ arch/x86/kernel/cpu/microcode/core.c | 25 ++++++++++++++++++++----- arch/x86/kernel/cpu/microcode/intel.c | 1 + arch/x86/Kconfig | 7 ++++--- 4 files changed, 27 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h index d5a58bde091c..3d48143e84a9 100644 --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -33,6 +33,8 @@ enum ucode_state { }; struct microcode_ops { + bool safe_late_load; + enum ucode_state (*request_microcode_fw) (int cpu, struct device *); void (*microcode_fini_cpu) (int cpu); diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index c361882baf63..446ddf3fcc29 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -472,6 +472,7 @@ static ssize_t reload_store(struct device *dev, enum ucode_state tmp_ret = UCODE_OK; int bsp = boot_cpu_data.cpu_index; unsigned long val; + bool safe_late_load = false; ssize_t ret = 0; ret = kstrtoul(buf, 0, &val); @@ -487,13 +488,22 @@ static ssize_t reload_store(struct device *dev, if (ret) goto put; + safe_late_load = microcode_ops->safe_late_load; + + /* + * If safe loading indication isn't present, bail out. + */ + if (!safe_late_load) { + pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); + pr_err("You should switch to early loading, if possible.\n"); + ret = -EINVAL; + goto put; + } + tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev); if (tmp_ret != UCODE_NEW) goto put; - pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); - pr_err("You should switch to early loading, if possible.\n"); - mutex_lock(µcode_mutex); ret = microcode_reload_late(); mutex_unlock(µcode_mutex); @@ -501,11 +511,16 @@ static ssize_t reload_store(struct device *dev, put: cpus_read_unlock(); + /* + * Only taint if a successful load and vendor doesn't support + * safe_late_load + */ + if (!(ret && safe_late_load)) + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + if (ret == 0) ret = size; - add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); - return ret; } diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 6046f90a47b2..eba4f463ef1c 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -806,6 +806,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) } static struct microcode_ops microcode_intel_ops = { + .safe_late_load = true, .request_microcode_fw = request_microcode_fw, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode_intel, diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 3604074a878b..ddc4130e6f8c 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1352,15 +1352,16 @@ config MICROCODE_AMD processors will be enabled. config MICROCODE_LATE_LOADING - bool "Late microcode loading (DANGEROUS)" - default n + bool "Late microcode loading" + default y depends on MICROCODE help Loading microcode late, when the system is up and executing instructions is a tricky business and should be avoided if possible. Just the sequence of synchronizing all cores and SMT threads is one fragile dance which does not guarantee that cores might not softlock after the loading. Therefore, - use this at your own risk. Late loading taints the kernel too. + use this at your own risk. Late loading taints the kernel, if it + doesn't support a minimum required base version before an update. config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" From patchwork Fri Jan 13 17:29:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ashok Raj X-Patchwork-Id: 43498 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp400932wrt; Fri, 13 Jan 2023 09:46:40 -0800 (PST) X-Google-Smtp-Source: AMrXdXty+KLNAEI3vvIaVggmvKyxnU/q8msHtCTYrtZWj4iY66A+GUjePWQ/GYNZSPElrtXyJcIJ X-Received: by 2002:a17:90a:c086:b0:226:cf55:913f with SMTP id o6-20020a17090ac08600b00226cf55913fmr12048872pjs.29.1673632000431; Fri, 13 Jan 2023 09:46:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673632000; cv=none; d=google.com; s=arc-20160816; b=Tc1X6cwdNlZqflcM4sQC5iOkSziGj1pTbDPVK7M5ZsNzJbEpPfeGizs/sG/uscOn+2 +a856dWemIqxFNEGMAeMf+qoyYGX0GYTe4eknby6Ea0+8zXQexLpcJPsGgvnCRmq74R8 +/97K8ACfdOS6UCI/Awg+c92oljxsxG40Ts9Im/rfglHUCHB4lbELAh+PesIm6m5GFGb NLx0kR98teUuTu3NK0njv59FbXnFUba7azxjo/4v24+x+IERDpb++xH54MI9C1WsPfxK /gaYrzhzpGtgLpimAXi50etzJMu+Q0d+Fkx7TcbtKUxy/5RT+CLahFyLMUrmcsvslQ/v lEAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=oQ7cF0kAMPAt+0YdS3hvzI9ngmp4jInVOpAUO6gzrv0=; b=Ituv3mZt95Xw7Kx4sRw29xB2xyo3pf3gJAEhFZ9x6Aijtnwfq0UEFdnym1Qxri/uY7 IllMgG6DEIgKYevYYCDRtaJxcs+RlmoFZ81LB3BvZyfUSs1moGNhX6TnYkvQpdiJZ5K8 YvW+NkhAWW6NbvcOY6yB2X2hvFsqHTHbkzM1uG5Q8SIloYRXmVA5iJ7JfvZ8451kVvvf 4V0Rh+oWn84qjfCkoKPvnyBGmnM67BJs5ZRCFAgHMuH2af90419czxhZ4q0WqKi9w6Hn CEb0UBdu/tWkj41DMAKvjI95zvamuS6/WQGkf+vWRAMUqy8j9xYNqiIQ/AwyoFlsU+Du EHOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RC0sG3Mf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w7-20020a17090a460700b00212fb7e54ddsi19637827pjg.81.2023.01.13.09.46.28; Fri, 13 Jan 2023 09:46:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RC0sG3Mf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230123AbjAMRn6 (ORCPT + 99 others); Fri, 13 Jan 2023 12:43:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230007AbjAMRnL (ORCPT ); Fri, 13 Jan 2023 12:43:11 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC1736C050 for ; Fri, 13 Jan 2023 09:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673630974; x=1705166974; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eF7Pboz7JZJBXxVsvwQjcSE5Pxeikn70RVh0Nt52pQs=; b=RC0sG3Mfu1d++/NIj3ZTlrlMYeT0RijgHt8mfwqYaaEKPzr+pTnLsgji QX9oZlkgCejlklVXhrRU8M1ybbVCoF6R8oOzu/cO5TB7ozHJ0zTemWqj9 YawweHGpQRJQ5L1W4XzuIjmwoQSHI45bT+PxBD/9nX54LmzB2/XI16jo6 CiNpFIPmyaJMBoFHLk39tcLYopw9LfRpmvV4yteyxfIlmcJqR5jv54I6d uNbRWCJYQJyD8gqmb1HK2y2xiwAZK1/2CY4h0aULjx7dwbUA8xxS3o9WX Ldm9eN6yC16WwOIA/tTCWTY8spmDzL26R2kYRAK1BUUR0AL1NwRAgeb8B w==; X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430028" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="304430028" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:33 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089928" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="766089928" Received: from araj-ucode.jf.intel.com ([10.23.0.19]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:33 -0800 From: Ashok Raj To: Borislav Petkov , Thomas Gleixner Cc: Ashok Raj , Tony Luck , LKML , x86 , Ingo Molnar , Dave Hansen , Alison Schofield , Reinette Chatre , Tom Lendacky , Stefan Talpalaru , David Woodhouse , Benjamin Herrenschmidt , Jonathan Corbet , "Rafael J . Wysocki" , Peter Zilstra , Andy Lutomirski , Andrew Cooper Subject: [PATCH v1 Part2 4/5] x86/microcode/intel: Drop wbinvd() from microcode loading Date: Fri, 13 Jan 2023 09:29:19 -0800 Message-Id: <20230113172920.113612-5-ashok.raj@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com> References: <20230113172920.113612-1-ashok.raj@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754930348188983298?= X-GMAIL-MSGID: =?utf-8?q?1754930348188983298?= Some older processors had a bad interaction when updating microcode if the caches were dirty causing machine checks. The wbinvd() was added to mitigate that before performing microcode updates. Now that Linux checks for the minimum version before performing an update, those microcode revisions can't be loaded. Remove calls to wbinvd(). Signed-off-by: Ashok Raj Reviewed-by: Tony Luck Cc: LKML Cc: x86 Cc: Ingo Molnar Cc: Tony Luck Cc: Dave Hansen Cc: Alison Schofield Cc: Reinette Chatre Cc: Thomas Gleixner (Intel) Cc: Tom Lendacky Cc: Stefan Talpalaru Cc: David Woodhouse Cc: Benjamin Herrenschmidt Cc: Jonathan Corbet Cc: Rafael J. Wysocki Cc: Peter Zilstra (Intel) Cc: Andy Lutomirski Cc: Andrew Cooper --- arch/x86/kernel/cpu/microcode/intel.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index eba4f463ef1c..68a3c5569cd2 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -415,12 +415,6 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) return UCODE_OK; } - /* - * Writeback and invalidate caches before updating microcode to avoid - * internal issues depending on what the microcode is updating. - */ - native_wbinvd(); - /* write microcode via MSR 0x79 */ native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); @@ -624,12 +618,6 @@ static enum ucode_state apply_microcode_intel(int cpu) goto out; } - /* - * Writeback and invalidate caches before updating microcode to avoid - * internal issues depending on what the microcode is updating. - */ - native_wbinvd(); - /* write microcode via MSR 0x79 */ wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); From patchwork Fri Jan 13 17:29:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ashok Raj X-Patchwork-Id: 43499 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp400947wrt; Fri, 13 Jan 2023 09:46:42 -0800 (PST) X-Google-Smtp-Source: AMrXdXu5Be88rjSxcyb+iWaSJGCqNfUdn2Fey3Pk/X/IJEZ4tqUT946wqomosdvbS0cX2WGTbroh X-Received: by 2002:a17:902:b407:b0:192:bdf8:1a58 with SMTP id x7-20020a170902b40700b00192bdf81a58mr40517090plr.50.1673632002095; Fri, 13 Jan 2023 09:46:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673632002; cv=none; d=google.com; s=arc-20160816; b=WcOVk3OnfEf0d/1/RhOqtZTg79ZRJJCW+6wWOlNl23kjpdMoKA0cIXbz6BAqP0L//I 52bM9sDKizRf2f6Z858PcpyAM6EMgp2i6OkuZ/sC51+71BS73qjChXTAp3bJvMsRsZ4V II27WsskK7nMiYWt2oRInj2GGpTdGthlpmCMemm7SEqHg3Rnznqlw/UpwZyd8L+ORNE7 H8GIPd4WMYjxe7tbccTUEMl0Emw7T+wyDKIvUUHIrBGZCmck+//SbbJcVOvMBiiHngUj vZSpknbswJ4CAxSfwxePq5mC6+uASJOjXPdyhgXCjcOLg0d5Ygz3cQBRG5jchBUE4GMU wXxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WHb8JTG3jsfwmAuZTWMSdfupMqv5Vu5ZnFpJqUtjDgw=; b=xuY8QYxSPDl10ujrSVufewxpjz4RtT9yH4wzYmP2kmb5qx1hSIEpNimoa0ulScilBf ywPOLDl1mtZtaw3iGAPpGN484fcKs+XG4aJqBrrhSavylBTsP5yreNByu2MnD4t6R7hp UrqrYgmP9Hi+ThFKSOA4F2CClpXVIGPMzXuE10R9cSZWc09809nOU+1Fv9ujp1J8vd2v 8QQ5CPxVx3TG8NSdN5mrg5fuC0h/6ZpaIoGeFJ89ozwIZcLrng0/ns2FTr2QOCIGBDmT rn/IRI55VxtrieyqO6MwIuEBf1z/ddsiyFYdttW/h/Itkd59YLeuaJAcmOJGTCNjE7gr TfYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=n+hglCmV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a21-20020a63e855000000b004ad0429ab7csi11860937pgk.405.2023.01.13.09.46.29; Fri, 13 Jan 2023 09:46:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=n+hglCmV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230374AbjAMRoD (ORCPT + 99 others); Fri, 13 Jan 2023 12:44:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230132AbjAMRnL (ORCPT ); Fri, 13 Jan 2023 12:43:11 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF93E6C051 for ; Fri, 13 Jan 2023 09:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673630974; x=1705166974; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=13rDlRrWtSaYMdkY5P+PHEVg2xd/vRWLrnc0TqjnqHE=; b=n+hglCmV/37XU2riL74OQcmOZM991MxKDJpEGn5ml/qbCDfK3Sbt8ZLd Uzl6cZcT9PyNV6/RK0+4dRghKO8Q6R1UAJCn8AZQtc5CQ9CN4ZZA42Dj1 Mt9s8uyu2U8oRkHCAuaJNIXbleg8zubpqXrTFJfBxzJMcNh/iF93+QGVC G2AUYwSM/mLrcfelYbdbnNqZIIgxeTl9S8nVRpkEXpRH+9aBybiKOaVfR ca+ecaWqEkpHOoVShHTZq25v9dqlBZbrrlxtTb/MyLskc5NXj8SrvrrLk krM2SPwYNFjfsuygVYb28zzUbv6pY6dnvGfDbAXktY0V73cK4vCWCvbEZ w==; X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="304430038" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="304430038" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:33 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10589"; a="766089937" X-IronPort-AV: E=Sophos;i="5.97,214,1669104000"; d="scan'208";a="766089937" Received: from araj-ucode.jf.intel.com ([10.23.0.19]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 09:29:33 -0800 From: Ashok Raj To: Borislav Petkov , Thomas Gleixner Cc: Ashok Raj , LKML , x86 , Ingo Molnar , Tony Luck , Dave Hansen , Alison Schofield , Reinette Chatre , Tom Lendacky , Stefan Talpalaru , David Woodhouse , Benjamin Herrenschmidt , Jonathan Corbet , "Rafael J . Wysocki" , Peter Zilstra , Andy Lutomirski , Andrew Cooper Subject: [PATCH v1 Part2 5/5] x86/microcode: Provide an option to override minrev enforcement Date: Fri, 13 Jan 2023 09:29:20 -0800 Message-Id: <20230113172920.113612-6-ashok.raj@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230113172920.113612-1-ashok.raj@intel.com> References: <20230113172920.113612-1-ashok.raj@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754930350392078085?= X-GMAIL-MSGID: =?utf-8?q?1754930350392078085?= Minimum Required Revision (minrev) is enforced strictly. All new patches will have a minrev that is not zero. But there might be a transition time for some that need this enforcement to be relaxed. When the override is enabled, the kernel will be tainted. Provide a debugfs variable to override the minrev enforcement. Signed-off-by: Ashok Raj Cc: LKML Cc: x86 Cc: Ingo Molnar Cc: Tony Luck Cc: Dave Hansen Cc: Alison Schofield Cc: Reinette Chatre Cc: Thomas Gleixner (Intel) Cc: Tom Lendacky Cc: Stefan Talpalaru Cc: David Woodhouse Cc: Benjamin Herrenschmidt Cc: Jonathan Corbet Cc: Rafael J. Wysocki Cc: Peter Zilstra (Intel) Cc: Andy Lutomirski Cc: Andrew Cooper --- This patch is optional. --- arch/x86/include/asm/microcode.h | 2 ++ arch/x86/kernel/cpu/microcode/core.c | 13 ++++++++++++- arch/x86/kernel/cpu/microcode/intel.c | 8 ++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h index 3d48143e84a9..d82f22d50ebd 100644 --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -16,6 +16,8 @@ struct ucode_patch { extern struct list_head microcode_cache; +extern bool override_minrev; + struct cpu_signature { unsigned int sig; unsigned int pf; diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 446ddf3fcc29..5ed60c6c8e8d 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -44,7 +45,9 @@ #define DRIVER_VERSION "2.2" static struct microcode_ops *microcode_ops; +static struct dentry *dentry_ucode; static bool dis_ucode_ldr = true; +bool override_minrev; bool initrd_gone; @@ -497,7 +500,11 @@ static ssize_t reload_store(struct device *dev, pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); pr_err("You should switch to early loading, if possible.\n"); ret = -EINVAL; - goto put; + + if (!override_minrev) + goto put; + + pr_err("Overriding minrev\n"); } tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev); @@ -688,7 +695,11 @@ static int __init microcode_init(void) cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", mc_cpu_online, mc_cpu_down_prep); + dentry_ucode = debugfs_create_dir("microcode", NULL); + debugfs_create_bool("override_minrev", 0644, dentry_ucode, &override_minrev); + pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION); + pr_info("Override minrev %s\n", override_minrev ? "enabled" : "disabled"); return 0; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 68a3c5569cd2..172e1f166844 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -141,6 +141,14 @@ static int is_lateload_safe(struct microcode_header_intel *mc_header) { struct ucode_cpu_info uci; + /* + * If minrev is bypassed via debugfs, then allow late-load. + */ + if (override_minrev) { + pr_info("Bypassing minrev enforcement via debugfs\n"); + return 0; + } + /* * When late-loading, ensure the header declares a minimum revision * required to perform a late-load.