From: Thomas Gleixner <tglx@linutronix.de>
To: LKML <linux-kernel@vger.kernel.org>
Cc: x86@kernel.org, Borislav Petkov <bp@alien8.de>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Nikolay Borisov <nik.borisov@suse.com>
Subject: [patch V4 00/30] x86/microcode: Cleanup and late loading enhancements
Date: Mon, 2 Oct 2023 13:59:34 +0200 (CEST) [thread overview]
Message-ID: <20231002115506.217091296@linutronix.de> (raw)
This is a follow up on:
https://lore.kernel.org/lkml/20230912065249.695681286@linutronix.de
Late microcode loading is desired by enterprise users. Late loading is
problematic as it requires detailed knowledge about the change and an
analysis whether this change modifies something which is already in use by
the kernel. Large enterprise customers have engineering teams and access to
deep technical vendor support. The regular admin does not have such
resources, so the kernel has always tainted the kernel after late loading.
Intel recently added a new previously reserved field to the microcode
header which contains the minimal microcode revision which must be running
on the CPU to make the load safe. This field is 0 in all older microcode
revisions, which the kernel assumes to be unsafe. Minimal revision checking
can be enforced via Kconfig or kernel command line. It then refuses to load
an unsafe revision. The default loads unsafe revisions like before and
taints the kernel. If a safe revision is loaded the kernel is not tainted.
But that does not solve all other known problems with late loading:
- Late loading on current Intel CPUs is unsafe vs. NMI when
hyperthreading is enabled. If a NMI hits the secondary sibling while
the primary loads the microcode, the machine can crash.
- Soft offline SMT siblings which are playing dead with MWAIT can cause
damage too when the microcode update modifies MWAIT. That's a
realistic scenario in the context of 'nosmt' mitigations. :(
Neither the core code nor the Intel specific code handles any of this at all.
While trying to implement this, I stumbled over disfunctional, horribly
complex and redundant code, which I decided to clean up first so the new
functionality can be added on a clean slate.
So the series has several sections:
1) Move the 32bit early loading after paging enable
2) Cleanup of the Intel specific code
3) Implementation of proper core control logic to handle the NMI safe
requirements
4) Support for minimal revision check in the core and the Intel specific
parts.
Changes vs. V3:
- Rebased on v6.6-rc1
- Remove the early load magic which was required for physical address
mode from the AMD code.
- Address the review comments from Borislav, which is mostly naming,
comments and change logs. No functional changes vs. v3
The series is also available from git:
git://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git ucode-v4
Thanks,
tglx
---
Documentation/admin-guide/kernel-parameters.txt | 5
arch/x86/Kconfig | 25
arch/x86/include/asm/apic.h | 5
arch/x86/include/asm/cpu.h | 20
arch/x86/include/asm/microcode.h | 19
arch/x86/kernel/Makefile | 1
arch/x86/kernel/apic/apic_flat_64.c | 2
arch/x86/kernel/apic/ipi.c | 8
arch/x86/kernel/apic/x2apic_cluster.c | 1
arch/x86/kernel/apic/x2apic_phys.c | 1
arch/x86/kernel/cpu/common.c | 12
arch/x86/kernel/cpu/microcode/amd.c | 129 +---
arch/x86/kernel/cpu/microcode/core.c | 637 ++++++++++++++--------
arch/x86/kernel/cpu/microcode/intel.c | 682 +++++++-----------------
arch/x86/kernel/cpu/microcode/internal.h | 32 -
arch/x86/kernel/head32.c | 6
arch/x86/kernel/head_32.S | 10
arch/x86/kernel/nmi.c | 9
arch/x86/kernel/smpboot.c | 12
drivers/platform/x86/intel/ifs/load.c | 8
include/linux/cpuhotplug.h | 1
21 files changed, 788 insertions(+), 837 deletions(-)
next reply other threads:[~2023-10-02 11:59 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-02 11:59 Thomas Gleixner [this message]
2023-10-02 11:59 ` [patch V4 01/30] x86/microcode/32: Move early loading after paging enable Thomas Gleixner
2023-10-02 11:59 ` [patch V4 02/30] x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:38 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 03/30] x86/microcode/intel: Rip out mixed stepping support for Intel CPUs Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Ashok Raj
2023-10-02 11:59 ` [patch V4 04/30] x86/microcode/intel: Simplify scan_microcode() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:38 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 05/30] x86/microcode/intel: Simplify and rename generic_load_microcode() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:38 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 06/30] x86/microcode/intel: Cleanup code further Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:38 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 07/30] x86/microcode/intel: Simplify early loading Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 08/30] x86/microcode/intel: Save the microcode only after a successful late-load Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:21 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 09/30] x86/microcode/intel: Switch to kvmalloc() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:21 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 10/30] x86/microcode/intel: Unify microcode apply() functions Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 11/30] x86/microcode/intel: Rework intel_cpu_collect_info() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 12/30] x86/microcode/intel: Reuse intel_cpu_collect_info() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:21 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 13/30] x86/microcode/intel: Rework intel_find_matching_signature() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:21 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 14/30] x86/microcode/amd: Read revision from hardware in collect_cpu_info_amd() Thomas Gleixner
2023-10-04 8:32 ` Borislav Petkov
2023-10-02 11:59 ` [patch V4 15/30] x86/microcode: Remove pointless apply() invocation Thomas Gleixner
2023-10-06 13:26 ` Borislav Petkov
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 16/30] x86/microcode: Get rid of the schedule work indirection Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 17/30] x86/microcode: Clean up mc_cpu_down_prep() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 18/30] x86/microcode: Handle "nosmt" correctly Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 19/30] x86/microcode: Clarify the late load logic Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 11:59 ` [patch V4 20/30] x86/microcode: Sanitize __wait_for_cpus() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 21/30] x86/microcode: Add per CPU result state Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 22/30] x86/microcode: Add per CPU control field Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 23/30] x86/microcode: Provide new control functions Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 24/30] x86/microcode: Replace the all in one rendevouz handler Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] x86/microcode: Replace the all-in-one rendevous handler tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 25/30] x86/microcode: Rendezvous and load in NMI Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 26/30] x86/microcode: Protect against instrumentation Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 27/30] x86/apic: Provide apic_force_nmi_on_cpu() Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 28/30] x86/microcode: Handle "offline" CPUs correctly Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-20 11:37 ` tip-bot2 for Thomas Gleixner
2023-10-24 13:20 ` tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 29/30] x86/microcode: Prepare for minimal revision check Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] " tip-bot2 for Thomas Gleixner
2023-10-02 12:00 ` [patch V4 30/30] x86/microcode/intel: Add a minimum required revision for late-loads Thomas Gleixner
2023-10-09 12:29 ` [tip: x86/microcode] x86/microcode/intel: Add a minimum required revision for late loading tip-bot2 for Ashok Raj
2023-10-20 11:37 ` tip-bot2 for Ashok Raj
2023-10-24 13:20 ` tip-bot2 for Ashok Raj
2023-10-08 8:54 ` [patch V4 00/30] x86/microcode: Cleanup and late loading enhancements Qiuxu Zhuo
2023-10-08 13:08 ` Borislav Petkov
2023-10-09 5:03 ` Zhuo, Qiuxu
2023-10-10 8:00 ` Zhuo, Qiuxu
2023-10-10 8:11 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231002115506.217091296@linutronix.de \
--to=tglx@linutronix.de \
--cc=arjan@linux.intel.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nik.borisov@suse.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.