All of lore.kernel.org
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@suse.de>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Juergen Gross <jgross@suse.com>, Michal Marek <mmarek@suse.cz>,
	Jason Douglas <jdouglas@suse.com>,
	stefano.stabellini@eu.citrix.com, Takashi Iwai <tiwai@suse.de>,
	mcgrof@suse.com, "Luis R. Rodriguez" <mcgrof@do-not-panic.com>,
	Henrique de Moraes Holschuh <hmh@debian.org>,
	david.vrabel@citrix.com, Jan Beulich <JBeulich@suse.com>,
	xen-devel@lists.xenproject.org, boris.ostrovsky@oracle.com,
	Olaf Hering <ohering@suse.de>
Subject: Re: [PATCH] misc/xenmicrocode: Upload /lib/firmware/<some blob> to the hypervisor
Date: Wed, 28 Jan 2015 09:39:24 +0100	[thread overview]
Message-ID: <20150128083924.GA6360@pd.tnic> (raw)
In-Reply-To: <54C82903.60405@citrix.com>

On Wed, Jan 28, 2015 at 12:10:43AM +0000, Andrew Cooper wrote:
> There was a thread on xen-devel but I cant currently find it in the
> archives.
> 
> To the best of my memory,  it was a 4 core APU system where the BIOS had
> updated the microcode on cpu 0 but left 1-3 at a lower patch level. 
> Every time the reporter tried creating an HVM guest (i.e. entering SVM
> non-root mode), the system reset.
> 
> The instability was sorted by ensuring each core was at the same
> microcode level.

That sounds like a BIOS bug to me, frankly.

> As Xen updates microcode one cpu at a time from 0, it could easily
> create a similar situation if microcode is updated after VMs have been
> started.  Come to think of it, this is also an impending problem for PVH
> dom0 systems.

The common way for doing microcode updates is to update all cores at
the same time, possibly. Or at least as close to one another in time as
possible.

Now, we do two methods:

* the early update which should be done as early as possible during
boot. I don't think that should be a problem wrt to guests if you do it
early enough.

* the late update is an addition to the early one to cover the cases of
long running systems where a reboot is prohibitively painful. With that,
as with the early method, you would want to update all hardware cores in
one go.

Now, this is where it becomes tricky for virt: you need to stop guests,
do the update and then resume them. Even worse, if all of a sudden you
want to hide hardware features and/or instructions like HSW TSX for
example, you most likely want to even avoid the late update and warn the
admin that she has to reboot that machine and apply microcode with the
early method.

So this should be the gist of it...

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.
--

  reply	other threads:[~2015-01-28  8:39 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-27 20:11 [PATCH] misc/xenmicrocode: Upload /lib/firmware/<some blob> to the hypervisor Luis R. Rodriguez
2015-01-27 21:25 ` Boris Ostrovsky
2015-01-27 21:54   ` Luis R. Rodriguez
2015-01-27 22:26 ` Andrew Cooper
2015-01-27 23:17   ` Borislav Petkov
2015-01-28  0:10     ` Andrew Cooper
2015-01-28  8:39       ` Borislav Petkov [this message]
2015-01-29  3:21         ` Luis R. Rodriguez
2015-01-29 19:15           ` Borislav Petkov
2015-01-30  1:13             ` Luis R. Rodriguez
2015-01-29 11:36         ` Henrique de Moraes Holschuh
2015-01-29 12:17           ` Borislav Petkov
2015-01-29 17:01             ` Henrique de Moraes Holschuh
2015-01-29 17:30               ` Borislav Petkov
2015-01-29 18:34                 ` Andrew Cooper
2015-01-29 20:12                   ` Konrad Rzeszutek Wilk
2015-01-30  0:29                     ` Andrew Cooper
2015-01-30 14:11                       ` Konrad Rzeszutek Wilk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150128083924.GA6360@pd.tnic \
    --to=bp@suse.de \
    --cc=JBeulich@suse.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=david.vrabel@citrix.com \
    --cc=hmh@debian.org \
    --cc=jdouglas@suse.com \
    --cc=jgross@suse.com \
    --cc=mcgrof@do-not-panic.com \
    --cc=mcgrof@suse.com \
    --cc=mmarek@suse.cz \
    --cc=ohering@suse.de \
    --cc=stefano.stabellini@eu.citrix.com \
    --cc=tiwai@suse.de \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.