Xen project Mailing List

Re: [PATCH 11/11] x86/ucode/amd: Rework parsing logic in cpu_request_microcode()

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 31 Mar 2020 16:19:54 +0100

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 31 Mar 2020 15:20:07 +0000

Ironport-sdr: Ifwy9OXHjiMPh0Swdwh0f48Dy1ZibNaCy+p2olRnK57ffOKByFL9nrFPhftXU4+4xKv8nFXMFn UR4zB5OVCWgIEN60xnnBvEyPE5yCmuCmPxNtoYbVQy7oQpEWZdcqMC3tdsUOAo/+HDZSQPVrXT jk6iqOosiyPh1JU+gMbOATyCCfxWMV8l2HJ63IDq52CXMOQTQZiRm+IArxJUQ0Rnl6u786i/7j KXAeyrt4NF5iy6Ua5MAuP4PZ0PUFwc6Q0+MdZxAJb4X3bS4ViplQwF4nfWOt06WplaAlOoeBMJ baU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31/03/2020 16:07, Jan Beulich wrote: > On 31.03.2020 12:05, Andrew Cooper wrote: >> @@ -269,55 +265,25 @@ static int apply_microcode(const struct >> microcode_patch *patch) >> return 0; >> } >> >> -static int scan_equiv_cpu_table( >> - const void *data, >> - size_t size_left, >> - size_t *offset) >> +static int scan_equiv_cpu_table(const struct container_equiv_table *et) >> { >> const struct cpu_signature *sig = &this_cpu(cpu_sig); >> - const struct mpbhdr *mpbuf; >> - const struct equiv_cpu_entry *eq; >> - unsigned int i, nr; >> - >> - if ( size_left < (sizeof(*mpbuf) + 4) || >> - (mpbuf = data + *offset + 4, >> - size_left - sizeof(*mpbuf) - 4 < mpbuf->len) ) >> - { >> - printk(XENLOG_WARNING "microcode: No space for equivalent cpu >> table\n"); >> - return -EINVAL; >> - } >> - >> - *offset += mpbuf->len + CONT_HDR_SIZE; /* add header length */ >> - >> - if ( mpbuf->type != UCODE_EQUIV_CPU_TABLE_TYPE ) >> - { >> - printk(KERN_ERR "microcode: Wrong microcode equivalent cpu table >> type field\n"); >> - return -EINVAL; >> - } >> - >> - if ( mpbuf->len == 0 || mpbuf->len % sizeof(*eq) || >> - (eq = (const void *)mpbuf->data, >> - nr = mpbuf->len / sizeof(*eq), >> - eq[nr - 1].installed_cpu) ) > Did this last check get lost? I can't seem to be able to identify > any possible replacement. Given the lack of a spec, I'm unsure whether to keep it or not. It is necessary in the backport of patch 1, because find_equiv_cpu_id() doesn't have mpbuf->len to hand, and relies on the sentinel to find the end of the table. OTOH, the new logic will cope perfectly well without a sentinel. > >> static struct microcode_patch *cpu_request_microcode(const void *buf, >> size_t size) >> { >> const struct microcode_patch *saved = NULL; >> struct microcode_patch *patch = NULL; >> - size_t offset = 0, saved_size = 0; >> + size_t saved_size = 0; >> int error = 0; >> - unsigned int cpu = smp_processor_id(); >> - const struct cpu_signature *sig = &per_cpu(cpu_sig, cpu); >> >> - if ( size < 4 || >> - *(const uint32_t *)buf != UCODE_MAGIC ) >> + while ( size ) >> { >> - printk(KERN_ERR "microcode: Wrong microcode patch file magic\n"); >> - error = -EINVAL; >> - goto out; >> - } >> - >> - /* >> - * Multiple container file support: >> - * 1. check if this container file has equiv_cpu_id match >> - * 2. If not, fast-fwd to next container file >> - */ >> - while ( offset < size ) >> - { >> - error = scan_equiv_cpu_table(buf, size - offset, &offset); >> - >> - if ( !error || error != -ESRCH ) >> - break; >> + const struct container_equiv_table *et; >> + bool skip_ucode; >> >> - error = container_fast_forward(buf, size - offset, &offset); >> - if ( error == -ENODATA ) >> + if ( size < 4 || *(const uint32_t *)buf != UCODE_MAGIC ) >> { >> - ASSERT(offset == size); >> + printk(XENLOG_ERR "microcode: Wrong microcode patch file >> magic\n"); >> + error = -EINVAL; >> break; >> } >> - if ( error ) >> + >> + /* Move over UCODE_MAGIC. */ >> + buf += 4; >> + size -= 4; >> + >> + if ( size < sizeof(*et) || >> + (et = buf)->type != UCODE_EQUIV_CPU_TABLE_TYPE || >> + size - sizeof(*et) < et->len || >> + et->len % sizeof(et->eq[0]) ) >> { >> - printk(KERN_ERR "microcode: CPU%d incorrect or corrupt >> container file\n" >> - "microcode: Failed to update patch level. " >> - "Current lvl:%#x\n", cpu, sig->rev); >> + printk(XENLOG_ERR "microcode: Bad equivalent cpu table\n"); >> + error = -EINVAL; >> break; >> } >> - } >> >> - if ( error ) >> - { >> - /* >> - * -ENODATA here means that the blob was parsed fine but no matching >> - * ucode was found. Don't return it to the caller. >> - */ >> - if ( error == -ENODATA ) >> - error = 0; >> - >> - goto out; >> - } >> + /* Move over the Equiv table. */ >> + buf += sizeof(*et) + et->len; >> + size -= sizeof(*et) + et->len; >> + >> + error = scan_equiv_cpu_table(et); >> + if ( error && error != -ESRCH ) >> + break; > With this the only non-zero value left for error is -ESRCH. > Hence ... > >> + /* -ESRCH means no applicable microcode in this container. */ >> + skip_ucode = error == -ESRCH; > ... perhaps omit the "== -ESRCH" here, moving the comment up > ahead of the if()? That doesn't work, because you've got to reset error to 0 somewhere (to avoid it leaking out if you don't find suitable microcode), and it can't be before checking for errors in general. It can't easily become a conditional because skip_ucode needs setting unconditionally. The only other correct way I can see of arranging this code would be skip_ucode = error == -ESRCH; if ( error == -ESRCH ) error = 0; else if ( error ) break; which doesn't look to be better. I have been debating quite heavily whether -ESRCH is best here, or using -ve, 0 and 1. However, this doesn't lead to prettier code AFAICT, and gains an ambiguous use for a variable named "error". ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.