Xen project Mailing List

Re: [PATCH 2/5] x86/ucode: Fold early_update_cache() into microcode_init_cache()

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 28 Mar 2023 16:07:23 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wT18pRIW9EKsfFc1/H4hWyhnNTEYypv/ni0nOQ0BZTI=; b=hM1q6rdInQIJSFQPeBFlvlUhShnbvdtPPRARKWwmYkC+WYLU8NM/j7KyzNhjotNm9UDc9lMRTeMf/dImOpDEEoCTemoCp3FcnFonz5WDobUUoQH2XsKnDF/HRAesUJDRadXm8pXbdWrl8O//QpWQkyE1K+g3AZPvzwPhU6pEdncyUOt8b0a7f1281qqZr7UdCM4s7XCgehwn4H0Qsb1h8Zc+7woam8jIgKaxyY5hdc+Do2t+3nwwIr7EFeN2s7zLBgcFPZR7x6TJec/4NCY/H4ERv10NzgK4l2KA3jeOuk7avl2ME7iphJ5VMr9rBCE5CigsIaHDjhO5jSwTf3HyeA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SDxCrOoVyJvvMTUzN5pOmF+LMo67YhQ5hsirzzs1WwwDUR1lLzMFQujvjkCgbQDZJYlKeIvqPSlHCcbQb51YzdwYtfT0X+pSAw+fma8b77zuOB1kNCmqn6IciNVHMkTzRxa5yduti8WBsKa+iZFX6jgNQuCBpmf48pm2BIooYypp7c73i8l7kfziCPMcATFuDAQiEN7CZnAgKtufxeAHNr9pzrmfoNnOqGEup3X4p7iznx78JBZfPB/J4O5tpSnL3EYCM8sfE3wPBJQvAfx0/pS7AlRko3MVyJkMGyBr2gaOwEiL0AAzzAl8efpbOFfP4md7W88Ub/qPpDVXIJBqFg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 28 Mar 2023 15:07:42 +0000

Ironport-data: A9a23:6VPjlapMJz8AlwiMA/p4mgEcTyZeBmI1ZBIvgKrLsJaIsI4StFCzt garIBnSOf6CZGbxc4p2PYiwpBgCvJGDmodiSlE5rX8xFCMWopuZCYyVIHmrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYWYpA1c/Ek/NsDo788YhmIlknNOlNA2Ev NL2sqX3NUSsnjV5KQr40YrawP9UlKm06WNwUmAWP6gR5weFzSlNVvrzGInqR5fGatgMdgKFb 76rIIGRpgvx4xorA9W5pbf3GmVirmn6ZFXmZtJ+AsBOszAazsAA+v9T2Mk0MC+7vw6hjdFpo OihgLTrIesf0g8gr8xGO/VQO3kW0aSrY9YrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXACkwQyCPl83o+5Kya7VQisklNNjqIrpK7xmMzRmBZRonabbqZvySoPN9gnI3jM0IGuvCb c0EbzYpdA7HfxBEJlYQDtQ5gfusgX78NTZfrTp5p4JuuzSVkFM3jeiraYKJEjCJbZw9ckKwj 2TK5WnmRDodM8SS02Gt+XOwnO7f2yj8Xer+EZXhrqUw0ALJnDZ75Bs+dEe7m7qos3aFeIxwJ RAI9SAQgqsdzRn+JjX6d1jiyJKehTYeUddNF+wx6CmW17HZpQ2eAwAsUTppeNEg8sgsSlQCx lKP2t/kGzFrmLmUUm6GsKeZqyuoPioYJnNEYjULJTbp+PHmqYA3yx7KENBqFfftisWvQGmsh TeXsCI5mrMfy9YR0Lm29kzGhDTqoYXVSgky5UPcWWfNAh5FWbNJrreAsTDzhcus5q7CJrVdl BDoQ/Sj0d0=

Ironport-hdrordr: A9a23:JgsfDa7Ydr5YJWrBTwPXwDjXdLJyesId70hD6qkQc3Fom62j5q STdZEgvyMc5wx/ZJhNo7690cq7MBbhHPxOkOos1N6ZNWGLhILPFuBfBOPZqAEIcBeOlNK1u5 0BT0EEMqyWMbB75/yKnDVREbwbsaa6GHbDv5ah859vJzsaGp2J921Ce2Cm+tUdfng9OXI+fq Dsn/Zvln6bVlk8SN+0PXUBV/irnay3qHq3CSR2fyLO8WO1/EiV1II=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28/03/2023 2:51 pm, Jan Beulich wrote: > On 27.03.2023 21:41, Andrew Cooper wrote: >> It is not valid to retain a bootstrap_map() across returning back to >> __start_xen(), but various pointers get stashed across calls. > It's error prone, yes, but "not valid" isn't really true imo: As long as > nothing calls bootstrap_map(NULL) all mappings will remain as they are. And how is this code supposed to know whether it's stashed pointer is any good or not? This is precisely "not valid" means. It doesn't mean "it definitely doesn't work", but very much does mean "can't rely on it working". c/s dc380df12ac which introduced microcode_init_cache() demonstrates the problem by having to call scan module a second time to refresh the cached pointer in ucode_blob.data. The code we have today really is buggy, and is having to go out of its way to not trip over. >> --- a/xen/arch/x86/cpu/microcode/core.c >> +++ b/xen/arch/x86/cpu/microcode/core.c >> @@ -755,47 +755,51 @@ int microcode_update_one(void) >> return microcode_update_cpu(NULL); >> } >> >> -static int __init early_update_cache(const void *data, size_t len) >> +int __init microcode_init_cache(unsigned long *module_map, >> + const struct multiboot_info *mbi) >> { >> int rc = 0; >> struct microcode_patch *patch; >> + struct ucode_mod_blob blob = {}; >> >> - if ( !data ) >> - return -ENOMEM; > This is lost afaict. To be in sync with earlier code ) think you want to ... > >> + if ( ucode_scan ) >> + /* Need to rescan the modules because they might have been >> relocated */ >> + microcode_scan_module(module_map, mbi); >> + >> + if ( ucode_mod.mod_end ) >> + { >> + blob.data = bootstrap_map(&ucode_mod); > ... check here instead of ... > >> + blob.size = ucode_mod.mod_end; >> + } >> + else if ( ucode_blob.size ) >> + { >> + blob = ucode_blob; >> + } > (nit: unnecessary braces) > >> - patch = parse_blob(data, len); >> + if ( !blob.data ) >> + return 0; > ... here, making the "return 0" the "else" to the earlier if/else-if. > > Alternatively, if you think the -ENOMEM isn't sensible, I'm happy to > consider respective justification for its removal. I'm a little on the fence here. Nothing checks the return value at all, and nothing printed a failure previously either. Right now, the early boostrap map limit is 1G-16M, so this really does fail with a large enough initrd to scan. There is a corner case where the second pass can succeed where the first one failed, but this is also fixed in the general case when thread 1 loads microcode (and updates the BSP too.) I'm also not convinced that early bootstrap mapping is safe if the bootloader places Xen in [16M, 1G) but if that goes wrong, it will go wrong before we get to microcode loading. Overall, I think that bootstrap_map() itself should warn (and ideally provide a backtrace) if it fails to map, because one way or another it's an issue wanting fixing. Individual callers can't really do anything useful. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.