[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] x86/microcode: Prevent attempting updates known to fail
- To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Thu, 1 Jun 2023 11:54:31 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7iCHkhEgZK6Nu5+eGx1P400PbN8WLgPCnJNN0Rk7HTI=; b=VhxO9Gko0VkusGbhnM5BbhyR7AQ2Y7715sKMPoY5/4zfqZZ7Tu7WcvNy37jhOiAmnfgISnIHZ7pigUUFPoRk2gDlEZ9QG3CXqCRJXHzBujuCnnmzvesW3cZ5szvwHdLWoUc2JxSAa3fxRYg3Jhj8X+FfvKMug1g12pcHPtKliP1KAj4JK0fzxqLNHwG7KXPnzB04j+i72s38P3lRH8RVBMbbIPLAGe3YgWpxx0OF71cqbSzMeAeSVdcp6JkM7AQSQBkKUnNunWjF0Tr8x//F04Qu6xqfXaqW2T4fXBarJgBF2nzDDXaQFJVwMgPKtC0SaVkiZfidJIx0zaTJJOcUWA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lsNs5p5207mPa73tY3a+fn/T6QykI2ae9H41OCvUuB/vpNeMmEN8YqPvb3vQp+dArC6LZLIqi5jPdVUbXQoAG38I+qFLgovOWLmfNH0HH1DgQ3BELUkub4xBEDC8GUod1wuSEWU4k9A1CziAyPaZnvu70qH17uDsNTyKjefDvM+8dNbWaxNDKZKT4lGF7zDOLCeiJ3FLnFowBlBqJP165yjIMqZqEGbPV9SaU2ir1VEQaR8oq6MRjshA+nBwEMX/I6VQubQhgyPu0zSeDwKjVpGqezCJFmPjUhoWwRqYNpm2T/P1LDUDws7oVor2T6B34RAKF0jolA/RMiJdlF2hyg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Thu, 01 Jun 2023 10:54:48 +0000
- Ironport-data: A9a23:Nn6HX6yZcOTokjgCgWR6t+f3xyrEfRIJ4+MujC+fZmUNrF6WrkUEy WAcC2mHM/yJZTDyKNwlPIy+8BxX6JXUz9NiTFc9riAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw/zF8EsHUMja4mtC5QRgPakT5jcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KUZV0 ew3MQJXVze4l8iI+py5d6pSo8t2eaEHPKtH0p1h5RfwKK9/BLrlE+DN79Ie2yosjMdTG/qYf 9AedTdkcBXHZVtIJ0sTD5U92uyvgxETcRUB8A7T+fVxvjiVlVIhuFTuGIO9ltiibMNZhEuH4 EnB+Hz0GEoyP92D0zuVtHmrg4cjmAuiAdtKReDgrKACbFu73nA0VT1PXEqCvd65qhWDBfsPG 34Gw397xUQ13AnxJjXnZDWxpHOGtxgQQd0WDeQ+7AyPzYLf5wGECi4PSTspQMwrsoo6SCIn0 neNnsj1Hnp/vbuNU3Wf+7yI6zSoNkA9L2UPeCsFRgst+MT4rcc4iRenZslnOL64iJvyAz6Y/ tyRhC03hrFWh8hb0ay+pAnDm2j1+MiPSRMp7ALKWG7j9hl+eIOue42v7x7c8OpEK4GaCFKGu RDohvSj0QzHNrnV/ATlfQnHNOvBCyqtWNEEvWNSIg==
- Ironport-hdrordr: A9a23:4rOl7K2finzoFJqs4YKK9gqjBKMkLtp133Aq2lEZdPU1SKGlfq WV954mPHDP+VUssQ4b6LK90cW7L080lqQY3WByB9eftWDd0QOVxepZgrcKrQeAJ8T2zJ856Z td
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 31/05/2023 6:51 pm, Alejandro Vallejo wrote:
> diff --git a/xen/arch/x86/cpu/microcode/core.c
> b/xen/arch/x86/cpu/microcode/core.c
> index cd456c476f..e507945932 100644
> --- a/xen/arch/x86/cpu/microcode/core.c
> +++ b/xen/arch/x86/cpu/microcode/core.c
> @@ -697,6 +697,17 @@ static long cf_check microcode_update_helper(void *data)
> return ret;
> }
>
> +static bool this_cpu_can_install_update(void)
> +{
> + uint64_t mcu_ctrl;
> +
> + if ( !cpu_has_mcu_ctrl )
> + return true;
> +
> + rdmsrl(MSR_MCU_CONTROL, mcu_ctrl);
> + return !(mcu_ctrl & MCU_CONTROL_DIS_MCU_LOAD);
> +}
> +
> int microcode_update(XEN_GUEST_HANDLE(const_void) buf, unsigned long len)
> {
> int ret;
> @@ -708,6 +719,22 @@ int microcode_update(XEN_GUEST_HANDLE(const_void) buf,
> unsigned long len)
> if ( !ucode_ops.apply_microcode )
> return -EINVAL;
>
> + if ( !this_cpu_can_install_update() )
> + {
> + /*
> + * This CPU can't install microcode, so it makes no sense to try to
> + * go on. We're implicitly trusting firmware sanity in that all
> + * CPUs are expected to have a homogeneous setting. If, for some
> + * reason, another CPU happens to be locked down when this one
> + * isn't then unpleasantness will follow. In particular, some CPUs
> + * will be updated while others will not. A very stern message will
> + * be displayed in xl-dmesg that case, strongly advising to reboot
> the
> + * machine.
> + */
> + printk("WARNING: microcode not installed due to DIS_MCU_LOAD=1");
> + return -EACCES;
> + }
I had something else in mind here. Right now, this will read
MSR_MCU_CONTROL and emit a printk() on every microcode load, which will
be every AP, and every time the user uses the xen-ucode tool.
Instead, I recommend the following:
1) One patch moving the early-cpuid/msr read from tsx_init() into
early_microcode_init(), adjusting the comment as it goes. No point
duplicating that logic, and we need it earlier on boot now.
2) This patch, adjusting early_microcode_init() only. Have a printk()
saying "microcode loading disabled by firmware" and avoid filling in
ucode_ops. Every other part of ucode handling understands "loading not
available".
In terms of the commit message, you should call out the usecase
explicitly. This feature is intended for baremetal clouds where the
platform owner doesn't trust the tenant to choose the microcode version
in use.
Also, I'm really not sure what your 3rd paragraph is trying to say.
~Andrew
|