[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/microcode: Prevent attempting updates known to fail


  • To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 2 Jun 2023 17:44:49 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pmrG0SzB7w+gyctfHkUXMb4Y3aaoXaywQdgBn5G1kis=; b=IpEEb4WbYB9NmbH86mQ/JehXoXtaNYAoO8EKs3P8Tq4SqKW5HbYQblNMKcLM3PXFFFQK59SYAWuc0WcD5CHKUGY/6DC2thK6p5onTOqD797U1Dra2RAB3v47Ov37f73I0FAJaEMICLKm7zm/lbrm6788kF4UlY+ZDBNDXTb1sixic+QHCWfucfrUZxTLnU0JvciMj/UR8EkiYlvUXD38dw5Yk30txZvz5NsUjuuW581SbL/JmuUburm/a6hZ8klUhRMvkNAOQx6xi0sSfjv4nI5qhuHRmdQEtUcw9dUZy0z8F5cCSuQK0tYMkLveT6MPl2sU8v48mrzLVjHQPUYSVA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZC0lQchQ59PwtjbY+iHced1nCrpyGoTGX/Pz3dZ0pAvfdmR6ua8yFEU/WUV+5y7vN4rGjApwRMXKFHN6T3EEdiyYwIWlqKDQSw+sDolcUW7pzI8TQBl0ih/+w5CK7DKtFxPQfq3fVKP1olu2F+nLwdZ8tNt6zRCFeOPmHTKDT7bywOqS0luyqwX5vMlmNk0e+Uy36XxdJtCpVG2LPbvZXdsnv/IJf+evXmPazAW8xPA9ptASAZBOmiiM2j9eRAoS9KCGI5mvTGjhYc0Z5bnKR6kD5CvHV+JDx/vc6JAubkxrUpAApqnPF/2LRx9h3nnO/bvJp3pSKvqh3UWobeBaig==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Fri, 02 Jun 2023 16:45:53 +0000
  • Ironport-data: A9a23:1zIA5qJFQonvNmmeFE+REpQlxSXFcZb7ZxGr2PjKsXjdYENS1DJSy 2FMXGDXMqyKMGH0e9EnbYq/9htS65WAm4QyG1FlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrbwP9TlK6q4mhA4ARkPasjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5aG2NH/ Ns/OAowZzKMnPqrwLOybsdz05FLwMnDZOvzu1lG5BSAV7MMZ8CGRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/dqpTGMkmSd05C0WDbRUvWMSd9YgQCzo WXe8n6iKhobKMae2XyO9XfEaurnxHqiBNtISODjnhJsqAyj5G4aDCwUb1SimP2IsECCd9B8A kNBr0LCqoB3riRHVOLVVhm1oneCsgQbHcRZF+k36galwa7T/grfDW8BJhZRZdpjuMIoSDgC0 l6Sg8ivFTFpqKeSS3+W6vGTtzzaESofIHIGZCQEZRAY+NSlq4Y25jrQSv5zHajzicf6cQwc2 BiPpSk6wr8V3cgC0vzh+Uid2m3y4J/UUgQy+wPbGHq/6R90b5KkYIru7kXH6fFHL8CSSVzpU GU4pvVyJdsmVfml/BFhis1QR9lFO97t3OXgvGNS
  • Ironport-hdrordr: A9a23:rSO0QKMIRXOXlcBcTu2jsMiBIKoaSvp037BL7TEVdfUxSKb0qy nAppgmPHPP5wr5O0tQ++xoWpPhfZq0z/cc3WB2B9mftWLdyQiVxe9ZjLcK9AeQfxEWptQ36U 65SdkENDQrNykCsS8m2njeLz/9+qj+zEl3v5al858DJTsaDZ1d0w==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02/06/2023 2:19 pm, Alejandro Vallejo wrote:
> On Thu, Jun 01, 2023 at 11:54:31AM +0100, Andrew Cooper wrote:
>> I had something else in mind here.  Right now, this will read
>> MSR_MCU_CONTROL and emit a printk() on every microcode load, which will
>> be every AP, and every time the user uses the xen-ucode tool.
> Not every AP. The hypercall would return with an error before the APs are
> brought in. It is true that the error on dmesg would appear on every
> microcode load attempt though.

I meant every AP on boot, where Xen initiates the ucode load.

>
>> Instead, I recommend the following:
>>
>> 1) One patch moving the early-cpuid/msr read from tsx_init() into
>> early_microcode_init(), adjusting the comment as it goes.  No point
>> duplicating that logic, and we need it earlier on boot now.
>> 2) This patch, adjusting early_microcode_init() only.  Have a printk()
>> saying "microcode loading disabled by firmware" and avoid filling in
>> ucode_ops.  Every other part of ucode handling understands "loading not
>> available".
> Sure. Going on a tangent though, I do wonder why tsx_init() is preceding
> identify_cpu(). It's reading cpuid leaf 7d0 simply because it hasn't been
> read yet, but it's not obvious why this rush in invoking tsx_init(). I
> can't see any obvious marker that affect the following identify_cpu() call,
> and swapping them gets rid of the cpuid read.

In __start_xen(),

    tsx_init(); /* Needs microcode.  May change HLE/RTM feature bits. */

If you were to test such a patch, the test-tsx ought to fail on SKL/KBL
amongst others.

One of the things that tsx_init() does is select TSX_CTRL_CPUID_CLEAR
and/or TSX_CPUID_CLEAR, which hides the HLE and RTM bits in regular
CPUID, so wants to run before the general CPUID scan.  This matters for
guest performance - if TSX is actually always aborting, but reported to
the guest, then any library using RTM will be less performant than using
the non-transactional path.

Conversely if the user wants to explicitly re-activate TSX despite the
firmware defaults, those bits need clearing before the CPUID scan for
anything to work.

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.