Xen project Mailing List

Re: [PATCH v2 4/4] x86/microcode: Prevent attempting updates if DIS_MCU_LOAD is set

To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 12 Jun 2023 19:54:00 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a3Q7nhQtr694EgkD/pDvIC192oY21WJHh472Uk9wKv4=; b=HFm4HcaKCdHiwGng6UeHKSqzyJiLukHmaK4ykMqcU7X7GTr1SiRLaVSPKA9oobPZNM9F/uJ9Mpk/Zw4UQjQkrnOdUrUAsRrFUOrvPzwJToIPmdwK3cKVz0bgrpdj6K936zGv0fPfxDECpot0dENeWSsutpl52aiZjReK9lHrzr04hiMFVI51qlVyDX9il9nBw5TtFHLkWywvIQFSlGLmax7hEocA7rtuU/8NxxeqU8+N7WgNB49nx992lrjG4yfuDixgCyVh57p71hqqdgulGZEQ5sPGViigOGgEp2N7FpoEQeNYnfUowmKAvVKSfIie7duAOwCmSgg4jvoMIsfIkA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iNRDGejQqfdnbZgcDzarsgEmJYP7PnMWLvdFar38TNMsMEvEP8408T0U510LPYWXXcA/vaqk4i66Ynj3MLwqeOWtCQkemaNmkKSSr2GUDFWKeC1K+6DpDz4Eot4SlB5vCDDnLG2ZZeculTIKd5IKFOSC2ASyseMM7aLuehZHpoAY2ItGU0Z9HD4M3Sq8ZxkHLlKnC/mNs6i1mz78QdycBBw/i4Rc+gZbgyuRzEPDWKNdwJg7KRIVIhbPL/F20v1jjT2RsPuSolu9mCMyEaD4rkt16m+Pozci957nhxJWDqWOBkLTkvvQTH+neI/Wotn0JQIk5VuKSip7pwCLLe0Wsg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Mon, 12 Jun 2023 18:54:32 +0000

Ironport-data: A9a23:zDrMrKtsTEJYGXxB5G2c0ubDkOfnVJZfMUV32f8akzHdYApBsoF/q tZmKTrVP/6MYmShLYx/aIjkpBwBvcTXz4c2SgI9qSoyHylH+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4rKq4Fv0gnRkPaoQ5AGHzSFPZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwdzcGUxOOjdKM8ej4cc4w1/t6b/jOM9ZK0p1g5Wmx4fcOZ7nmGv2PwOACmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osjf60aIq9lt+iHK25mm6xo G7c8nu/KRYdLNGFkhKO8262h/+JliT+MG4XPOThr64x3ADPnQT/DjUwSGb8j6mVi3eaBegYG WEqyzQDo5oboRnDot7VGkfQTGS/lhcYVthZFeEg70eTw67Q7gSeLmMASSNNLtchsaceVTEsk 1OEgd7tLThuq6GOD2KQ8K+OqjG/MjRTKnUNDQcGRwYY59jooKkokwnCCN1kFcadkdndCTz2h TeQo0ADa647iMcK0+C+4grBijf1/pzRFFdttkPQQ36v6R5/aMi9fYu05FPH7PFGaoGEUl2Gu 3tCkM+bhAwTMayweOW2aL1lNNmUCzytaVUwXXYH80EdygmQ

Ironport-hdrordr: A9a23:GmWEy6gQOLiTKyacNgg9yYWxbXBQXioji2hC6mlwRA09TyX5ra 2TdZUgpHjJYVMqMk3I9uruBEDtex3hHNtOkOos1NSZLW3bUQmTTL2KhLGKq1Hd8m/Fh4xgPM 9bGJSWY+eAaGSS4/ya3OG5eexQvOVu8sqT9JjjJ6EGd3AVV0lihT0JezpyCidNNW977QJSLu vn2iJAzQDQAEg/X4CAKVQuefPMnNHPnIKOW296O/Z2gDP+9Q9B8dTBYmOl4is=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05/06/2023 6:08 pm, Alejandro Vallejo wrote: > diff --git a/xen/arch/x86/cpu/microcode/core.c > b/xen/arch/x86/cpu/microcode/core.c > index 4f60d96d98..a4c123118b 100644 > --- a/xen/arch/x86/cpu/microcode/core.c > +++ b/xen/arch/x86/cpu/microcode/core.c > @@ -871,6 +885,15 @@ int __init early_microcode_init(unsigned long > *module_map, > * present. > */ > ucode_ops = intel_ucode_ops; > + > + /* > + * In the case where microcode updates are blocked by the > + * DIS_MCU_LOAD bit we can still read the microcode version even if > + * we can't change it. > + */ > + if ( !this_cpu_can_install_update() ) > + ucode_ops = (struct microcode_ops){ .collect_cpu_info = > + intel_ucode_ops.collect_cpu_info }; I don't see how this (the logic in this_cpu_can_install_update()) can work, as ... > break; > } > > @@ -900,6 +923,10 @@ int __init early_microcode_init(unsigned long > *module_map, > if ( ucode_mod.mod_end || ucode_blob.size ) > rc = early_microcode_update_cpu(); > > + /* > + * We just updated microcode so we must reload the boot_cpu_data bits > + * we read before because they might be stale after the updata. > + */ > early_read_cpuid_7d0(); > > /* ... MSR_ARCH_CAPS is read out-of-context down here. In hindsight, I think swapping patch 2 and 3 might be wise. The rev == ~0 case doesn't need any of the cpu_has_* shuffling, and it already starts to build up the if/else chain of cases where we decide to clobber the apply_microcode() hook. The call to this_cpu_can_install_update() should be lower down. In principle it's not Intel-specific. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.