[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 06/10] x86/ucode: Enforce invariant about module selection

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 2 Nov 2024 12:42:22 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1730565745; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=U9p2RjgPxBhXuYtmg+T3Hy/9H4zyhyFyRanWavga3x4=; b=QiEkbfXnlD4M9pIvtHfw5XHDwQYfZHNuBmoI54oopN4ziuhmCz+YKzFZGXXCRKcRt98rCMOp+X74HpWZQdseImCcJ9RnXQr4NIvf5qelzMffyitIlJK+gf0GIKa6trF6IktCzX1ZfJb4BXjq0xwzWUe5CH7wAg+hQLRINmR3kb4=
  • Arc-seal: i=1; a=rsa-sha256; t=1730565745; cv=none; d=zohomail.com; s=zohoarc; b=WtWX5O+OOWgeU6GDDTxwKkXeKlJZLNpCyzw9zG6glQcAtUW2ACAdZ3NFzm395YxTm2llmKxK7ZFEKwx0Q/20kqyRL9YoXRM5oIHeOyJ6sGN6FHPLnB7UgNixE+VACA2kKSzlNhuBvAdQFAczj7qtBH9o7jw7AJspO0O+FsleS5Q=
  • Cc: Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Sat, 02 Nov 2024 16:42:40 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 10/28/24 05:18, Andrew Cooper wrote:

The work to add the `ucode=nmi` cmdline option left a subtle corner case.
Both scan and an explicit index could be selected, and we could really find a
CPIO archive and explicit microcode file.

Worse, because the if/else chains for processing ucode_{blob,mod} are opposite
ways around in early_microcode_load() and microcode_init_cache(), we can
genuinely perform early microcode loading from the CPIO archive, then cache
from the explicit file.

Therefore, enforce that only one selection method can be active.

Rename ucode_{scan,mod_idx} to have an opt_ prefix.  This is both for
consistency with the rest of Xen, and to guarantee that we've got all
instances of the variables covered in this change.  Explain how they're use.
During cmdline/config parsing, always update both variables in pairs.

In early_microcode_load(), ASSERT() the invariant just in case.  Use a local
variable for idx rather than operating on the static; we're the only consume
of the value.

Expand the index selection logic with comments and warnings to the user when
something went wrong.

Fixes: 5ed12565aa32 ("microcode: rendezvous CPUs in NMI handler and load ucode")
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Despite the fixes tag, this can't be backported (at least not in this form).


This provides a much more consistent/predictable behavior.

Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.