[PATCH 10/13] x86/microcode/AMD: Check patch level only on the BSP

From: Borislav Petkov
Date: Tue Jan 17 2017 - 12:40:35 EST

Next message: Borislav Petkov: "[PATCH 13/13] x86/microcode/AMD: Remove AP scanning optimization"
Previous message: Borislav Petkov: "[PATCH 11/13] x86/microcode/AMD: Unify load_ucode_amd_ap()"
In reply to: Thomas Gleixner: "Re: [PATCH 11/13] x86/microcode/AMD: Unify load_ucode_amd_ap()"
Next in thread: Thomas Gleixner: "Re: [PATCH 10/13] x86/microcode/AMD: Check patch level only on the BSP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov <bp@xxxxxxx>

Check final patch levels for AMD only on the BSP. This way, we decide
early and only once whether to continue loading or to leave the loader
disabled on such systems.

Simplify a lot.

Signed-off-by: Borislav Petkov <bp@xxxxxxx>
---
arch/x86/include/asm/microcode_amd.h | 2 -
arch/x86/kernel/cpu/microcode/amd.c | 77 ++++++------------------------------
arch/x86/kernel/cpu/microcode/core.c | 51 +++++++++++++++++++++---
3 files changed, 56 insertions(+), 74 deletions(-)

diff --git a/arch/x86/include/asm/microcode_amd.h b/arch/x86/include/asm/microcode_amd.h
index 3e3e20be829a..3d57009e168b 100644
--- a/arch/x86/include/asm/microcode_amd.h
+++ b/arch/x86/include/asm/microcode_amd.h
@@ -54,6 +54,4 @@ static inline int __init
save_microcode_in_initrd_amd(unsigned int family) { return -EINVAL; }
void reload_ucode_amd(void) {}
#endif
-
-extern bool check_current_patch_level(u32 *rev, bool early);
#endif /* _ASM_X86_MICROCODE_AMD_H */
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 340d636512c9..782e01311e4e 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -216,7 +216,7 @@ apply_microcode_early_amd(u32 cpuid_1_eax, void *ucode, size_t size,
struct cont_desc desc = { 0 };
u8 (*patch)[PATCH_MAX_SIZE];
struct microcode_amd *mc;
- u32 rev, *new_rev;
+ u32 rev, dummy, *new_rev;
bool ret = false;

#ifdef CONFIG_X86_32
@@ -227,8 +227,7 @@ apply_microcode_early_amd(u32 cpuid_1_eax, void *ucode, size_t size,
patch = &amd_ucode_patch;
#endif

- if (check_current_patch_level(&rev, true))
- return ret;
+ microcode_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);

desc.cpuid_1_eax = cpuid_1_eax;

@@ -337,13 +336,8 @@ void load_ucode_amd_ap(unsigned int cpuid_1_eax)
{
struct equiv_cpu_entry *eq;
struct microcode_amd *mc;
- u32 rev;
u16 eq_id;

- /* 64-bit runs with paging enabled, thus early==false. */
- if (check_current_patch_level(&rev, false))
- return;
-
/* First AP hasn't cached it yet, go through the blob. */
if (!cont.data) {
struct cpio_data cp;
@@ -380,6 +374,10 @@ void load_ucode_amd_ap(unsigned int cpuid_1_eax)
return;

if (eq_id == cont.eq_id) {
+ u32 rev, dummy;
+
+ microcode_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
+
mc = (struct microcode_amd *)amd_ucode_patch;

if (mc && rev < mc->hdr.patch_id) {
@@ -445,19 +443,14 @@ int __init save_microcode_in_initrd_amd(unsigned int cpuid_1_eax)
void reload_ucode_amd(void)
{
struct microcode_amd *mc;
- u32 rev;
-
- /*
- * early==false because this is a syscore ->resume path and by
- * that time paging is long enabled.
- */
- if (check_current_patch_level(&rev, false))
- return;
+ u32 rev, dummy;

mc = (struct microcode_amd *)amd_ucode_patch;
if (!mc)
return;

+ rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
+
if (rev < mc->hdr.patch_id) {
if (!__apply_microcode_amd(mc)) {
ucode_new_rev = mc->hdr.patch_id;
@@ -595,60 +588,13 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size,
return patch_size;
}

-/*
- * Those patch levels cannot be updated to newer ones and thus should be final.
- */
-static u32 final_levels[] = {
- 0x01000098,
- 0x0100009f,
- 0x010000af,
- 0, /* T-101 terminator */
-};
-
-/*
- * Check the current patch level on this CPU.
- *
- * @rev: Use it to return the patch level. It is set to 0 in the case of
- * error.
- *
- * Returns:
- * - true: if update should stop
- * - false: otherwise
- */
-bool check_current_patch_level(u32 *rev, bool early)
-{
- u32 lvl, dummy, i;
- bool ret = false;
- u32 *levels;
-
- microcode_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
-
- if (IS_ENABLED(CONFIG_X86_32) && early)
- levels = (u32 *)__pa_nodebug(&final_levels);
- else
- levels = final_levels;
-
- for (i = 0; levels[i]; i++) {
- if (lvl == levels[i]) {
- lvl = 0;
- ret = true;
- break;
- }
- }
-
- if (rev)
- *rev = lvl;
-
- return ret;
-}
-
static int apply_microcode_amd(int cpu)
{
struct cpuinfo_x86 *c = &cpu_data(cpu);
struct microcode_amd *mc_amd;
struct ucode_cpu_info *uci;
struct ucode_patch *p;
- u32 rev;
+ u32 rev, dummy;

BUG_ON(raw_smp_processor_id() != cpu);

@@ -661,8 +607,7 @@ static int apply_microcode_amd(int cpu)
mc_amd = p->data;
uci->mc = p->data;

- if (check_current_patch_level(&rev, false))
- return -1;
+ rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);

/* need to apply patch? */
if (rev >= mc_amd->hdr.patch_id) {
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 437996c9be67..8650b58b4564 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -69,6 +69,42 @@ struct cpu_info_ctx {
int err;
};

+/*
+ * Those patch levels cannot be updated to newer ones and thus should be final.
+ */
+static u32 final_levels[] = {
+ 0x01000098,
+ 0x0100009f,
+ 0x010000af,
+ 0, /* T-101 terminator */
+};
+
+/*
+ * Check the current patch level on this CPU.
+ *
+ * Returns:
+ * - true: if update should stop
+ * - false: otherwise
+ */
+static bool amd_check_current_patch_level(void)
+{
+ u32 lvl, dummy, i;
+ u32 *levels;
+
+ microcode_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
+
+ if (IS_ENABLED(CONFIG_X86_32))
+ levels = (u32 *)__pa_nodebug(&final_levels);
+ else
+ levels = final_levels;
+
+ for (i = 0; levels[i]; i++) {
+ if (lvl == levels[i])
+ return true;
+ }
+ return false;
+}
+
static bool __init check_loader_disabled_bsp(void)
{
static const char *__dis_opt_str = "dis_ucode_ldr";
@@ -95,6 +131,11 @@ static bool __init check_loader_disabled_bsp(void)
if (native_cpuid_ecx(1) & BIT(31))
return *res;

+ if (x86_cpuid_vendor() == X86_VENDOR_AMD) {
+ if (amd_check_current_patch_level())
+ return *res;
+ }
+
if (cmdline_find_option_bool(cmdline, option) <= 0)
*res = false;

@@ -122,15 +163,14 @@ bool get_builtin_firmware(struct cpio_data *cd, const char *name)

void __init load_ucode_bsp(void)
{
- unsigned int vendor, cpuid_1_eax;
+ unsigned int cpuid_1_eax;

if (check_loader_disabled_bsp())
return;

- vendor = x86_cpuid_vendor();
cpuid_1_eax = native_cpuid_eax(1);

- switch (vendor) {
+ switch (x86_cpuid_vendor()) {
case X86_VENDOR_INTEL:
if (x86_family(cpuid_1_eax) >= 6)
load_ucode_intel_bsp();
@@ -155,15 +195,14 @@ static bool check_loader_disabled_ap(void)

void load_ucode_ap(void)
{
- unsigned int vendor, cpuid_1_eax;
+ unsigned int cpuid_1_eax;

if (check_loader_disabled_ap())
return;

- vendor = x86_cpuid_vendor();
cpuid_1_eax = native_cpuid_eax(1);

- switch (vendor) {
+ switch (x86_cpuid_vendor()) {
case X86_VENDOR_INTEL:
if (x86_family(cpuid_1_eax) >= 6)
load_ucode_intel_ap();
--
2.11.0

Next message: Borislav Petkov: "[PATCH 13/13] x86/microcode/AMD: Remove AP scanning optimization"
Previous message: Borislav Petkov: "[PATCH 11/13] x86/microcode/AMD: Unify load_ucode_amd_ap()"
In reply to: Thomas Gleixner: "Re: [PATCH 11/13] x86/microcode/AMD: Unify load_ucode_amd_ap()"
Next in thread: Thomas Gleixner: "Re: [PATCH 10/13] x86/microcode/AMD: Check patch level only on the BSP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]