Re: [Patch v3 Part2 1/9] x86/microcode: Taint kernel only if microcode loading was successful

From: Li, Aubrey
Date: Tue Jan 31 2023 - 07:18:37 EST

Next message: Eli Cohen: "Re: [PATCH 3/6] vdpa: validate provisioned device features against specified attribute"
Previous message: Marcelo Tosatti: "Re: [PATCH v2 0/5] Introduce memcg_stock_pcp remote draining"
In reply to: Ashok Raj: "Re: [Patch v3 Part2 1/9] x86/microcode: Taint kernel only if microcode loading was successful"
Next in thread: Ashok Raj: "Re: [Patch v3 Part2 1/9] x86/microcode: Taint kernel only if microcode loading was successful"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2023/1/31 5:39, Ashok Raj wrote:

Currently when late loading is aborted due to check_online_cpu(), kernel
still ends up tainting the kernel.

Taint only when microcode loading was successful.

Suggested-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Signed-off-by: Ashok Raj <ashok.raj@xxxxxxxxx>
Cc: LKML <linux-kernel@xxxxxxxxxxxxxxx>
Cc: x86 <x86@xxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Tony Luck <tony.luck@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Alison Schofield <alison.schofield@xxxxxxxxx>
Cc: Reinette Chatre <reinette.chatre@xxxxxxxxx>
Cc: Thomas Gleixner (Intel) <tglx@xxxxxxxxxxxxx>
Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
Cc: Stefan Talpalaru <stefantalpalaru@xxxxxxxxx>
Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Rafael J. Wysocki <rafael@xxxxxxxxxx>
Cc: Peter Zilstra (Intel) <peterz@xxxxxxxxxxxxx>
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Cc: Martin Pohlack <mpohlack@xxxxxxxxx>
---
v1->v2: (Thomas)
- Remove unnecessary assignment of ret that's being overwritten.
- Taint kernel only of loading was successful
---
arch/x86/kernel/cpu/microcode/core.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index 61d57d9b93ee..1c6831b8b244 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -472,7 +472,8 @@ static ssize_t reload_store(struct device *dev,
enum ucode_state tmp_ret = UCODE_OK;
int bsp = boot_cpu_data.cpu_index;
unsigned long val;
- ssize_t ret = 0;
+ int load_ret = -1;
+ ssize_t ret;
ret = kstrtoul(buf, 0, &val);
if (ret)
@@ -488,20 +489,26 @@ static ssize_t reload_store(struct device *dev,
goto put;
tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev);
- if (tmp_ret != UCODE_NEW)
+ if (tmp_ret != UCODE_NEW) {
+ ret = size;
goto put;
+ }
mutex_lock(&microcode_mutex);
- ret = microcode_reload_late();
+ load_ret = microcode_reload_late();
mutex_unlock(&microcode_mutex);
put:
cpus_read_unlock();
- if (ret == 0)
+ /*
+ * Taint only when loading was successful
+ */
+ if (load_ret == 0) {
ret = size;

What about if loading was not successful(load_ret != 0)?
ret has no chance to be returned as size here and we'll run into the endless update?

Thanks,
-Aubrey

-
- add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
+ add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
+ pr_warn("Microcode late loading tainted the kernel\n");
+ }
return ret;
}

Next message: Eli Cohen: "Re: [PATCH 3/6] vdpa: validate provisioned device features against specified attribute"
Previous message: Marcelo Tosatti: "Re: [PATCH v2 0/5] Introduce memcg_stock_pcp remote draining"
In reply to: Ashok Raj: "Re: [Patch v3 Part2 1/9] x86/microcode: Taint kernel only if microcode loading was successful"
Next in thread: Ashok Raj: "Re: [Patch v3 Part2 1/9] x86/microcode: Taint kernel only if microcode loading was successful"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]