From 05a2ea3faa8b077d4a6c8f859982d4f5a999949e Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 25 May 2022 18:12:29 +0200 Subject: [PATCH 01/34] x86/microcode: Rip out the OLD_INTERFACE mainline inclusion from mainline-v5.19-rc1 commit 181b6f40e9ea80c76756d4d0cdeed396016c487e category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=181b6f40e9ea80c76756d4d0cdeed396016c487e Intel-SIG: commit 181b6f40e9ea ("x86/microcode: Rip out the OLD_INTERFACE") ------------------------------------- x86/microcode: Rip out the OLD_INTERFACE Everything should be using the early initrd loading by now. Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20220525161232.14924-2-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/Kconfig | 12 ---- arch/x86/kernel/cpu/microcode/core.c | 100 --------------------------- 2 files changed, 112 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7e53f43447b4..224a0ad8b9e0 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1336,18 +1336,6 @@ config MICROCODE_AMD If you select this option, microcode patch loading support for AMD processors will be enabled. -config MICROCODE_OLD_INTERFACE - bool "Ancient loading interface (DEPRECATED)" - default n - depends on MICROCODE - help - DO NOT USE THIS! This is the ancient /dev/cpu/microcode interface - which was used by userspace tools like iucode_tool and microcode.ctl. - It is inadequate because it runs too late to be able to properly - load microcode on a machine and it needs special tools. Instead, you - should've switched to the early loading method with the initrd or - builtin microcode by now: Documentation/x86/microcode.rst - config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" help diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 0b1732b98e71..40509becdf7b 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -390,98 +390,6 @@ static int apply_microcode_on_target(int cpu) return ret; } -#ifdef CONFIG_MICROCODE_OLD_INTERFACE -static int do_microcode_update(const void __user *buf, size_t size) -{ - int error = 0; - int cpu; - - for_each_online_cpu(cpu) { - struct ucode_cpu_info *uci = ucode_cpu_info + cpu; - enum ucode_state ustate; - - if (!uci->valid) - continue; - - ustate = microcode_ops->request_microcode_user(cpu, buf, size); - if (ustate == UCODE_ERROR) { - error = -1; - break; - } else if (ustate == UCODE_NEW) { - apply_microcode_on_target(cpu); - } - } - - return error; -} - -static int microcode_open(struct inode *inode, struct file *file) -{ - return capable(CAP_SYS_RAWIO) ? stream_open(inode, file) : -EPERM; -} - -static ssize_t microcode_write(struct file *file, const char __user *buf, - size_t len, loff_t *ppos) -{ - ssize_t ret = -EINVAL; - unsigned long nr_pages = totalram_pages(); - - if ((len >> PAGE_SHIFT) > nr_pages) { - pr_err("too much data (max %ld pages)\n", nr_pages); - return ret; - } - - get_online_cpus(); - mutex_lock(µcode_mutex); - - if (do_microcode_update(buf, len) == 0) - ret = (ssize_t)len; - - if (ret > 0) - perf_check_microcode(); - - mutex_unlock(µcode_mutex); - put_online_cpus(); - - return ret; -} - -static const struct file_operations microcode_fops = { - .owner = THIS_MODULE, - .write = microcode_write, - .open = microcode_open, - .llseek = no_llseek, -}; - -static struct miscdevice microcode_dev = { - .minor = MICROCODE_MINOR, - .name = "microcode", - .nodename = "cpu/microcode", - .fops = µcode_fops, -}; - -static int __init microcode_dev_init(void) -{ - int error; - - error = misc_register(µcode_dev); - if (error) { - pr_err("can't misc_register on minor=%d\n", MICROCODE_MINOR); - return error; - } - - return 0; -} - -static void __exit microcode_dev_exit(void) -{ - misc_deregister(µcode_dev); -} -#else -#define microcode_dev_init() 0 -#define microcode_dev_exit() do { } while (0) -#endif - /* fake device for request_firmware */ static struct platform_device *microcode_pdev; @@ -873,10 +781,6 @@ int __init microcode_init(void) goto out_driver; } - error = microcode_dev_init(); - if (error) - goto out_ucode_group; - register_syscore_ops(&mc_syscore_ops); cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting", mc_cpu_starting, NULL); @@ -887,10 +791,6 @@ int __init microcode_init(void) return 0; - out_ucode_group: - sysfs_remove_group(&cpu_subsys.dev_root->kobj, - &cpu_root_microcode_group); - out_driver: get_online_cpus(); mutex_lock(µcode_mutex); -- Gitee From f5a968e7e242a9e930782953bcba0ac9eab5696e Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 25 May 2022 18:12:30 +0200 Subject: [PATCH 02/34] x86/microcode: Default-disable late loading mainline inclusion from mainline-v5.19-rc1 commit a77a94f86273ce42a39cb479217dd8d68acfe0ff category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=a77a94f86273ce42a39cb479217dd8d68acfe0ff Intel-SIG: commit a77a94f86273 ("x86/microcode: Default-disable late loading") ------------------------------------- x86/microcode: Default-disable late loading It is dangerous and it should not be used anyway - there's a nice early loading already. Requested-by: Peter Zijlstra (Intel) Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20220525161232.14924-3-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/Kconfig | 11 +++++++++++ arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/kernel/cpu/microcode/core.c | 7 ++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 224a0ad8b9e0..29e12ad8bb20 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1336,6 +1336,17 @@ config MICROCODE_AMD If you select this option, microcode patch loading support for AMD processors will be enabled. +config MICROCODE_LATE_LOADING + bool "Late microcode loading (DANGEROUS)" + default n + depends on MICROCODE + help + Loading microcode late, when the system is up and executing instructions + is a tricky business and should be avoided if possible. Just the sequence + of synchronizing all cores and SMT threads is one fragile dance which does + not guarantee that cores might not softlock after the loading. Therefore, + use this at your own risk. Late loading taints the kernel too. + config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" help diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 9c7708e98b32..00454dfdb28f 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2140,6 +2140,7 @@ void cpu_init(void) load_fixmap_gdt(cpu); } +#ifdef CONFIG_MICROCODE_LATE_LOADING /* * The microcode loader calls this upon late microcode load to recheck features, * only when microcode has been updated. Caller holds microcode_mutex and CPU @@ -2169,6 +2170,7 @@ void microcode_check(void) pr_warn("x86/CPU: CPU features have changed after loading microcode, but might not take effect.\n"); pr_warn("x86/CPU: Please consider either early loading through initrd/built-in or a potential BIOS update.\n"); } +#endif /* * Invoked from core CPU hotplug code after hotplug operations diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 40509becdf7b..e9398f01c3ba 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -393,6 +393,7 @@ static int apply_microcode_on_target(int cpu) /* fake device for request_firmware */ static struct platform_device *microcode_pdev; +#ifdef CONFIG_MICROCODE_LATE_LOADING /* * Late loading dance. Why the heavy-handed stomp_machine effort? * @@ -560,6 +561,9 @@ static ssize_t reload_store(struct device *dev, return ret; } +static DEVICE_ATTR_WO(reload); +#endif + static ssize_t version_show(struct device *dev, struct device_attribute *attr, char *buf) { @@ -576,7 +580,6 @@ static ssize_t pf_show(struct device *dev, return sprintf(buf, "0x%x\n", uci->cpu_sig.pf); } -static DEVICE_ATTR_WO(reload); static DEVICE_ATTR(version, 0444, version_show, NULL); static DEVICE_ATTR(processor_flags, 0444, pf_show, NULL); @@ -729,7 +732,9 @@ static int mc_cpu_down_prep(unsigned int cpu) } static struct attribute *cpu_root_microcode_attrs[] = { +#ifdef CONFIG_MICROCODE_LATE_LOADING &dev_attr_reload.attr, +#endif NULL }; -- Gitee From 309a506f88c18e1b7b2a46e46d9575d1b1e987f9 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 25 May 2022 18:12:31 +0200 Subject: [PATCH 03/34] x86/microcode: Taint and warn on late loading mainline inclusion from mainline-v5.19-rc1 commit d23d33ea0fcdc4bbb484990bf53867f99c63ccab category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=d23d33ea0fcdc4bbb484990bf53867f99c63ccab Intel-SIG: commit d23d33ea0fcd ("x86/microcode: Taint and warn on late loading") ------------------------------------- x86/microcode: Taint and warn on late loading Warn before it is attempted and taint the kernel. Late loading microcode can lead to malfunction of the kernel when the microcode update changes behaviour. There is no way for the kernel to determine whether its safe or not. Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20220525161232.14924-4-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index e9398f01c3ba..51099f4a0e98 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -510,6 +510,9 @@ static int microcode_reload_late(void) { int ret; + pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); + pr_err("You should switch to early loading, if possible.\n"); + atomic_set(&late_cpus_in, 0); atomic_set(&late_cpus_out, 0); @@ -558,6 +561,8 @@ static ssize_t reload_store(struct device *dev, if (ret == 0) ret = size; + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); + return ret; } -- Gitee From 732ec0d06fe2738fdaadae7bcf4192b284ab0afd Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 25 May 2022 18:12:32 +0200 Subject: [PATCH 04/34] x86/microcode: Remove unnecessary perf callback mainline inclusion from mainline-v5.19-rc1 commit 0c0fe08c76485fe0178ebb0fa1a2052c727abe94 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=0c0fe08c76485fe0178ebb0fa1a2052c727abe94 Intel-SIG: commit 0c0fe08c7648 ("x86/microcode: Remove unnecessary perf callback") ------------------------------------- x86/microcode: Remove unnecessary perf callback c93dc84cbe32 ("perf/x86: Add a microcode revision check for SNB-PEBS") checks whether the microcode revision has fixed PEBS issues. This can happen either: 1. At PEBS init time, where the early microcode has been loaded already 2. During late loading, in the microcode_check() callback. So remove the unnecessary call in the microcode loader init routine. Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner Link: https://lore.kernel.org/r/20220525161232.14924-5-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/core.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 51099f4a0e98..e55144b6c2d2 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -773,10 +773,7 @@ int __init microcode_init(void) get_online_cpus(); mutex_lock(µcode_mutex); - error = subsys_interface_register(&mc_cpu_interface); - if (!error) - perf_check_microcode(); mutex_unlock(µcode_mutex); put_online_cpus(); -- Gitee From e7744c114c15fe86a3958fabf51d267d9af8ec22 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Sun, 10 Jul 2022 16:07:36 +0200 Subject: [PATCH 05/34] platform/x86/intel/ifs: Mark as BROKEN mainline inclusion from mainline-v5.19-rc7 commit c483e7ea10fa889f9da5012753a6766be6e11309 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=c483e7ea10fa889f9da5012753a6766be6e11309 Intel-SIG: commit c483e7ea10fa ("platform/x86/intel/ifs: Mark as BROKEN") ------------------------------------- platform/x86/intel/ifs: Mark as BROKEN A recent suggested change to the IFS code has shown that the userspace API needs a bit more work, see: https://lore.kernel.org/platform-driver-x86/20220708151938.986530-1-jithu.joseph@intel.com/ Mark it as BROKEN before 5.19 ships, to give ourselves one more kernel-devel cycle to get the userspace API right. Link: https://lore.kernel.org/platform-driver-x86/20220708151938.986530-1-jithu.joseph@intel.com/ Cc: Jithu Joseph Cc: Ashok Raj Cc: Tony Luck Suggested-by: Greg KH Signed-off-by: Hans de Goede Acked-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20220710140736.6492-1-hdegoede@redhat.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/platform/x86/intel/ifs/Kconfig b/drivers/platform/x86/intel/ifs/Kconfig index 7ce896434b8f..c341a27cc1a3 100644 --- a/drivers/platform/x86/intel/ifs/Kconfig +++ b/drivers/platform/x86/intel/ifs/Kconfig @@ -1,6 +1,9 @@ config INTEL_IFS tristate "Intel In Field Scan" depends on X86 && CPU_SUP_INTEL && 64BIT && SMP + # Discussion on the list has shown that the sysfs API needs a bit + # more work, mark this as broken for now + depends on BROKEN select INTEL_IFS_DEVICE help Enable support for the In Field Scan capability in select -- Gitee From 615efcf6bfd7351452474afecfdc34927d06de4e Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 27 Jul 2022 13:49:48 +0200 Subject: [PATCH 06/34] misc: Mark MICROCODE_MINOR unused mainline inclusion from mainline-v6.0-rc1 commit 9f8267b9b29937d997c3b4cec426252aae6311b5 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=9f8267b9b29937d997c3b4cec426252aae6311b5 Intel-SIG: commit 9f8267b9b299 ("misc: Mark MICROCODE_MINOR unused") ------------------------------------- misc: Mark MICROCODE_MINOR unused This one is unused since 181b6f40e9ea ("x86/microcode: Rip out the OLD_INTERFACE") so comment it out. Link: https://lore.kernel.org/r/20220525161232.14924-1-bp@alien8.de Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220727114948.30123-1-bp@alien8.de Signed-off-by: Greg Kroah-Hartman Signed-off-by: Aichun Shi --- include/linux/miscdevice.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/miscdevice.h b/include/linux/miscdevice.h index 0676f18093f9..c0fea6ca5076 100644 --- a/include/linux/miscdevice.h +++ b/include/linux/miscdevice.h @@ -44,7 +44,7 @@ #define AGPGART_MINOR 175 #define TOSH_MINOR_DEV 181 #define HWRNG_MINOR 183 -#define MICROCODE_MINOR 184 +/*#define MICROCODE_MINOR 184 unused */ #define KEYPAD_MINOR 185 #define IRNET_MINOR 187 #define D7S_MINOR 193 -- Gitee From 75d4e3f57dfe9c6c66acd7ade294ce8483d57796 Mon Sep 17 00:00:00 2001 From: Mathieu Chouquet-Stringer Date: Wed, 2 Dec 2020 16:32:43 +0100 Subject: [PATCH 07/34] docs: Update documentation to reflect what TAINT_CPU_OUT_OF_SPEC means mainline inclusion from mainline-v5.11-rc1 commit 547f574fd9d5e3925d47fd44decbf6ab6df94b0e category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=547f574fd9d5e3925d47fd44decbf6ab6df94b0e Intel-SIG: commit 547f574fd9d5 ("docs: Update documentation to reflect what TAINT_CPU_OUT_OF_SPEC means") ------------------------------------- docs: Update documentation to reflect what TAINT_CPU_OUT_OF_SPEC means Here's a patch updating the meaning of TAINT_CPU_OUT_OF_SPEC after Borislav introduced changes in a7e1f67ed29f and upcoming patches in tip. TAINT_CPU_OUT_OF_SPEC now means a bit more what it implies as the flag isn't set just because of a CPU misconfiguration or mismatch. Historically it was for SMP kernel oops on an officially SMP incapable processor but now it also covers CPUs whose MSRs have been incorrectly poked at from userspace, drivers being used on non supported architectures, broken firmware, mismatched CPUs, ... Update documentation and script to reflect that. Signed-off-by: Mathieu Chouquet-Stringer Link: https://lore.kernel.org/r/20201202153244.709752-1-me@mathieu.digital Signed-off-by: Jonathan Corbet Signed-off-by: Aichun Shi --- Documentation/admin-guide/sysctl/kernel.rst | 2 +- Documentation/admin-guide/tainted-kernels.rst | 23 +++++++++++++++---- tools/debugging/kernel-chktaint | 2 +- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst index f0271bc4ff95..cdedad43cffb 100644 --- a/Documentation/admin-guide/sysctl/kernel.rst +++ b/Documentation/admin-guide/sysctl/kernel.rst @@ -1352,7 +1352,7 @@ ORed together. The letters are seen in "Tainted" line of Oops reports. ====== ===== ============================================================== 1 `(P)` proprietary module was loaded 2 `(F)` module was force loaded - 4 `(S)` SMP kernel oops on an officially SMP incapable processor + 4 `(S)` kernel running on an out of specification system 8 `(R)` module was force unloaded 16 `(M)` processor reported a Machine Check Exception (MCE) 32 `(B)` bad page referenced or some unexpected page flags diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index f718a2eaf1f6..ceeed7b0798d 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -84,7 +84,7 @@ Bit Log Number Reason that got the kernel tainted === === ====== ======================================================== 0 G/P 1 proprietary module was loaded 1 _/F 2 module was force loaded - 2 _/S 4 SMP kernel oops on an officially SMP incapable processor + 2 _/S 4 kernel running on an out of specification system 3 _/R 8 module was force unloaded 4 _/M 16 processor reported a Machine Check Exception (MCE) 5 _/B 32 bad page referenced or some unexpected page flags @@ -116,10 +116,23 @@ More detailed explanation for tainting 1) ``F`` if any module was force loaded by ``insmod -f``, ``' '`` if all modules were loaded normally. - 2) ``S`` if the oops occurred on an SMP kernel running on hardware that - hasn't been certified as safe to run multiprocessor. - Currently this occurs only on various Athlons that are not - SMP capable. + 2) ``S`` if the kernel is running on a processor or system that is out of + specification: hardware has been put into an unsupported configuration, + therefore proper execution cannot be guaranteed. + Kernel will be tainted if, for example: + + - on x86: PAE is forced through forcepae on intel CPUs (such as Pentium M) + which do not report PAE but may have a functional implementation, an SMP + kernel is running on non officially capable SMP Athlon CPUs, MSRs are + being poked at from userspace. + - on arm: kernel running on certain CPUs (such as Keystone 2) without + having certain kernel features enabled. + - on arm64: there are mismatched hardware features between CPUs, the + bootloader has booted CPUs in different modes. + - certain drivers are being used on non supported architectures (such as + scsi/snic on something else than x86_64, scsi/ips on non + x86/x86_64/itanium, have broken firmware settings for the + irqchip/irq-gic on arm64 ...). 3) ``R`` if a module was force unloaded by ``rmmod -f``, ``' '`` if all modules were unloaded normally. diff --git a/tools/debugging/kernel-chktaint b/tools/debugging/kernel-chktaint index 2240cb56e6e5..607b2b280945 100755 --- a/tools/debugging/kernel-chktaint +++ b/tools/debugging/kernel-chktaint @@ -72,7 +72,7 @@ if [ `expr $T % 2` -eq 0 ]; then addout " " else addout "S" - echo " * SMP kernel oops on an officially SMP incapable processor (#2)" + echo " * kernel running on an out of specification system (#2)" fi T=`expr $T / 2` -- Gitee From a900863bf9493cbd33cd884f57a6ebd38e4e8f12 Mon Sep 17 00:00:00 2001 From: Ashok Raj Date: Sat, 13 Aug 2022 22:38:21 +0000 Subject: [PATCH 08/34] x86/microcode: Document the whole late loading problem mainline inclusion from mainline-v6.1-rc1 commit 3ecf671f1d354f40228e407ab350abd41034410b category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=3ecf671f1d354f40228e407ab350abd41034410b Intel-SIG: commit 3ecf671f1d35 ("x86/microcode: Document the whole late loading problem") ------------------------------------- x86/microcode: Document the whole late loading problem Commit d23d33ea0fcd ("x86/microcode: Taint and warn on late loading") started tainting the kernel after microcode late loading. There is some history behind why x86 microcode started doing the late loading stop_machine() rendezvous. Document the whole situation. No functional changes. [ bp: Fix typos, heavily massage. ] Signed-off-by: Ashok Raj Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220813223825.3164861-2-ashok.raj@intel.com Signed-off-by: Aichun Shi --- Documentation/admin-guide/tainted-kernels.rst | 6 + Documentation/x86/microcode.rst | 116 ++++++++++++++++-- 2 files changed, 113 insertions(+), 9 deletions(-) diff --git a/Documentation/admin-guide/tainted-kernels.rst b/Documentation/admin-guide/tainted-kernels.rst index ceeed7b0798d..c1642a0541a6 100644 --- a/Documentation/admin-guide/tainted-kernels.rst +++ b/Documentation/admin-guide/tainted-kernels.rst @@ -133,6 +133,12 @@ More detailed explanation for tainting scsi/snic on something else than x86_64, scsi/ips on non x86/x86_64/itanium, have broken firmware settings for the irqchip/irq-gic on arm64 ...). + - x86/x86_64: Microcode late loading is dangerous and will result in + tainting the kernel. It requires that all CPUs rendezvous to make sure + the update happens when the system is as quiescent as possible. However, + a higher priority MCE/SMI/NMI can move control flow away from that + rendezvous and interrupt the update, which can be detrimental to the + machine. 3) ``R`` if a module was force unloaded by ``rmmod -f``, ``' '`` if all modules were unloaded normally. diff --git a/Documentation/x86/microcode.rst b/Documentation/x86/microcode.rst index a320d37982ed..b627c6f36bcf 100644 --- a/Documentation/x86/microcode.rst +++ b/Documentation/x86/microcode.rst @@ -6,6 +6,7 @@ The Linux Microcode Loader :Authors: - Fenghua Yu - Borislav Petkov + - Ashok Raj The kernel has a x86 microcode loading facility which is supposed to provide microcode loading methods in the OS. Potential use cases are @@ -92,15 +93,8 @@ vendor's site. Late loading ============ -There are two legacy user space interfaces to load microcode, either through -/dev/cpu/microcode or through /sys/devices/system/cpu/microcode/reload file -in sysfs. - -The /dev/cpu/microcode method is deprecated because it needs a special -userspace tool for that. - -The easier method is simply installing the microcode packages your distro -supplies and running:: +You simply install the microcode packages your distro supplies and +run:: # echo 1 > /sys/devices/system/cpu/microcode/reload @@ -110,6 +104,110 @@ The loading mechanism looks for microcode blobs in /lib/firmware/{intel-ucode,amd-ucode}. The default distro installation packages already put them there. +Since kernel 5.19, late loading is not enabled by default. + +The /dev/cpu/microcode method has been removed in 5.19. + +Why is late loading dangerous? +============================== + +Synchronizing all CPUs +---------------------- + +The microcode engine which receives the microcode update is shared +between the two logical threads in a SMT system. Therefore, when +the update is executed on one SMT thread of the core, the sibling +"automatically" gets the update. + +Since the microcode can "simulate" MSRs too, while the microcode update +is in progress, those simulated MSRs transiently cease to exist. This +can result in unpredictable results if the SMT sibling thread happens to +be in the middle of an access to such an MSR. The usual observation is +that such MSR accesses cause #GPs to be raised to signal that former are +not present. + +The disappearing MSRs are just one common issue which is being observed. +Any other instruction that's being patched and gets concurrently +executed by the other SMT sibling, can also result in similar, +unpredictable behavior. + +To eliminate this case, a stop_machine()-based CPU synchronization was +introduced as a way to guarantee that all logical CPUs will not execute +any code but just wait in a spin loop, polling an atomic variable. + +While this took care of device or external interrupts, IPIs including +LVT ones, such as CMCI etc, it cannot address other special interrupts +that can't be shut off. Those are Machine Check (#MC), System Management +(#SMI) and Non-Maskable interrupts (#NMI). + +Machine Checks +-------------- + +Machine Checks (#MC) are non-maskable. There are two kinds of MCEs. +Fatal un-recoverable MCEs and recoverable MCEs. While un-recoverable +errors are fatal, recoverable errors can also happen in kernel context +are also treated as fatal by the kernel. + +On certain Intel machines, MCEs are also broadcast to all threads in a +system. If one thread is in the middle of executing WRMSR, a MCE will be +taken at the end of the flow. Either way, they will wait for the thread +performing the wrmsr(0x79) to rendezvous in the MCE handler and shutdown +eventually if any of the threads in the system fail to check in to the +MCE rendezvous. + +To be paranoid and get predictable behavior, the OS can choose to set +MCG_STATUS.MCIP. Since MCEs can be at most one in a system, if an +MCE was signaled, the above condition will promote to a system reset +automatically. OS can turn off MCIP at the end of the update for that +core. + +System Management Interrupt +--------------------------- + +SMIs are also broadcast to all CPUs in the platform. Microcode update +requests exclusive access to the core before writing to MSR 0x79. So if +it does happen such that, one thread is in WRMSR flow, and the 2nd got +an SMI, that thread will be stopped in the first instruction in the SMI +handler. + +Since the secondary thread is stopped in the first instruction in SMI, +there is very little chance that it would be in the middle of executing +an instruction being patched. Plus OS has no way to stop SMIs from +happening. + +Non-Maskable Interrupts +----------------------- + +When thread0 of a core is doing the microcode update, if thread1 is +pulled into NMI, that can cause unpredictable behavior due to the +reasons above. + +OS can choose a variety of methods to avoid running into this situation. + + +Is the microcode suitable for late loading? +------------------------------------------- + +Late loading is done when the system is fully operational and running +real workloads. Late loading behavior depends on what the base patch on +the CPU is before upgrading to the new patch. + +This is true for Intel CPUs. + +Consider, for example, a CPU has patch level 1 and the update is to +patch level 3. + +Between patch1 and patch3, patch2 might have deprecated a software-visible +feature. + +This is unacceptable if software is even potentially using that feature. +For instance, say MSR_X is no longer available after an update, +accessing that MSR will cause a #GP fault. + +Basically there is no way to declare a new microcode update suitable +for late-loading. This is another one of the problems that caused late +loading to be not enabled by default. + Builtin microcode ================= -- Gitee From d75018fd1c47281a084c84854ee3de8418fec4af Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Thu, 25 Aug 2022 09:51:57 +0200 Subject: [PATCH 09/34] x86/microcode: Remove ->request_microcode_user() mainline inclusion from mainline-v6.1-rc1 commit 8c61eafd22d7207039bff85c6e1d386f15abd17e category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=8c61eafd22d7207039bff85c6e1d386f15abd17e Intel-SIG: commit 8c61eafd22d7 ("x86/microcode: Remove ->request_microcode_user()") ------------------------------------- x86/microcode: Remove ->request_microcode_user() 181b6f40e9ea ("x86/microcode: Rip out the OLD_INTERFACE") removed the old microcode loading interface but forgot to remove the related ->request_microcode_user() functionality which it uses. Rip it out now too. Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220825075445.28171-1-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/include/asm/microcode.h | 3 --- arch/x86/kernel/cpu/microcode/amd.c | 7 ------- arch/x86/kernel/cpu/microcode/intel.c | 17 ----------------- 3 files changed, 27 deletions(-) diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h index 91a06cef50c1..7875b7361ec8 100644 --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -32,9 +32,6 @@ enum ucode_state { }; struct microcode_ops { - enum ucode_state (*request_microcode_user) (int cpu, - const void __user *buf, size_t size); - enum ucode_state (*request_microcode_fw) (int cpu, struct device *, bool refresh_fw); diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 3f6b137ef4e6..9fff9df93cda 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -919,12 +919,6 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device, return ret; } -static enum ucode_state -request_microcode_user(int cpu, const void __user *buf, size_t size) -{ - return UCODE_ERROR; -} - static void microcode_fini_cpu_amd(int cpu) { struct ucode_cpu_info *uci = ucode_cpu_info + cpu; @@ -933,7 +927,6 @@ static void microcode_fini_cpu_amd(int cpu) } static struct microcode_ops microcode_amd_ops = { - .request_microcode_user = request_microcode_user, .request_microcode_fw = request_microcode_amd, .collect_cpu_info = collect_cpu_info_amd, .apply_microcode = apply_microcode_amd, diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 3fc03db929f2..bde40cd5b117 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -909,24 +909,7 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, return ret; } -static enum ucode_state -request_microcode_user(int cpu, const void __user *buf, size_t size) -{ - struct iov_iter iter; - struct iovec iov; - - if (is_blacklisted(cpu)) - return UCODE_NFOUND; - - iov.iov_base = (void __user *)buf; - iov.iov_len = size; - iov_iter_init(&iter, WRITE, &iov, 1, size); - - return generic_load_microcode(cpu, &iter); -} - static struct microcode_ops microcode_intel_ops = { - .request_microcode_user = request_microcode_user, .request_microcode_fw = request_microcode_fw, .collect_cpu_info = collect_cpu_info, .apply_microcode = apply_microcode_intel, -- Gitee From c851af28d1110bbfc75ef0ab95f10a8b616994ab Mon Sep 17 00:00:00 2001 From: Ashok Raj Date: Mon, 29 Aug 2022 18:10:30 +0000 Subject: [PATCH 10/34] x86/microcode: Print previous version of microcode after reload mainline inclusion from mainline-v6.1-rc1 commit 7fce8d6eccbc31a561d07c79f359ad09f0424347 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=7fce8d6eccbc31a561d07c79f359ad09f0424347 Intel-SIG: commit 7fce8d6eccbc ("x86/microcode: Print previous version of microcode after reload") ------------------------------------- x86/microcode: Print previous version of microcode after reload Print both old and new versions of microcode after a reload is complete because knowing the previous microcode version is sometimes important from a debugging perspective. [ bp: Massage commit message. ] Signed-off-by: Ashok Raj Signed-off-by: Borislav Petkov Acked-by: Tony Luck Link: https://lore.kernel.org/r/20220829181030.722891-1-ashok.raj@intel.com Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index e55144b6c2d2..4f8718378966 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -508,7 +508,7 @@ static int __reload_late(void *info) */ static int microcode_reload_late(void) { - int ret; + int old = boot_cpu_data.microcode, ret; pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); pr_err("You should switch to early loading, if possible.\n"); @@ -520,7 +520,8 @@ static int microcode_reload_late(void) if (ret == 0) microcode_check(); - pr_info("Reload completed, microcode revision: 0x%x\n", boot_cpu_data.microcode); + pr_info("Reload completed, microcode revision: 0x%x -> 0x%x\n", + old, boot_cpu_data.microcode); return ret; } -- Gitee From 6499df4630fa0869b3b61a71ae08659ef079f3d8 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 19 Oct 2022 18:13:06 +0200 Subject: [PATCH 11/34] x86/microcode: Rip out the subsys interface gunk mainline inclusion from mainline-v6.2-rc1 commit b6f86689d5b740f2cc3ac3a1032c7374b24381cc category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=b6f86689d5b740f2cc3ac3a1032c7374b24381cc Intel-SIG: commit b6f86689d5b7 ("x86/microcode: Rip out the subsys interface gunk") ------------------------------------- x86/microcode: Rip out the subsys interface gunk This is a left-over from the old days when CPU hotplug wasn't as robust as it is now. Currently, microcode gets loaded early on the CPU init path and there's no need to attempt to load it again, which that subsys interface callback is doing. The only other thing that the subsys interface init path was doing is adding the /sys/devices/system/cpu/cpu*/microcode/ hierarchy. So add a function which gets called on each CPU after all the necessary driver setup has happened. Use schedule_on_each_cpu() which can block because the sysfs creating code does kmem_cache_zalloc() which can block too and the initial version of this where it did that setup in an IPI handler of on_each_cpu() can cause a deadlock of the sort: lock(fs_reclaim); lock(fs_reclaim); as the IPI handler runs in IRQ context. Signed-off-by: Borislav Petkov Reviewed-by: Ashok Raj Link: https://lore.kernel.org/r/20221028142638.28498-2-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/core.c | 78 +++++++--------------------- 1 file changed, 20 insertions(+), 58 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 4f8718378966..eb05a8ae4ea1 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -618,8 +618,8 @@ static enum ucode_state microcode_resume_cpu(int cpu) static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw) { - enum ucode_state ustate; struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + enum ucode_state ustate; if (uci->valid) return UCODE_OK; @@ -653,44 +653,6 @@ static enum ucode_state microcode_update_cpu(int cpu) return microcode_init_cpu(cpu, false); } -static int mc_device_add(struct device *dev, struct subsys_interface *sif) -{ - int err, cpu = dev->id; - - if (!cpu_online(cpu)) - return 0; - - pr_debug("CPU%d added\n", cpu); - - err = sysfs_create_group(&dev->kobj, &mc_attr_group); - if (err) - return err; - - if (microcode_init_cpu(cpu, true) == UCODE_ERROR) - return -EINVAL; - - return err; -} - -static void mc_device_remove(struct device *dev, struct subsys_interface *sif) -{ - int cpu = dev->id; - - if (!cpu_online(cpu)) - return; - - pr_debug("CPU%d removed\n", cpu); - microcode_fini_cpu(cpu); - sysfs_remove_group(&dev->kobj, &mc_attr_group); -} - -static struct subsys_interface mc_cpu_interface = { - .name = "microcode", - .subsys = &cpu_subsys, - .add_dev = mc_device_add, - .remove_dev = mc_device_remove, -}; - /** * microcode_bsp_resume - Update boot CPU microcode during resume. */ @@ -730,6 +692,9 @@ static int mc_cpu_down_prep(unsigned int cpu) struct device *dev; dev = get_cpu_device(cpu); + + microcode_fini_cpu(cpu); + /* Suspend is in progress, only remove the interface */ sysfs_remove_group(&dev->kobj, &mc_attr_group); pr_debug("CPU%d removed\n", cpu); @@ -737,6 +702,18 @@ static int mc_cpu_down_prep(unsigned int cpu) return 0; } +static void setup_online_cpu(struct work_struct *work) +{ + int cpu = smp_processor_id(); + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + + memset(uci, 0, sizeof(*uci)); + + microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); + + mc_cpu_online(cpu); +} + static struct attribute *cpu_root_microcode_attrs[] = { #ifdef CONFIG_MICROCODE_LATE_LOADING &dev_attr_reload.attr, @@ -772,23 +749,17 @@ int __init microcode_init(void) if (IS_ERR(microcode_pdev)) return PTR_ERR(microcode_pdev); - get_online_cpus(); - mutex_lock(µcode_mutex); - error = subsys_interface_register(&mc_cpu_interface); - mutex_unlock(µcode_mutex); - put_online_cpus(); - - if (error) - goto out_pdev; - error = sysfs_create_group(&cpu_subsys.dev_root->kobj, &cpu_root_microcode_group); if (error) { pr_err("Error creating microcode group!\n"); - goto out_driver; + goto out_pdev; } + /* Do per-CPU setup */ + schedule_on_each_cpu(setup_online_cpu); + register_syscore_ops(&mc_syscore_ops); cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting", mc_cpu_starting, NULL); @@ -799,15 +770,6 @@ int __init microcode_init(void) return 0; - out_driver: - get_online_cpus(); - mutex_lock(µcode_mutex); - - subsys_interface_unregister(&mc_cpu_interface); - - mutex_unlock(µcode_mutex); - put_online_cpus(); - out_pdev: platform_device_unregister(microcode_pdev); return error; -- Gitee From 5071ec24e77ece6a14448b65b45f243d7fa93528 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 19 Oct 2022 19:07:30 +0200 Subject: [PATCH 12/34] x86/microcode: Simplify init path even more mainline inclusion from mainline-v6.2-rc1 commit 2071c0aeda228107bf1b9e870b6187c90fbeef1d category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=2071c0aeda228107bf1b9e870b6187c90fbeef1d Intel-SIG: commit 2071c0aeda22 ("x86/microcode: Simplify init path even more") ------------------------------------- x86/microcode: Simplify init path even more Get rid of all the IPI-sending functions and their wrappers and use those which are supposed to be called on each CPU. Thus: - microcode_init_cpu() gets called on each CPU on init, applying any new microcode that the driver might've found on the filesystem. - mc_cpu_starting() simply tries to apply cached microcode as this is the cpuhp starting callback which gets called on CPU resume too. Even if the driver init function is a late initcall, there is no filesystem by then (not even a hdd driver has been loaded yet) so a new firmware load attempt cannot simply be done. It is pointless anyway - for that there's late loading if one really needs it. Signed-off-by: Borislav Petkov Reviewed-by: Ashok Raj Link: https://lore.kernel.org/r/20221028142638.28498-3-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/core.c | 120 ++++----------------------- 1 file changed, 16 insertions(+), 104 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index eb05a8ae4ea1..b88dd5ca6df4 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -336,60 +336,6 @@ void reload_early_microcode(void) } } -static void collect_cpu_info_local(void *arg) -{ - struct cpu_info_ctx *ctx = arg; - - ctx->err = microcode_ops->collect_cpu_info(smp_processor_id(), - ctx->cpu_sig); -} - -static int collect_cpu_info_on_target(int cpu, struct cpu_signature *cpu_sig) -{ - struct cpu_info_ctx ctx = { .cpu_sig = cpu_sig, .err = 0 }; - int ret; - - ret = smp_call_function_single(cpu, collect_cpu_info_local, &ctx, 1); - if (!ret) - ret = ctx.err; - - return ret; -} - -static int collect_cpu_info(int cpu) -{ - struct ucode_cpu_info *uci = ucode_cpu_info + cpu; - int ret; - - memset(uci, 0, sizeof(*uci)); - - ret = collect_cpu_info_on_target(cpu, &uci->cpu_sig); - if (!ret) - uci->valid = 1; - - return ret; -} - -static void apply_microcode_local(void *arg) -{ - enum ucode_state *err = arg; - - *err = microcode_ops->apply_microcode(smp_processor_id()); -} - -static int apply_microcode_on_target(int cpu) -{ - enum ucode_state err; - int ret; - - ret = smp_call_function_single(cpu, apply_microcode_local, &err, 1); - if (!ret) { - if (err == UCODE_ERROR) - ret = 1; - } - return ret; -} - /* fake device for request_firmware */ static struct platform_device *microcode_pdev; @@ -475,7 +421,7 @@ static int __reload_late(void *info) * below. */ if (cpumask_first(topology_sibling_cpumask(cpu)) == cpu) - apply_microcode_local(&err); + err = microcode_ops->apply_microcode(cpu); else goto wait_for_siblings; @@ -497,7 +443,7 @@ static int __reload_late(void *info) * revision. */ if (cpumask_first(topology_sibling_cpumask(cpu)) != cpu) - apply_microcode_local(&err); + err = microcode_ops->apply_microcode(cpu); return ret; } @@ -606,51 +552,15 @@ static void microcode_fini_cpu(int cpu) microcode_ops->microcode_fini_cpu(cpu); } -static enum ucode_state microcode_resume_cpu(int cpu) -{ - if (apply_microcode_on_target(cpu)) - return UCODE_ERROR; - - pr_debug("CPU%d updated upon resume\n", cpu); - - return UCODE_OK; -} - -static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw) -{ - struct ucode_cpu_info *uci = ucode_cpu_info + cpu; - enum ucode_state ustate; - - if (uci->valid) - return UCODE_OK; - - if (collect_cpu_info(cpu)) - return UCODE_ERROR; - - /* --dimm. Trigger a delayed update? */ - if (system_state != SYSTEM_RUNNING) - return UCODE_NFOUND; - - ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, refresh_fw); - if (ustate == UCODE_NEW) { - pr_debug("CPU%d updated upon init\n", cpu); - apply_microcode_on_target(cpu); - } - - return ustate; -} - -static enum ucode_state microcode_update_cpu(int cpu) +static enum ucode_state microcode_init_cpu(int cpu) { struct ucode_cpu_info *uci = ucode_cpu_info + cpu; - /* Refresh CPU microcode revision after resume. */ - collect_cpu_info(cpu); + memset(uci, 0, sizeof(*uci)); - if (uci->valid) - return microcode_resume_cpu(cpu); + microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); - return microcode_init_cpu(cpu, false); + return microcode_ops->apply_microcode(cpu); } /** @@ -668,14 +578,14 @@ void microcode_bsp_resume(void) } static struct syscore_ops mc_syscore_ops = { - .resume = microcode_bsp_resume, + .resume = microcode_bsp_resume, }; static int mc_cpu_starting(unsigned int cpu) { - microcode_update_cpu(cpu); - pr_debug("CPU%d added\n", cpu); - return 0; + enum ucode_state err = microcode_ops->apply_microcode(cpu); + + return err == UCODE_ERROR; } static int mc_cpu_online(unsigned int cpu) @@ -705,11 +615,13 @@ static int mc_cpu_down_prep(unsigned int cpu) static void setup_online_cpu(struct work_struct *work) { int cpu = smp_processor_id(); - struct ucode_cpu_info *uci = ucode_cpu_info + cpu; - - memset(uci, 0, sizeof(*uci)); + enum ucode_state err; - microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); + err = microcode_init_cpu(cpu); + if (err == UCODE_ERROR) { + pr_err("Error applying microcode on CPU%d\n", cpu); + return; + } mc_cpu_online(cpu); } -- Gitee From 8b0c0efc1b084049dedcb623ffd6b35b7baaef96 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 19 Oct 2022 19:16:20 +0200 Subject: [PATCH 13/34] x86/microcode: Kill refresh_fw mainline inclusion from mainline-v6.2-rc1 commit a61ac80ae52ea349416472cd52005f9988537208 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=a61ac80ae52ea349416472cd52005f9988537208 Intel-SIG: commit a61ac80ae52e ("x86/microcode: Kill refresh_fw") ------------------------------------- x86/microcode: Kill refresh_fw request_microcode_fw() can always request firmware now so drop this superfluous argument. Signed-off-by: Borislav Petkov Reviewed-by: Ashok Raj Link: https://lore.kernel.org/r/20221028142638.28498-4-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/include/asm/microcode.h | 3 +-- arch/x86/kernel/cpu/microcode/amd.c | 5 ++--- arch/x86/kernel/cpu/microcode/core.c | 2 +- arch/x86/kernel/cpu/microcode/intel.c | 3 +-- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h index 7875b7361ec8..cf9772cee384 100644 --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -32,8 +32,7 @@ enum ucode_state { }; struct microcode_ops { - enum ucode_state (*request_microcode_fw) (int cpu, struct device *, - bool refresh_fw); + enum ucode_state (*request_microcode_fw) (int cpu, struct device *); void (*microcode_fini_cpu) (int cpu); diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 9fff9df93cda..3329b5509ca1 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -885,8 +885,7 @@ load_microcode_amd(bool save, u8 family, const u8 *data, size_t size) * * These might be larger than 2K. */ -static enum ucode_state request_microcode_amd(int cpu, struct device *device, - bool refresh_fw) +static enum ucode_state request_microcode_amd(int cpu, struct device *device) { char fw_name[36] = "amd-ucode/microcode_amd.bin"; struct cpuinfo_x86 *c = &cpu_data(cpu); @@ -895,7 +894,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device, const struct firmware *fw; /* reload ucode container only on the boot cpu */ - if (!refresh_fw || !bsp) + if (!bsp) return UCODE_OK; if (c->x86 >= 0x15) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index b88dd5ca6df4..bb44758c0d82 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -494,7 +494,7 @@ static ssize_t reload_store(struct device *dev, if (ret) goto put; - tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true); + tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev); if (tmp_ret != UCODE_NEW) goto put; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index bde40cd5b117..75f4942c4bfe 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -878,8 +878,7 @@ static bool is_blacklisted(unsigned int cpu) return false; } -static enum ucode_state request_microcode_fw(int cpu, struct device *device, - bool refresh_fw) +static enum ucode_state request_microcode_fw(int cpu, struct device *device) { struct cpuinfo_x86 *c = &cpu_data(cpu); const struct firmware *firmware; -- Gitee From 7e92c727b035d4860fa63c9fcb0f1e95c9041d86 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 19 Oct 2022 19:20:47 +0200 Subject: [PATCH 14/34] x86/microcode: Do some minor fixups mainline inclusion from mainline-v6.2-rc1 commit 2e6ff4052d89ff9eeaddece14ba88c40bf8b2721 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=2e6ff4052d89ff9eeaddece14ba88c40bf8b2721 Intel-SIG: commit 2e6ff4052d89 ("x86/microcode: Do some minor fixups") ------------------------------------- x86/microcode: Do some minor fixups Improve debugging printks and fixup formatting. Signed-off-by: Borislav Petkov Reviewed-by: Ashok Raj Link: https://lore.kernel.org/r/20221028142638.28498-5-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/core.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index bb44758c0d82..84300b80a1ee 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -585,6 +585,8 @@ static int mc_cpu_starting(unsigned int cpu) { enum ucode_state err = microcode_ops->apply_microcode(cpu); + pr_debug("%s: CPU%d, err: %d\n", __func__, cpu, err); + return err == UCODE_ERROR; } @@ -607,7 +609,7 @@ static int mc_cpu_down_prep(unsigned int cpu) /* Suspend is in progress, only remove the interface */ sysfs_remove_group(&dev->kobj, &mc_attr_group); - pr_debug("CPU%d removed\n", cpu); + pr_debug("%s: CPU%d\n", __func__, cpu); return 0; } @@ -656,14 +658,11 @@ int __init microcode_init(void) if (!microcode_ops) return -ENODEV; - microcode_pdev = platform_device_register_simple("microcode", -1, - NULL, 0); + microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0); if (IS_ERR(microcode_pdev)) return PTR_ERR(microcode_pdev); - error = sysfs_create_group(&cpu_subsys.dev_root->kobj, - &cpu_root_microcode_group); - + error = sysfs_create_group(&cpu_subsys.dev_root->kobj, &cpu_root_microcode_group); if (error) { pr_err("Error creating microcode group!\n"); goto out_pdev; -- Gitee From e6a1a829237918f9ccf9c8df005d205dd8b1f360 Mon Sep 17 00:00:00 2001 From: Borislav Petkov Date: Wed, 19 Oct 2022 19:25:27 +0200 Subject: [PATCH 15/34] x86/microcode: Drop struct ucode_cpu_info.valid mainline inclusion from mainline-v6.2-rc1 commit 254ed7cf4dd79a18bbc496ab53f6c82d45431c78 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=254ed7cf4dd79a18bbc496ab53f6c82d45431c78 Intel-SIG: commit 254ed7cf4dd7 ("x86/microcode: Drop struct ucode_cpu_info.valid") ------------------------------------- x86/microcode: Drop struct ucode_cpu_info.valid It is not needed anymore. Signed-off-by: Borislav Petkov Reviewed-by: Ashok Raj Link: https://lore.kernel.org/r/20221028142638.28498-6-bp@alien8.de Signed-off-by: Aichun Shi --- arch/x86/include/asm/microcode.h | 1 - arch/x86/kernel/cpu/intel.c | 1 - arch/x86/kernel/cpu/microcode/core.c | 4 ++-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h index cf9772cee384..9036643949f7 100644 --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -48,7 +48,6 @@ struct microcode_ops { struct ucode_cpu_info { struct cpu_signature cpu_sig; - int valid; void *mc; }; extern struct ucode_cpu_info ucode_cpu_info[]; diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index c83f9658feb2..6e8b0f6fbc43 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -207,7 +207,6 @@ int intel_cpu_collect_info(struct ucode_cpu_info *uci) csig.rev = intel_get_microcode_revision(); uci->cpu_sig = csig; - uci->valid = 1; return 0; } diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c index 84300b80a1ee..3f897075bf0f 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -571,9 +571,9 @@ void microcode_bsp_resume(void) int cpu = smp_processor_id(); struct ucode_cpu_info *uci = ucode_cpu_info + cpu; - if (uci->valid && uci->mc) + if (uci->mc) microcode_ops->apply_microcode(cpu); - else if (!uci->mc) + else reload_early_microcode(); } -- Gitee From eef8a3398997f57bf0e952afe75b4ea6ba91bb57 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:20 -0800 Subject: [PATCH 16/34] platform/x86/intel/ifs: Remove unused selection mainline inclusion from mainline-v6.2-rc1 commit 10d4853e4c5cd64b9ef1e5579bb2e89bceab4175 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=10d4853e4c5cd64b9ef1e5579bb2e89bceab4175 Intel-SIG: commit 10d4853e4c5c ("platform/x86/intel/ifs: Remove unused selection") ------------------------------------- platform/x86/intel/ifs: Remove unused selection CONFIG_INTEL_IFS_DEVICE is not used anywhere. The selection in Kconfig is therefore pointless. Delete it. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117035935.4136738-2-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/platform/x86/intel/ifs/Kconfig b/drivers/platform/x86/intel/ifs/Kconfig index c341a27cc1a3..89152d46deee 100644 --- a/drivers/platform/x86/intel/ifs/Kconfig +++ b/drivers/platform/x86/intel/ifs/Kconfig @@ -4,7 +4,6 @@ config INTEL_IFS # Discussion on the list has shown that the sysfs API needs a bit # more work, mark this as broken for now depends on BROKEN - select INTEL_IFS_DEVICE help Enable support for the In Field Scan capability in select CPUs. The capability allows for running low level tests via -- Gitee From b7f7cdc5a0f1e23e5fce7457c3c9fad6fc053e6c Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:21 -0800 Subject: [PATCH 17/34] platform/x86/intel/ifs: Return a more appropriate error code mainline inclusion from mainline-v6.2-rc1 commit f4e209e956b5d66f0e6e34e89f19811c2c1e596e category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=f4e209e956b5d66f0e6e34e89f19811c2c1e596e Intel-SIG: commit f4e209e956b5 ("platform/x86/intel/ifs: Return a more appropriate error code") ------------------------------------- platform/x86/intel/ifs: Return a more appropriate error code scan_chunks_sanity_check() returns -ENOMEM if it encounters an error while copying IFS test image from memory to Secure Memory. Return -EIO in this scenario, as it is more appropriate. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117035935.4136738-3-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/load.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index eed7a65ce1b4..e06283aac79a 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -157,8 +157,10 @@ static int scan_chunks_sanity_check(struct device *dev) INIT_WORK(&local_work.w, copy_hashes_authenticate_chunks); schedule_work_on(cpu, &local_work.w); wait_for_completion(&ifs_done); - if (ifsd->loading_error) + if (ifsd->loading_error) { + ret = -EIO; goto out; + } package_authenticated[curr_pkg] = 1; } ret = 0; -- Gitee From 5c1c6af64bee08d28b62e290023641f437569618 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:22 -0800 Subject: [PATCH 18/34] platform/x86/intel/ifs: Remove image loading during init mainline inclusion from mainline-v6.2-rc1 commit a4c30fa4ead5e6628e5ff5a45664ba7181acf6f1 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=a4c30fa4ead5e6628e5ff5a45664ba7181acf6f1 Intel-SIG: commit a4c30fa4ead5 ("platform/x86/intel/ifs: Remove image loading during init") ------------------------------------- platform/x86/intel/ifs: Remove image loading during init IFS test image is unnecessarily loaded during driver initialization. Drop image loading during ifs_init() and improve module load time. With this change, user has to load one when starting the tests. As a consequence, make ifs_sem static as it is only used within sysfs.c Suggested-by: Hans de Goede Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117035935.4136738-4-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/core.c | 6 +----- drivers/platform/x86/intel/ifs/ifs.h | 2 -- drivers/platform/x86/intel/ifs/sysfs.c | 2 +- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/drivers/platform/x86/intel/ifs/core.c b/drivers/platform/x86/intel/ifs/core.c index 27204e3d674d..5fb7f655c291 100644 --- a/drivers/platform/x86/intel/ifs/core.c +++ b/drivers/platform/x86/intel/ifs/core.c @@ -51,12 +51,8 @@ static int __init ifs_init(void) ifs_device.misc.groups = ifs_get_groups(); if ((msrval & BIT(ifs_device.data.integrity_cap_bit)) && - !misc_register(&ifs_device.misc)) { - down(&ifs_sem); - ifs_load_firmware(ifs_device.misc.this_device); - up(&ifs_sem); + !misc_register(&ifs_device.misc)) return 0; - } return -ENODEV; } diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index 73c8e91cf144..3ff1d9aaeaa9 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -229,6 +229,4 @@ void ifs_load_firmware(struct device *dev); int do_core_test(int cpu, struct device *dev); const struct attribute_group **ifs_get_groups(void); -extern struct semaphore ifs_sem; - #endif diff --git a/drivers/platform/x86/intel/ifs/sysfs.c b/drivers/platform/x86/intel/ifs/sysfs.c index 37d8380d6fa8..65dd6fea5342 100644 --- a/drivers/platform/x86/intel/ifs/sysfs.c +++ b/drivers/platform/x86/intel/ifs/sysfs.c @@ -13,7 +13,7 @@ * Protects against simultaneous tests on multiple cores, or * reloading can file while a test is in progress */ -DEFINE_SEMAPHORE(ifs_sem); +static DEFINE_SEMAPHORE(ifs_sem); /* * The sysfs interface to check additional details of last test -- Gitee From 574ef6a9591f8aeb1533a09a5f8c33eb39e2ac48 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Thu, 17 Nov 2022 11:59:57 -0800 Subject: [PATCH 19/34] platform/x86/intel/ifs: Remove memory allocation from load path mainline inclusion from mainline-v6.2-rc1 commit cb5eceee816bf05667089869d822b9cbc919465a category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=cb5eceee816bf05667089869d822b9cbc919465a Intel-SIG: commit cb5eceee816b ("platform/x86/intel/ifs: Remove memory allocation from load path") ------------------------------------- platform/x86/intel/ifs: Remove memory allocation from load path IFS requires tests to be authenticated once for each CPU socket on a system. scan_chunks_sanity_check() was dynamically allocating memory to store the state of whether tests have been authenticated on each socket for every load operation. Move the memory allocation to init path and store the pointer in ifs_data struct. Also rearrange the adjacent error checking in init for a more simplified and natural flow. Suggested-by: Borislav Petkov Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117195957.28225-1-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/core.c | 20 ++++++++++++++++---- drivers/platform/x86/intel/ifs/ifs.h | 2 ++ drivers/platform/x86/intel/ifs/load.c | 14 ++++---------- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/drivers/platform/x86/intel/ifs/core.c b/drivers/platform/x86/intel/ifs/core.c index 5fb7f655c291..943eb2a17c64 100644 --- a/drivers/platform/x86/intel/ifs/core.c +++ b/drivers/platform/x86/intel/ifs/core.c @@ -4,6 +4,7 @@ #include #include #include +#include #include @@ -34,6 +35,7 @@ static int __init ifs_init(void) { const struct x86_cpu_id *m; u64 msrval; + int ret; m = x86_match_cpu(ifs_cpu_ids); if (!m) @@ -50,16 +52,26 @@ static int __init ifs_init(void) ifs_device.misc.groups = ifs_get_groups(); - if ((msrval & BIT(ifs_device.data.integrity_cap_bit)) && - !misc_register(&ifs_device.misc)) - return 0; + if (!(msrval & BIT(ifs_device.data.integrity_cap_bit))) + return -ENODEV; + + ifs_device.data.pkg_auth = kmalloc_array(topology_max_packages(), sizeof(bool), GFP_KERNEL); + if (!ifs_device.data.pkg_auth) + return -ENOMEM; + + ret = misc_register(&ifs_device.misc); + if (ret) { + kfree(ifs_device.data.pkg_auth); + return ret; + } - return -ENODEV; + return 0; } static void __exit ifs_exit(void) { misc_deregister(&ifs_device.misc); + kfree(ifs_device.data.pkg_auth); } module_init(ifs_init); diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index 3ff1d9aaeaa9..8de1952a1b7b 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -191,6 +191,7 @@ union ifs_status { * struct ifs_data - attributes related to intel IFS driver * @integrity_cap_bit: MSR_INTEGRITY_CAPS bit enumerating this test * @loaded_version: stores the currently loaded ifs image version. + * @pkg_auth: array of bool storing per package auth status * @loaded: If a valid test binary has been loaded into the memory * @loading_error: Error occurred on another CPU while loading image * @valid_chunks: number of chunks which could be validated. @@ -199,6 +200,7 @@ union ifs_status { */ struct ifs_data { int integrity_cap_bit; + bool *pkg_auth; int loaded_version; bool loaded; bool loading_error; diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index e06283aac79a..7b96ed450287 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -3,7 +3,6 @@ #include #include -#include #include #include "ifs.h" @@ -118,16 +117,12 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work) */ static int scan_chunks_sanity_check(struct device *dev) { - int metadata_size, curr_pkg, cpu, ret = -ENOMEM; + int metadata_size, curr_pkg, cpu, ret; struct ifs_data *ifsd = ifs_get_data(dev); - bool *package_authenticated; struct ifs_work local_work; char *test_ptr; - package_authenticated = kcalloc(topology_max_packages(), sizeof(bool), GFP_KERNEL); - if (!package_authenticated) - return ret; - + memset(ifsd->pkg_auth, 0, (topology_max_packages() * sizeof(bool))); metadata_size = ifs_header_ptr->metadata_size; /* Spec says that if the Meta Data Size = 0 then it should be treated as 2000 */ @@ -150,7 +145,7 @@ static int scan_chunks_sanity_check(struct device *dev) cpus_read_lock(); for_each_online_cpu(cpu) { curr_pkg = topology_physical_package_id(cpu); - if (package_authenticated[curr_pkg]) + if (ifsd->pkg_auth[curr_pkg]) continue; reinit_completion(&ifs_done); local_work.dev = dev; @@ -161,12 +156,11 @@ static int scan_chunks_sanity_check(struct device *dev) ret = -EIO; goto out; } - package_authenticated[curr_pkg] = 1; + ifsd->pkg_auth[curr_pkg] = 1; } ret = 0; out: cpus_read_unlock(); - kfree(package_authenticated); return ret; } -- Gitee From 6e9a21100574b37f816a03675171b17cd897c491 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:24 -0800 Subject: [PATCH 20/34] x86/microcode/intel: Reuse find_matching_signature() mainline inclusion from mainline-v6.2-rc1 commit 716f380275866350ee44447b3c7c999f39c3178d category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=716f380275866350ee44447b3c7c999f39c3178d Intel-SIG: commit 716f38027586 ("x86/microcode/intel: Reuse find_matching_signature()") ------------------------------------- x86/microcode/intel: Reuse find_matching_signature() IFS uses test images provided by Intel that can be regarded as firmware. An IFS test image carries microcode header with an extended signature table. Reuse find_matching_signature() for verifying if the test image header or the extended signature table indicate whether that image is fit to run on a system. No functional changes. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Ashok Raj Reviewed-by: Sohil Mehta Link: https://lore.kernel.org/r/20221117035935.4136738-6-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- arch/x86/include/asm/cpu.h | 2 ++ arch/x86/kernel/cpu/intel.c | 29 ++++++++++++++++++ arch/x86/kernel/cpu/microcode/intel.c | 44 +++++---------------------- 3 files changed, 39 insertions(+), 36 deletions(-) diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h index c12681677d03..917d35ba79be 100644 --- a/arch/x86/include/asm/cpu.h +++ b/arch/x86/include/asm/cpu.h @@ -85,4 +85,6 @@ static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned int p1, return p1 & p2; } +int intel_find_matching_signature(void *mc, unsigned int csig, int cpf); + #endif /* _ASM_X86_CPU_H */ diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 6e8b0f6fbc43..d11d486aba8a 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -212,6 +212,35 @@ int intel_cpu_collect_info(struct ucode_cpu_info *uci) } EXPORT_SYMBOL_GPL(intel_cpu_collect_info); +/* + * Returns 1 if update has been found, 0 otherwise. + */ +int intel_find_matching_signature(void *mc, unsigned int csig, int cpf) +{ + struct microcode_header_intel *mc_hdr = mc; + struct extended_sigtable *ext_hdr; + struct extended_signature *ext_sig; + int i; + + if (intel_cpu_signatures_match(csig, cpf, mc_hdr->sig, mc_hdr->pf)) + return 1; + + /* Look for ext. headers: */ + if (get_totalsize(mc_hdr) <= get_datasize(mc_hdr) + MC_HEADER_SIZE) + return 0; + + ext_hdr = mc + get_datasize(mc_hdr) + MC_HEADER_SIZE; + ext_sig = (void *)ext_hdr + EXT_HEADER_SIZE; + + for (i = 0; i < ext_hdr->count; i++) { + if (intel_cpu_signatures_match(csig, cpf, ext_sig->sig, ext_sig->pf)) + return 1; + ext_sig++; + } + return 0; +} +EXPORT_SYMBOL_GPL(intel_find_matching_signature); + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 75f4942c4bfe..0c3c30c1c9c2 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -45,34 +45,6 @@ static struct microcode_intel *intel_ucode_patch; /* last level cache size per core */ static int llc_size_per_core; -/* - * Returns 1 if update has been found, 0 otherwise. - */ -static int find_matching_signature(void *mc, unsigned int csig, int cpf) -{ - struct microcode_header_intel *mc_hdr = mc; - struct extended_sigtable *ext_hdr; - struct extended_signature *ext_sig; - int i; - - if (intel_cpu_signatures_match(csig, cpf, mc_hdr->sig, mc_hdr->pf)) - return 1; - - /* Look for ext. headers: */ - if (get_totalsize(mc_hdr) <= get_datasize(mc_hdr) + MC_HEADER_SIZE) - return 0; - - ext_hdr = mc + get_datasize(mc_hdr) + MC_HEADER_SIZE; - ext_sig = (void *)ext_hdr + EXT_HEADER_SIZE; - - for (i = 0; i < ext_hdr->count; i++) { - if (intel_cpu_signatures_match(csig, cpf, ext_sig->sig, ext_sig->pf)) - return 1; - ext_sig++; - } - return 0; -} - /* * Returns 1 if update has been found, 0 otherwise. */ @@ -83,7 +55,7 @@ static int has_newer_microcode(void *mc, unsigned int csig, int cpf, int new_rev if (mc_hdr->rev <= new_rev) return 0; - return find_matching_signature(mc, csig, cpf); + return intel_find_matching_signature(mc, csig, cpf); } static struct ucode_patch *memdup_patch(void *data, unsigned int size) @@ -117,7 +89,7 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne sig = mc_saved_hdr->sig; pf = mc_saved_hdr->pf; - if (find_matching_signature(data, sig, pf)) { + if (intel_find_matching_signature(data, sig, pf)) { prev_found = true; if (mc_hdr->rev <= mc_saved_hdr->rev) @@ -149,7 +121,7 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne if (!p) return; - if (!find_matching_signature(p->data, uci->cpu_sig.sig, uci->cpu_sig.pf)) + if (!intel_find_matching_signature(p->data, uci->cpu_sig.sig, uci->cpu_sig.pf)) return; /* @@ -286,8 +258,8 @@ scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool save) size -= mc_size; - if (!find_matching_signature(data, uci->cpu_sig.sig, - uci->cpu_sig.pf)) { + if (!intel_find_matching_signature(data, uci->cpu_sig.sig, + uci->cpu_sig.pf)) { data += mc_size; continue; } @@ -645,9 +617,9 @@ static struct microcode_intel *find_patch(struct ucode_cpu_info *uci) if (phdr->rev <= uci->cpu_sig.rev) continue; - if (!find_matching_signature(phdr, - uci->cpu_sig.sig, - uci->cpu_sig.pf)) + if (!intel_find_matching_signature(phdr, + uci->cpu_sig.sig, + uci->cpu_sig.pf)) continue; return iter->data; -- Gitee From 50489dce9e85d49c4e2d0ac8c1183835d657ff5d Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:25 -0800 Subject: [PATCH 21/34] x86/microcode/intel: Use appropriate type in microcode_sanity_check() mainline inclusion from mainline-v6.2-rc1 commit 2e13ab0158dd4a033d61a5baa8f9b5b7c9ea8431 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=2e13ab0158dd4a033d61a5baa8f9b5b7c9ea8431 Intel-SIG: commit 2e13ab0158dd ("x86/microcode/intel: Use appropriate type in microcode_sanity_check()") ------------------------------------- x86/microcode/intel: Use appropriate type in microcode_sanity_check() The data type of the @print_err parameter used by microcode_sanity_check() is int. In preparation for exporting this function to be used by the IFS driver convert it to a more appropriate bool type for readability. No functional change intended. Suggested-by: Tony Luck Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Ashok Raj Reviewed-by: Sohil Mehta Link: https://lore.kernel.org/r/20221117035935.4136738-7-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/intel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 0c3c30c1c9c2..804964f9fa91 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -135,7 +135,7 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne intel_ucode_patch = p->data; } -static int microcode_sanity_check(void *mc, int print_err) +static int microcode_sanity_check(void *mc, bool print_err) { unsigned long total_size, data_size, ext_table_size; struct microcode_header_intel *mc_header = mc; @@ -253,7 +253,7 @@ scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool save) mc_size = get_totalsize(mc_header); if (!mc_size || mc_size > size || - microcode_sanity_check(data, 0) < 0) + microcode_sanity_check(data, false) < 0) break; size -= mc_size; @@ -785,7 +785,7 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) memcpy(mc, &mc_header, sizeof(mc_header)); data = mc + sizeof(mc_header); if (!copy_from_iter_full(data, data_size, iter) || - microcode_sanity_check(mc, 1) < 0) { + microcode_sanity_check(mc, true) < 0) { break; } -- Gitee From 5579cedf4de7dae9e6835979a378c9fbe9f06e1c Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:26 -0800 Subject: [PATCH 22/34] x86/microcode/intel: Reuse microcode_sanity_check() mainline inclusion from mainline-v6.2-rc1 commit 514ee839c6d0750c1c4456502e6fa08599e57931 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=514ee839c6d0750c1c4456502e6fa08599e57931 Intel-SIG: commit 514ee839c6d0 ("x86/microcode/intel: Reuse microcode_sanity_check()") ------------------------------------- x86/microcode/intel: Reuse microcode_sanity_check() IFS test image carries the same microcode header as regular Intel microcode blobs. Reuse microcode_sanity_check() in the IFS driver to perform sanity check of the IFS test images too. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Ashok Raj Reviewed-by: Sohil Mehta Link: https://lore.kernel.org/r/20221117035935.4136738-8-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- arch/x86/include/asm/cpu.h | 1 + arch/x86/kernel/cpu/intel.c | 99 +++++++++++++++++++++++++ arch/x86/kernel/cpu/microcode/intel.c | 102 +------------------------- 3 files changed, 102 insertions(+), 100 deletions(-) diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h index 917d35ba79be..b81dbd6d719b 100644 --- a/arch/x86/include/asm/cpu.h +++ b/arch/x86/include/asm/cpu.h @@ -86,5 +86,6 @@ static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned int p1, } int intel_find_matching_signature(void *mc, unsigned int csig, int cpf); +int intel_microcode_sanity_check(void *mc, bool print_err); #endif /* _ASM_X86_CPU_H */ diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index d11d486aba8a..4b2ed8e03f18 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -241,6 +241,105 @@ int intel_find_matching_signature(void *mc, unsigned int csig, int cpf) } EXPORT_SYMBOL_GPL(intel_find_matching_signature); +int intel_microcode_sanity_check(void *mc, bool print_err) +{ + unsigned long total_size, data_size, ext_table_size; + struct microcode_header_intel *mc_header = mc; + struct extended_sigtable *ext_header = NULL; + u32 sum, orig_sum, ext_sigcount = 0, i; + struct extended_signature *ext_sig; + + total_size = get_totalsize(mc_header); + data_size = get_datasize(mc_header); + + if (data_size + MC_HEADER_SIZE > total_size) { + if (print_err) + pr_err("Error: bad microcode data file size.\n"); + return -EINVAL; + } + + if (mc_header->ldrver != 1 || mc_header->hdrver != 1) { + if (print_err) + pr_err("Error: invalid/unknown microcode update format.\n"); + return -EINVAL; + } + + ext_table_size = total_size - (MC_HEADER_SIZE + data_size); + if (ext_table_size) { + u32 ext_table_sum = 0; + u32 *ext_tablep; + + if (ext_table_size < EXT_HEADER_SIZE || + ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) { + if (print_err) + pr_err("Error: truncated extended signature table.\n"); + return -EINVAL; + } + + ext_header = mc + MC_HEADER_SIZE + data_size; + if (ext_table_size != exttable_size(ext_header)) { + if (print_err) + pr_err("Error: extended signature table size mismatch.\n"); + return -EFAULT; + } + + ext_sigcount = ext_header->count; + + /* + * Check extended table checksum: the sum of all dwords that + * comprise a valid table must be 0. + */ + ext_tablep = (u32 *)ext_header; + + i = ext_table_size / sizeof(u32); + while (i--) + ext_table_sum += ext_tablep[i]; + + if (ext_table_sum) { + if (print_err) + pr_warn("Bad extended signature table checksum, aborting.\n"); + return -EINVAL; + } + } + + /* + * Calculate the checksum of update data and header. The checksum of + * valid update data and header including the extended signature table + * must be 0. + */ + orig_sum = 0; + i = (MC_HEADER_SIZE + data_size) / sizeof(u32); + while (i--) + orig_sum += ((u32 *)mc)[i]; + + if (orig_sum) { + if (print_err) + pr_err("Bad microcode data checksum, aborting.\n"); + return -EINVAL; + } + + if (!ext_table_size) + return 0; + + /* + * Check extended signature checksum: 0 => valid. + */ + for (i = 0; i < ext_sigcount; i++) { + ext_sig = (void *)ext_header + EXT_HEADER_SIZE + + EXT_SIGNATURE_SIZE * i; + + sum = (mc_header->sig + mc_header->pf + mc_header->cksum) - + (ext_sig->sig + ext_sig->pf + ext_sig->cksum); + if (sum) { + if (print_err) + pr_err("Bad extended signature checksum, aborting.\n"); + return -EINVAL; + } + } + return 0; +} +EXPORT_SYMBOL_GPL(intel_microcode_sanity_check); + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 804964f9fa91..265068c0522b 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -135,104 +135,6 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne intel_ucode_patch = p->data; } -static int microcode_sanity_check(void *mc, bool print_err) -{ - unsigned long total_size, data_size, ext_table_size; - struct microcode_header_intel *mc_header = mc; - struct extended_sigtable *ext_header = NULL; - u32 sum, orig_sum, ext_sigcount = 0, i; - struct extended_signature *ext_sig; - - total_size = get_totalsize(mc_header); - data_size = get_datasize(mc_header); - - if (data_size + MC_HEADER_SIZE > total_size) { - if (print_err) - pr_err("Error: bad microcode data file size.\n"); - return -EINVAL; - } - - if (mc_header->ldrver != 1 || mc_header->hdrver != 1) { - if (print_err) - pr_err("Error: invalid/unknown microcode update format.\n"); - return -EINVAL; - } - - ext_table_size = total_size - (MC_HEADER_SIZE + data_size); - if (ext_table_size) { - u32 ext_table_sum = 0; - u32 *ext_tablep; - - if ((ext_table_size < EXT_HEADER_SIZE) - || ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) { - if (print_err) - pr_err("Error: truncated extended signature table.\n"); - return -EINVAL; - } - - ext_header = mc + MC_HEADER_SIZE + data_size; - if (ext_table_size != exttable_size(ext_header)) { - if (print_err) - pr_err("Error: extended signature table size mismatch.\n"); - return -EFAULT; - } - - ext_sigcount = ext_header->count; - - /* - * Check extended table checksum: the sum of all dwords that - * comprise a valid table must be 0. - */ - ext_tablep = (u32 *)ext_header; - - i = ext_table_size / sizeof(u32); - while (i--) - ext_table_sum += ext_tablep[i]; - - if (ext_table_sum) { - if (print_err) - pr_warn("Bad extended signature table checksum, aborting.\n"); - return -EINVAL; - } - } - - /* - * Calculate the checksum of update data and header. The checksum of - * valid update data and header including the extended signature table - * must be 0. - */ - orig_sum = 0; - i = (MC_HEADER_SIZE + data_size) / sizeof(u32); - while (i--) - orig_sum += ((u32 *)mc)[i]; - - if (orig_sum) { - if (print_err) - pr_err("Bad microcode data checksum, aborting.\n"); - return -EINVAL; - } - - if (!ext_table_size) - return 0; - - /* - * Check extended signature checksum: 0 => valid. - */ - for (i = 0; i < ext_sigcount; i++) { - ext_sig = (void *)ext_header + EXT_HEADER_SIZE + - EXT_SIGNATURE_SIZE * i; - - sum = (mc_header->sig + mc_header->pf + mc_header->cksum) - - (ext_sig->sig + ext_sig->pf + ext_sig->cksum); - if (sum) { - if (print_err) - pr_err("Bad extended signature checksum, aborting.\n"); - return -EINVAL; - } - } - return 0; -} - /* * Get microcode matching with BSP's model. Only CPUs with the same model as * BSP can stay in the platform. @@ -253,7 +155,7 @@ scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool save) mc_size = get_totalsize(mc_header); if (!mc_size || mc_size > size || - microcode_sanity_check(data, false) < 0) + intel_microcode_sanity_check(data, false) < 0) break; size -= mc_size; @@ -785,7 +687,7 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) memcpy(mc, &mc_header, sizeof(mc_header)); data = mc + sizeof(mc_header); if (!copy_from_iter_full(data, data_size, iter) || - microcode_sanity_check(mc, true) < 0) { + intel_microcode_sanity_check(mc, true) < 0) { break; } -- Gitee From e42d1f53a3995109df8f9016e6bdc39d646ef1f9 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:27 -0800 Subject: [PATCH 23/34] x86/microcode/intel: Add hdr_type to intel_microcode_sanity_check() mainline inclusion from mainline-v6.2-rc1 commit e0788c3281a72386e75b53a010de4bfbac7e80db category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=e0788c3281a72386e75b53a010de4bfbac7e80db Intel-SIG: commit e0788c3281a7 ("x86/microcode/intel: Add hdr_type to intel_microcode_sanity_check()") ------------------------------------- x86/microcode/intel: Add hdr_type to intel_microcode_sanity_check() IFS test images and microcode blobs use the same header format. Microcode blobs use header type of 1, whereas IFS test images will use header type of 2. In preparation for IFS reusing intel_microcode_sanity_check(), add header type as a parameter for sanity check. [ bp: Touchups. ] Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Ashok Raj Link: https://lore.kernel.org/r/20221117035935.4136738-9-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- arch/x86/include/asm/cpu.h | 2 +- arch/x86/include/asm/microcode_intel.h | 1 + arch/x86/kernel/cpu/intel.c | 21 ++++++++++++++++++--- arch/x86/kernel/cpu/microcode/intel.c | 4 ++-- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h index b81dbd6d719b..096bf1b2da8d 100644 --- a/arch/x86/include/asm/cpu.h +++ b/arch/x86/include/asm/cpu.h @@ -86,6 +86,6 @@ static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned int p1, } int intel_find_matching_signature(void *mc, unsigned int csig, int cpf); -int intel_microcode_sanity_check(void *mc, bool print_err); +int intel_microcode_sanity_check(void *mc, bool print_err, int hdr_type); #endif /* _ASM_X86_CPU_H */ diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h index d85a07d7154f..ff2bd31347e2 100644 --- a/arch/x86/include/asm/microcode_intel.h +++ b/arch/x86/include/asm/microcode_intel.h @@ -41,6 +41,7 @@ struct extended_sigtable { #define DEFAULT_UCODE_TOTALSIZE (DEFAULT_UCODE_DATASIZE + MC_HEADER_SIZE) #define EXT_HEADER_SIZE (sizeof(struct extended_sigtable)) #define EXT_SIGNATURE_SIZE (sizeof(struct extended_signature)) +#define MC_HEADER_TYPE_MICROCODE 1 #define get_totalsize(mc) \ (((struct microcode_intel *)mc)->hdr.datasize ? \ diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 4b2ed8e03f18..232012a15630 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -241,7 +241,21 @@ int intel_find_matching_signature(void *mc, unsigned int csig, int cpf) } EXPORT_SYMBOL_GPL(intel_find_matching_signature); -int intel_microcode_sanity_check(void *mc, bool print_err) +/** + * intel_microcode_sanity_check() - Sanity check microcode file. + * @mc: Pointer to the microcode file contents. + * @print_err: Display failure reason if true, silent if false. + * @hdr_type: Type of file, i.e. normal microcode file or In Field Scan file. + * Validate if the microcode header type matches with the type + * specified here. + * + * Validate certain header fields and verify if computed checksum matches + * with the one specified in the header. + * + * Return: 0 if the file passes all the checks, -EINVAL if any of the checks + * fail. + */ +int intel_microcode_sanity_check(void *mc, bool print_err, int hdr_type) { unsigned long total_size, data_size, ext_table_size; struct microcode_header_intel *mc_header = mc; @@ -258,9 +272,10 @@ int intel_microcode_sanity_check(void *mc, bool print_err) return -EINVAL; } - if (mc_header->ldrver != 1 || mc_header->hdrver != 1) { + if (mc_header->ldrver != 1 || mc_header->hdrver != hdr_type) { if (print_err) - pr_err("Error: invalid/unknown microcode update format.\n"); + pr_err("Error: invalid/unknown microcode update format. Header type %d\n", + mc_header->hdrver); return -EINVAL; } diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 265068c0522b..aed2b4e6c91a 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -155,7 +155,7 @@ scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool save) mc_size = get_totalsize(mc_header); if (!mc_size || mc_size > size || - intel_microcode_sanity_check(data, false) < 0) + intel_microcode_sanity_check(data, false, MC_HEADER_TYPE_MICROCODE) < 0) break; size -= mc_size; @@ -687,7 +687,7 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) memcpy(mc, &mc_header, sizeof(mc_header)); data = mc + sizeof(mc_header); if (!copy_from_iter_full(data, data_size, iter) || - intel_microcode_sanity_check(mc, true) < 0) { + intel_microcode_sanity_check(mc, true, MC_HEADER_TYPE_MICROCODE) < 0) { break; } -- Gitee From 9d718162486d933426ad60b8ccb9ec559d83623a Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:28 -0800 Subject: [PATCH 24/34] x86/microcode/intel: Use a reserved field for metasize mainline inclusion from mainline-v6.2-rc1 commit 28377e56ed22ecce60260eb8afdf0c9837b3505f category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=28377e56ed22ecce60260eb8afdf0c9837b3505f Intel-SIG: commit 28377e56ed22 ("x86/microcode/intel: Use a reserved field for metasize") ------------------------------------- x86/microcode/intel: Use a reserved field for metasize Intel is using microcode file format for IFS test images too. IFS test images use one of the existing reserved fields in microcode header to indicate the size of the region in the file allocated for metadata structures. In preparation for this, rename first of the existing reserved fields in microcode header to metasize. In subsequent patches IFS specific code will make use of this field while parsing IFS images. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Ashok Raj Reviewed-by: Sohil Mehta Link: https://lore.kernel.org/r/20221117035935.4136738-10-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- arch/x86/include/asm/microcode_intel.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h index ff2bd31347e2..a83292a6243e 100644 --- a/arch/x86/include/asm/microcode_intel.h +++ b/arch/x86/include/asm/microcode_intel.h @@ -14,7 +14,8 @@ struct microcode_header_intel { unsigned int pf; unsigned int datasize; unsigned int totalsize; - unsigned int reserved[3]; + unsigned int metasize; + unsigned int reserved[2]; }; struct microcode_intel { -- Gitee From 41b1af69ccc334e7c513c9244b733ea034446406 Mon Sep 17 00:00:00 2001 From: Ashok Raj Date: Wed, 16 Nov 2022 19:59:29 -0800 Subject: [PATCH 25/34] platform/x86/intel/ifs: Add metadata support mainline inclusion from mainline-v6.2-rc1 commit 8382fee3bb86526bde1bfb1a06834f056140e0dd category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=8382fee3bb86526bde1bfb1a06834f056140e0dd Intel-SIG: commit 8382fee3bb86 ("platform/x86/intel/ifs: Add metadata support") ------------------------------------- platform/x86/intel/ifs: Add metadata support One of the existing reserved fields in the microcode header has been allocated to indicate the size of metadata structures. The location of metadata section within microcode header is as shown below: Microcode Blob Format +----------------------+ Base |Header Version | +----------------------+ |Update revision | +----------------------+ |Date DDMMYYYY | +----------------------+ |Sig | +----------------------+ |Checksum | +----------------------+ |Loader Version | +----------------------+ |Processor Flags | +----------------------+ |Data Size | +----------------------+ |Total Size | +----------------------+ |Meta Size | +----------------------+ |Reserved | +----------------------+ |Reserved | +----------------------+ Base+48 | | | Microcode | | Data | | | +----------------------+ Base+48+data_size- | | meta_size | Meta Data | | structure(s) | | | +----------------------+ Base+48+data_size | | | Extended Signature | | Table | | | +----------------------+ Base+total_size Add an accessor function which will return a pointer to the start of a specific meta_type being queried. [ bp: Massage commit message. ] Signed-off-by: Ashok Raj Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117035935.4136738-11-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/load.c | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index 7b96ed450287..f520efb7e65c 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -43,6 +43,38 @@ static const char * const scan_authentication_status[] = { [2] = "Chunk authentication error. The hash of chunk did not match expected value" }; +#define MC_HEADER_META_TYPE_END (0) + +struct metadata_header { + unsigned int type; + unsigned int blk_size; +}; + +static struct metadata_header *find_meta_data(void *ucode, unsigned int meta_type) +{ + struct metadata_header *meta_header; + unsigned long data_size, total_meta; + unsigned long meta_size = 0; + + data_size = get_datasize(ucode); + total_meta = ((struct microcode_intel *)ucode)->hdr.metasize; + if (!total_meta) + return NULL; + + meta_header = (ucode + MC_HEADER_SIZE + data_size) - total_meta; + + while (meta_header->type != MC_HEADER_META_TYPE_END && + meta_header->blk_size && + meta_size < total_meta) { + meta_size += meta_header->blk_size; + if (meta_header->type == meta_type) + return meta_header; + + meta_header = (void *)meta_header + meta_header->blk_size; + } + return NULL; +} + /* * To copy scan hashes and authenticate test chunks, the initiating cpu must point * to the EDX:EAX to the test image in linear address. -- Gitee From a6777a8677c816a744c23bbca06833ebd1c50631 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Thu, 17 Nov 2022 14:50:39 -0800 Subject: [PATCH 26/34] platform/x86/intel/ifs: Use generic microcode headers and functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mainline inclusion from mainline-v6.2-rc1 commit aa63e0fda85edf9a8431fc31a2b2d4f3f40592f9 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=aa63e0fda85edf9a8431fc31a2b2d4f3f40592f9 Intel-SIG: commit aa63e0fda85e ("platform/x86/intel/ifs: Use generic microcode headers and functions") ------------------------------------- platform/x86/intel/ifs: Use generic microcode headers and functions Existing implementation (broken) of IFS used a header format (for IFS test images) which was very similar to microcode format, but didn’t accommodate extended signatures. This meant same IFS test image had to be duplicated for different steppings and the validation code in the driver was only looking at the primary header parameters. Going forward, IFS test image headers have been tweaked to become fully compatible with the microcode format. Newer IFS test image headers will use header version 2 in order to distinguish it from microcode images and older IFS test images. In light of the above, reuse struct microcode_header_intel directly in the IFS driver and reuse microcode functions for validation and sanity checking. [ bp: Massage commit message. ] Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117225039.30166-1-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- arch/x86/include/asm/microcode_intel.h | 1 + drivers/platform/x86/intel/ifs/load.c | 105 +++++-------------------- 2 files changed, 21 insertions(+), 85 deletions(-) diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h index a83292a6243e..9f06589584cb 100644 --- a/arch/x86/include/asm/microcode_intel.h +++ b/arch/x86/include/asm/microcode_intel.h @@ -43,6 +43,7 @@ struct extended_sigtable { #define EXT_HEADER_SIZE (sizeof(struct extended_sigtable)) #define EXT_SIGNATURE_SIZE (sizeof(struct extended_signature)) #define MC_HEADER_TYPE_MICROCODE 1 +#define MC_HEADER_TYPE_IFS 2 #define get_totalsize(mc) \ (((struct microcode_intel *)mc)->hdr.datasize ? \ diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index f520efb7e65c..83434160bc4c 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -7,22 +7,8 @@ #include "ifs.h" -struct ifs_header { - u32 header_ver; - u32 blob_revision; - u32 date; - u32 processor_sig; - u32 check_sum; - u32 loader_rev; - u32 processor_flags; - u32 metadata_size; - u32 total_size; - u32 fusa_info; - u64 reserved; -}; - -#define IFS_HEADER_SIZE (sizeof(struct ifs_header)) -static struct ifs_header *ifs_header_ptr; /* pointer to the ifs image header */ +#define IFS_HEADER_SIZE (sizeof(struct microcode_header_intel)) +static struct microcode_header_intel *ifs_header_ptr; /* pointer to the ifs image header */ static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */ static u64 ifs_test_image_ptr; /* 256B aligned address of test pattern */ static DECLARE_COMPLETION(ifs_done); @@ -149,29 +135,14 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work) */ static int scan_chunks_sanity_check(struct device *dev) { - int metadata_size, curr_pkg, cpu, ret; struct ifs_data *ifsd = ifs_get_data(dev); struct ifs_work local_work; - char *test_ptr; - - memset(ifsd->pkg_auth, 0, (topology_max_packages() * sizeof(bool))); - metadata_size = ifs_header_ptr->metadata_size; + int curr_pkg, cpu, ret; - /* Spec says that if the Meta Data Size = 0 then it should be treated as 2000 */ - if (metadata_size == 0) - metadata_size = 2000; - /* Scan chunk start must be 256 byte aligned */ - if ((metadata_size + IFS_HEADER_SIZE) % 256) { - dev_err(dev, "Scan pattern offset within the binary is not 256 byte aligned\n"); - return -EINVAL; - } - - test_ptr = (char *)ifs_header_ptr + IFS_HEADER_SIZE + metadata_size; + memset(ifsd->pkg_auth, 0, (topology_max_packages() * sizeof(bool))); ifsd->loading_error = false; - - ifs_test_image_ptr = (u64)test_ptr; - ifsd->loaded_version = ifs_header_ptr->blob_revision; + ifsd->loaded_version = ifs_header_ptr->rev; /* copy the scan hash and authenticate per package */ cpus_read_lock(); @@ -197,68 +168,33 @@ static int scan_chunks_sanity_check(struct device *dev) return ret; } -static int ifs_sanity_check(struct device *dev, - const struct microcode_header_intel *mc_header) +static int image_sanity_check(struct device *dev, const struct microcode_header_intel *data) { - unsigned long total_size, data_size; - u32 sum, *mc; - int i; - - total_size = get_totalsize(mc_header); - data_size = get_datasize(mc_header); + struct ucode_cpu_info uci; - if ((data_size + MC_HEADER_SIZE > total_size) || (total_size % sizeof(u32))) { - dev_err(dev, "bad ifs data file size.\n"); + /* Provide a specific error message when loading an older/unsupported image */ + if (data->hdrver != MC_HEADER_TYPE_IFS) { + dev_err(dev, "Header version %d not supported\n", data->hdrver); return -EINVAL; } - if (mc_header->ldrver != 1 || mc_header->hdrver != 1) { - dev_err(dev, "invalid/unknown ifs update format.\n"); + if (intel_microcode_sanity_check((void *)data, true, MC_HEADER_TYPE_IFS)) { + dev_err(dev, "sanity check failed\n"); return -EINVAL; } - mc = (u32 *)mc_header; - sum = 0; - for (i = 0; i < total_size / sizeof(u32); i++) - sum += mc[i]; + intel_cpu_collect_info(&uci); - if (sum) { - dev_err(dev, "bad ifs data checksum, aborting.\n"); + if (!intel_find_matching_signature((void *)data, + uci.cpu_sig.sig, + uci.cpu_sig.pf)) { + dev_err(dev, "cpu signature, processor flags not matching\n"); return -EINVAL; } return 0; } -static bool find_ifs_matching_signature(struct device *dev, struct ucode_cpu_info *uci, - const struct microcode_header_intel *shdr) -{ - unsigned int mc_size; - - mc_size = get_totalsize(shdr); - - if (!mc_size || ifs_sanity_check(dev, shdr) < 0) { - dev_err(dev, "ifs sanity check failure\n"); - return false; - } - - if (!intel_cpu_signatures_match(uci->cpu_sig.sig, uci->cpu_sig.pf, shdr->sig, shdr->pf)) { - dev_err(dev, "ifs signature, pf not matching\n"); - return false; - } - - return true; -} - -static bool ifs_image_sanity_check(struct device *dev, const struct microcode_header_intel *data) -{ - struct ucode_cpu_info uci; - - intel_cpu_collect_info(&uci); - - return find_ifs_matching_signature(dev, &uci, data); -} - /* * Load ifs image. Before loading ifs module, the ifs image must be located * in /lib/firmware/intel/ifs and named as {family/model/stepping}.{testname}. @@ -279,12 +215,11 @@ void ifs_load_firmware(struct device *dev) goto done; } - if (!ifs_image_sanity_check(dev, (struct microcode_header_intel *)fw->data)) { - dev_err(dev, "ifs header sanity check failed\n"); + ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data); + if (ret) goto release; - } - ifs_header_ptr = (struct ifs_header *)fw->data; + ifs_header_ptr = (struct microcode_header_intel *)fw->data; ifs_hash_ptr = (u64)(ifs_header_ptr + 1); ret = scan_chunks_sanity_check(dev); -- Gitee From fc393c2f3d6827401082436ff5f03e8b989368a7 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Thu, 17 Nov 2022 15:04:08 -0800 Subject: [PATCH 27/34] platform/x86/intel/ifs: Add metadata validation mainline inclusion from mainline-v6.2-rc1 commit 48c6e7dc19051c5ef725490cf8673d768cda7748 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=48c6e7dc19051c5ef725490cf8673d768cda7748 Intel-SIG: commit 48c6e7dc1905 ("platform/x86/intel/ifs: Add metadata validation") ------------------------------------- platform/x86/intel/ifs: Add metadata validation The data portion of a IFS test image file contains a metadata region containing possibly multiple metadata structures in addition to test data and hashes. IFS Metadata layout +----------------------+ 0 |META_TYPE_IFS (=1) | +----------------------+ |meta_size | +----------------------+ |test type | +----------------------+ |fusa info | +----------------------+ |total images | +----------------------+ |current image# | +----------------------+ |total chunks | +----------------------+ |starting chunk | +----------------------+ |size per chunk | +----------------------+ |chunks per stride | +----------------------+ |Reserved[54] | +----------------------+ 256 | | | Test Data/Chunks | | | +----------------------+ meta_size | META_TYPE_END (=0) | +----------------------+ meta_size + 4 | size of end (=8) | +----------------------+ meta_size + 8 Introduce the layout of this meta_data structure and validate the sanity of certain fields of the new image before loading. Tweak references to IFS test image chunks to reflect the updated layout of the test image. [ bp: Massage commit message. ] Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117230408.30331-1-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/ifs.h | 2 + drivers/platform/x86/intel/ifs/load.c | 58 ++++++++++++++++++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index 8de1952a1b7b..74c051c544f4 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -197,6 +197,7 @@ union ifs_status { * @valid_chunks: number of chunks which could be validated. * @status: it holds simple status pass/fail/untested * @scan_details: opaque scan status code from h/w + * @cur_batch: number indicating the currently loaded test file */ struct ifs_data { int integrity_cap_bit; @@ -207,6 +208,7 @@ struct ifs_data { int valid_chunks; int status; u64 scan_details; + u32 cur_batch; }; struct ifs_work { diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index 83434160bc4c..edc7baa976bf 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -7,7 +7,25 @@ #include "ifs.h" +#define IFS_CHUNK_ALIGNMENT 256 +union meta_data { + struct { + u32 meta_type; // metadata type + u32 meta_size; // size of this entire struct including hdrs. + u32 test_type; // IFS test type + u32 fusa_info; // Fusa info + u32 total_images; // Total number of images + u32 current_image; // Current Image # + u32 total_chunks; // Total number of chunks in this image + u32 starting_chunk; // Starting chunk number in this image + u32 size_per_chunk; // size of each chunk + u32 chunks_per_stride; // number of chunks in a stride + }; + u8 padding[IFS_CHUNK_ALIGNMENT]; +}; + #define IFS_HEADER_SIZE (sizeof(struct microcode_header_intel)) +#define META_TYPE_IFS 1 static struct microcode_header_intel *ifs_header_ptr; /* pointer to the ifs image header */ static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */ static u64 ifs_test_image_ptr; /* 256B aligned address of test pattern */ @@ -128,6 +146,41 @@ static void copy_hashes_authenticate_chunks(struct work_struct *work) complete(&ifs_done); } +static int validate_ifs_metadata(struct device *dev) +{ + struct ifs_data *ifsd = ifs_get_data(dev); + union meta_data *ifs_meta; + char test_file[64]; + int ret = -EINVAL; + + snprintf(test_file, sizeof(test_file), "%02x-%02x-%02x-%02x.scan", + boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_stepping, ifsd->cur_batch); + + ifs_meta = (union meta_data *)find_meta_data(ifs_header_ptr, META_TYPE_IFS); + if (!ifs_meta) { + dev_err(dev, "IFS Metadata missing in file %s\n", test_file); + return ret; + } + + ifs_test_image_ptr = (u64)ifs_meta + sizeof(union meta_data); + + /* Scan chunk start must be 256 byte aligned */ + if (!IS_ALIGNED(ifs_test_image_ptr, IFS_CHUNK_ALIGNMENT)) { + dev_err(dev, "Scan pattern is not aligned on %d bytes aligned in %s\n", + IFS_CHUNK_ALIGNMENT, test_file); + return ret; + } + + if (ifs_meta->current_image != ifsd->cur_batch) { + dev_warn(dev, "Mismatch between filename %s and batch metadata 0x%02x\n", + test_file, ifs_meta->current_image); + return ret; + } + + return 0; +} + /* * IFS requires scan chunks authenticated per each socket in the platform. * Once the test chunk is authenticated, it is automatically copied to secured memory @@ -139,8 +192,11 @@ static int scan_chunks_sanity_check(struct device *dev) struct ifs_work local_work; int curr_pkg, cpu, ret; - memset(ifsd->pkg_auth, 0, (topology_max_packages() * sizeof(bool))); + ret = validate_ifs_metadata(dev); + if (ret) + return ret; + ifsd->loading_error = false; ifsd->loaded_version = ifs_header_ptr->rev; -- Gitee From 5b19211d5e8e0f0796177722c16ecf0bd2796447 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:32 -0800 Subject: [PATCH 28/34] platform/x86/intel/ifs: Remove reload sysfs entry mainline inclusion from mainline-v6.2-rc1 commit bf835ee852be38e9fab1fdb330eccdd9728aec34 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=bf835ee852be38e9fab1fdb330eccdd9728aec34 Intel-SIG: commit bf835ee852be ("platform/x86/intel/ifs: Remove reload sysfs entry") ------------------------------------- platform/x86/intel/ifs: Remove reload sysfs entry Reload sysfs entry will be replaced by current_batch, drop it. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117035935.4136738-14-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/sysfs.c | 29 -------------------------- 1 file changed, 29 deletions(-) diff --git a/drivers/platform/x86/intel/ifs/sysfs.c b/drivers/platform/x86/intel/ifs/sysfs.c index 65dd6fea5342..e077910c5d28 100644 --- a/drivers/platform/x86/intel/ifs/sysfs.c +++ b/drivers/platform/x86/intel/ifs/sysfs.c @@ -87,34 +87,6 @@ static ssize_t run_test_store(struct device *dev, static DEVICE_ATTR_WO(run_test); -/* - * Reload the IFS image. When user wants to install new IFS image - */ -static ssize_t reload_store(struct device *dev, - struct device_attribute *attr, - const char *buf, size_t count) -{ - struct ifs_data *ifsd = ifs_get_data(dev); - bool res; - - - if (kstrtobool(buf, &res)) - return -EINVAL; - if (!res) - return count; - - if (down_interruptible(&ifs_sem)) - return -EINTR; - - ifs_load_firmware(dev); - - up(&ifs_sem); - - return ifsd->loaded ? count : -ENODEV; -} - -static DEVICE_ATTR_WO(reload); - /* * Display currently loaded IFS image version. */ @@ -136,7 +108,6 @@ static struct attribute *plat_ifs_attrs[] = { &dev_attr_details.attr, &dev_attr_status.attr, &dev_attr_run_test.attr, - &dev_attr_reload.attr, &dev_attr_image_version.attr, NULL }; -- Gitee From 34fe7b67158cf84e2c393e3b31a03561706adc79 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:33 -0800 Subject: [PATCH 29/34] platform/x86/intel/ifs: Add current_batch sysfs entry mainline inclusion from mainline-v6.2-rc1 commit 4fb858f3dcd25cf568e35ff53ce8fa8a660fc372 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=4fb858f3dcd25cf568e35ff53ce8fa8a660fc372 Intel-SIG: commit 4fb858f3dcd2 ("platform/x86/intel/ifs: Add current_batch sysfs entry") ------------------------------------- platform/x86/intel/ifs: Add current_batch sysfs entry Initial implementation assumed a single IFS test image file with a fixed name ff-mm-ss.scan. (where ff, mm, ss refers to family, model and stepping of the core). Subsequently, it became evident that supporting more than one test image file is needed to provide more comprehensive test coverage. (Test coverage in this scenario refers to testing more transistors in the core to identify faults). The other alternative of increasing the size of a single scan test image file would not work as the upper bound is limited by the size of memory area reserved by BIOS for loading IFS test image. Introduce "current_batch" file which accepts a number. Writing a number to the current_batch file would load the test image file by name ff-mm-ss-.scan, where is the number written to the "current_batch" file in hex. Range check of the input is done to verify it not greater than 0xff. For e.g if the scan test image comprises of 6 files, they would be named: 06-8f-06-01.scan 06-8f-06-02.scan 06-8f-06-03.scan 06-8f-06-04.scan 06-8f-06-05.scan 06-8f-06-06.scan And writing 3 to current_batch would result in loading 06-8f-06-03.scan above. The file can also be read to know the currently loaded file. And testing a system looks like: for each scan file do load the IFS test image file (write to the batch file) for each core do test the core with this set of tests done done Qualify few error messages with the test image file suffix to provide better context. [ bp: Massage commit message. Add link to the discussion. ] Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221107225323.2733518-13-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/core.c | 1 + drivers/platform/x86/intel/ifs/ifs.h | 23 ++++++++++---- drivers/platform/x86/intel/ifs/load.c | 18 +++++++---- drivers/platform/x86/intel/ifs/runtest.c | 10 ++++--- drivers/platform/x86/intel/ifs/sysfs.c | 38 ++++++++++++++++++++++++ 5 files changed, 74 insertions(+), 16 deletions(-) diff --git a/drivers/platform/x86/intel/ifs/core.c b/drivers/platform/x86/intel/ifs/core.c index 943eb2a17c64..206a617c2e02 100644 --- a/drivers/platform/x86/intel/ifs/core.c +++ b/drivers/platform/x86/intel/ifs/core.c @@ -23,6 +23,7 @@ MODULE_DEVICE_TABLE(x86cpu, ifs_cpu_ids); static struct ifs_device ifs_device = { .data = { .integrity_cap_bit = MSR_INTEGRITY_CAPS_PERIODIC_BIST_BIT, + .test_num = 0, }, .misc = { .name = "intel_ifs_0", diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index 74c051c544f4..da1474e1d8eb 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -33,13 +33,23 @@ * The driver loads the tests into memory reserved BIOS local to each CPU * socket in a two step process using writes to MSRs to first load the * SHA hashes for the test. Then the tests themselves. Status MSRs provide - * feedback on the success/failure of these steps. When a new test file - * is installed it can be loaded by writing to the driver reload file:: + * feedback on the success/failure of these steps. * - * # echo 1 > /sys/devices/virtual/misc/intel_ifs_0/reload + * The test files are kept in a fixed location: /lib/firmware/intel/ifs_0/ + * For e.g if there are 3 test files, they would be named in the following + * fashion: + * ff-mm-ss-01.scan + * ff-mm-ss-02.scan + * ff-mm-ss-03.scan + * (where ff refers to family, mm indicates model and ss indicates stepping) * - * Similar to microcode, the current version of the scan tests is stored - * in a fixed location: /lib/firmware/intel/ifs.0/family-model-stepping.scan + * A different test file can be loaded by writing the numerical portion + * (e.g 1, 2 or 3 in the above scenario) into the curent_batch file. + * To load ff-mm-ss-02.scan, the following command can be used:: + * + * # echo 2 > /sys/devices/virtual/misc/intel_ifs_0/current_batch + * + * The above file can also be read to know the currently loaded image. * * Running tests * ------------- @@ -209,6 +219,7 @@ struct ifs_data { int status; u64 scan_details; u32 cur_batch; + int test_num; }; struct ifs_work { @@ -229,7 +240,7 @@ static inline struct ifs_data *ifs_get_data(struct device *dev) return &d->data; } -void ifs_load_firmware(struct device *dev); +int ifs_load_firmware(struct device *dev); int do_core_test(int cpu, struct device *dev); const struct attribute_group **ifs_get_groups(void); diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index edc7baa976bf..c5c24e6fdc43 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -253,17 +253,18 @@ static int image_sanity_check(struct device *dev, const struct microcode_header_ /* * Load ifs image. Before loading ifs module, the ifs image must be located - * in /lib/firmware/intel/ifs and named as {family/model/stepping}.{testname}. + * in /lib/firmware/intel/ifs_x/ and named as family-model-stepping-02x.{testname}. */ -void ifs_load_firmware(struct device *dev) +int ifs_load_firmware(struct device *dev) { struct ifs_data *ifsd = ifs_get_data(dev); const struct firmware *fw; - char scan_path[32]; - int ret; + char scan_path[64]; + int ret = -EINVAL; - snprintf(scan_path, sizeof(scan_path), "intel/ifs/%02x-%02x-%02x.scan", - boot_cpu_data.x86, boot_cpu_data.x86_model, boot_cpu_data.x86_stepping); + snprintf(scan_path, sizeof(scan_path), "intel/ifs_%d/%02x-%02x-%02x-%02x.scan", + ifsd->test_num, boot_cpu_data.x86, boot_cpu_data.x86_model, + boot_cpu_data.x86_stepping, ifsd->cur_batch); ret = request_firmware_direct(&fw, scan_path, dev); if (ret) { @@ -279,8 +280,13 @@ void ifs_load_firmware(struct device *dev) ifs_hash_ptr = (u64)(ifs_header_ptr + 1); ret = scan_chunks_sanity_check(dev); + if (ret) + dev_err(dev, "Load failure for batch: %02x\n", ifsd->cur_batch); + release: release_firmware(fw); done: ifsd->loaded = (ret == 0); + + return ret; } diff --git a/drivers/platform/x86/intel/ifs/runtest.c b/drivers/platform/x86/intel/ifs/runtest.c index b2ca2bb4501f..0bfd8fcdd7e8 100644 --- a/drivers/platform/x86/intel/ifs/runtest.c +++ b/drivers/platform/x86/intel/ifs/runtest.c @@ -78,14 +78,16 @@ static void message_not_tested(struct device *dev, int cpu, union ifs_status sta static void message_fail(struct device *dev, int cpu, union ifs_status status) { + struct ifs_data *ifsd = ifs_get_data(dev); + /* * control_error is set when the microcode runs into a problem * loading the image from the reserved BIOS memory, or it has * been corrupted. Reloading the image may fix this issue. */ if (status.control_error) { - dev_err(dev, "CPU(s) %*pbl: could not execute from loaded scan image\n", - cpumask_pr_args(cpu_smt_mask(cpu))); + dev_err(dev, "CPU(s) %*pbl: could not execute from loaded scan image. Batch: %02x version: 0x%x\n", + cpumask_pr_args(cpu_smt_mask(cpu)), ifsd->cur_batch, ifsd->loaded_version); } /* @@ -96,8 +98,8 @@ static void message_fail(struct device *dev, int cpu, union ifs_status status) * the core being tested. */ if (status.signature_error) { - dev_err(dev, "CPU(s) %*pbl: test signature incorrect.\n", - cpumask_pr_args(cpu_smt_mask(cpu))); + dev_err(dev, "CPU(s) %*pbl: test signature incorrect. Batch: %02x version: 0x%x\n", + cpumask_pr_args(cpu_smt_mask(cpu)), ifsd->cur_batch, ifsd->loaded_version); } } diff --git a/drivers/platform/x86/intel/ifs/sysfs.c b/drivers/platform/x86/intel/ifs/sysfs.c index e077910c5d28..ee636a76b083 100644 --- a/drivers/platform/x86/intel/ifs/sysfs.c +++ b/drivers/platform/x86/intel/ifs/sysfs.c @@ -87,6 +87,43 @@ static ssize_t run_test_store(struct device *dev, static DEVICE_ATTR_WO(run_test); +static ssize_t current_batch_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + struct ifs_data *ifsd = ifs_get_data(dev); + unsigned int cur_batch; + int rc; + + rc = kstrtouint(buf, 0, &cur_batch); + if (rc < 0 || cur_batch > 0xff) + return -EINVAL; + + if (down_interruptible(&ifs_sem)) + return -EINTR; + + ifsd->cur_batch = cur_batch; + + rc = ifs_load_firmware(dev); + + up(&ifs_sem); + + return (rc == 0) ? count : rc; +} + +static ssize_t current_batch_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct ifs_data *ifsd = ifs_get_data(dev); + + if (!ifsd->loaded) + return sysfs_emit(buf, "none\n"); + else + return sysfs_emit(buf, "0x%02x\n", ifsd->cur_batch); +} + +static DEVICE_ATTR_RW(current_batch); + /* * Display currently loaded IFS image version. */ @@ -108,6 +145,7 @@ static struct attribute *plat_ifs_attrs[] = { &dev_attr_details.attr, &dev_attr_status.attr, &dev_attr_run_test.attr, + &dev_attr_current_batch.attr, &dev_attr_image_version.attr, NULL }; -- Gitee From 2133acdd7a1a4686027a625ed9e70a8e986a560a Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:34 -0800 Subject: [PATCH 30/34] Documentation/ABI: Update IFS ABI doc mainline inclusion from mainline-v6.2-rc1 commit 72a0f445fc091bd18873b10b9ab56573e490f00d category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=72a0f445fc091bd18873b10b9ab56573e490f00d Intel-SIG: commit 72a0f445fc09 ("Documentation/ABI: Update IFS ABI doc") ------------------------------------- Documentation/ABI: Update IFS ABI doc Remove reload documentation and add current_batch documentation. Update the kernel version and date for all the entries. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/r/20221117035935.4136738-16-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- .../ABI/testing/sysfs-platform-intel-ifs | 30 ++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-platform-intel-ifs b/Documentation/ABI/testing/sysfs-platform-intel-ifs index 486d6d2ff8a0..55991983d0d0 100644 --- a/Documentation/ABI/testing/sysfs-platform-intel-ifs +++ b/Documentation/ABI/testing/sysfs-platform-intel-ifs @@ -1,39 +1,41 @@ What: /sys/devices/virtual/misc/intel_ifs_/run_test -Date: April 21 2022 -KernelVersion: 5.19 +Date: Nov 16 2022 +KernelVersion: 6.2 Contact: "Jithu Joseph" Description: Write to trigger IFS test for one online core. Note that the test is per core. The cpu# can be for any thread on the core. Running on one thread completes the test for the core containing that thread. Example: to test the core containing cpu5: echo 5 > - /sys/devices/platform/intel_ifs./run_test + /sys/devices/virtual/misc/intel_ifs_/run_test What: /sys/devices/virtual/misc/intel_ifs_/status -Date: April 21 2022 -KernelVersion: 5.19 +Date: Nov 16 2022 +KernelVersion: 6.2 Contact: "Jithu Joseph" Description: The status of the last test. It can be one of "pass", "fail" or "untested". What: /sys/devices/virtual/misc/intel_ifs_/details -Date: April 21 2022 -KernelVersion: 5.19 +Date: Nov 16 2022 +KernelVersion: 6.2 Contact: "Jithu Joseph" Description: Additional information regarding the last test. The details file reports the hex value of the SCAN_STATUS MSR. Note that the error_code field may contain driver defined software code not defined in the Intel SDM. What: /sys/devices/virtual/misc/intel_ifs_/image_version -Date: April 21 2022 -KernelVersion: 5.19 +Date: Nov 16 2022 +KernelVersion: 6.2 Contact: "Jithu Joseph" Description: Version (hexadecimal) of loaded IFS binary image. If no scan image is loaded reports "none". -What: /sys/devices/virtual/misc/intel_ifs_/reload -Date: April 21 2022 -KernelVersion: 5.19 +What: /sys/devices/virtual/misc/intel_ifs_/current_batch +Date: Nov 16 2022 +KernelVersion: 6.2 Contact: "Jithu Joseph" -Description: Write "1" (or "y" or "Y") to reload the IFS image from - /lib/firmware/intel/ifs/ff-mm-ss.scan. +Description: Write a number less than or equal to 0xff to load an IFS test image. + The number written treated as the 2 digit suffix in the following file name: + /lib/firmware/intel/ifs_/ff-mm-ss-02x.scan + Reading the file will provide the suffix of the currently loaded IFS test image. -- Gitee From ae85409e1a0056de55831e81ea3d2eb7fac27366 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Wed, 16 Nov 2022 19:59:35 -0800 Subject: [PATCH 31/34] Revert "platform/x86/intel/ifs: Mark as BROKEN" mainline inclusion from mainline-v6.2-rc1 commit 1a63b58082869273bfbab1b945007193f7bd3a78 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=1a63b58082869273bfbab1b945007193f7bd3a78 Intel-SIG: commit 1a63b5808286 ("Revert "platform/x86/intel/ifs: Mark as BROKEN"") ------------------------------------- Revert "platform/x86/intel/ifs: Mark as BROKEN" Issues with user interface [1] to load scan test images have been addressed so remove the dependency on BROKEN. Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov Reviewed-by: Tony Luck Reviewed-by: Sohil Mehta Reviewed-by: Hans de Goede Link: https://lore.kernel.org/lkml/26102aca-a730-ddf8-d024-2e7367696757@redhat.com/ [1] Link: https://lore.kernel.org/r/20221117035935.4136738-17-jithu.joseph@intel.com Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/Kconfig | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/platform/x86/intel/ifs/Kconfig b/drivers/platform/x86/intel/ifs/Kconfig index 89152d46deee..3eded966757e 100644 --- a/drivers/platform/x86/intel/ifs/Kconfig +++ b/drivers/platform/x86/intel/ifs/Kconfig @@ -1,9 +1,6 @@ config INTEL_IFS tristate "Intel In Field Scan" depends on X86 && CPU_SUP_INTEL && 64BIT && SMP - # Discussion on the list has shown that the sysfs API needs a bit - # more work, mark this as broken for now - depends on BROKEN help Enable support for the In Field Scan capability in select CPUs. The capability allows for running low level tests via -- Gitee From 5117f0859aa8ab9c94524ce87d9e9623175dbe67 Mon Sep 17 00:00:00 2001 From: Jithu Joseph Date: Fri, 2 Dec 2022 21:24:45 -0800 Subject: [PATCH 32/34] platform/x86/intel/ifs: Add missing kernel-doc entry mainline inclusion from mainline-v6.2-rc1 commit 09265345cc8900cd0bf10c2ff98e51b495b2c5b2 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=09265345cc8900cd0bf10c2ff98e51b495b2c5b2 Intel-SIG: commit 09265345cc89 ("platform/x86/intel/ifs: Add missing kernel-doc entry") ------------------------------------- platform/x86/intel/ifs: Add missing kernel-doc entry Document the test_num member of struct ifs_data. Reported-by: Stephen Rothwell Signed-off-by: Jithu Joseph Signed-off-by: Borislav Petkov (AMD) Acked-by: Randy Dunlap Link: https://lore.kernel.org/lkml/774fd22a-aaee-758d-8195-77bac783ecbc@infradead.org/ Signed-off-by: Aichun Shi --- drivers/platform/x86/intel/ifs/ifs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h index da1474e1d8eb..046e39304fd5 100644 --- a/drivers/platform/x86/intel/ifs/ifs.h +++ b/drivers/platform/x86/intel/ifs/ifs.h @@ -208,6 +208,7 @@ union ifs_status { * @status: it holds simple status pass/fail/untested * @scan_details: opaque scan status code from h/w * @cur_batch: number indicating the currently loaded test file + * @test_num: number indicating the test type */ struct ifs_data { int integrity_cap_bit; -- Gitee From 940e49b958f7ceb4f79fb596108d00584b1cb664 Mon Sep 17 00:00:00 2001 From: Ashok Raj Date: Tue, 29 Nov 2022 13:08:26 -0800 Subject: [PATCH 33/34] x86/microcode/intel: Do not print microcode revision and processor flags mainline inclusion from mainline-v6.2-rc1 commit 5b1586ab064ca24c6a7a6be7a9d0cb9e237ef39a category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=5b1586ab064ca24c6a7a6be7a9d0cb9e237ef39a Intel-SIG: commit 5b1586ab064c ("x86/microcode/intel: Do not print microcode revision and processor flags") ------------------------------------- x86/microcode/intel: Do not print microcode revision and processor flags collect_cpu_info() is used to collect the current microcode revision and processor flags on every CPU. It had a weird mechanism to try to mimick a "once" functionality in the sense that, that information should be issued only when it is differing from the previous CPU. However (1): the new calling sequence started doing that in parallel: microcode_init() |-> schedule_on_each_cpu(setup_online_cpu) |-> collect_cpu_info() resulting in multiple redundant prints: microcode: sig=0x50654, pf=0x80, revision=0x2006e05 microcode: sig=0x50654, pf=0x80, revision=0x2006e05 microcode: sig=0x50654, pf=0x80, revision=0x2006e05 However (2): dumping this here is not that important because the kernel does not support mixed silicon steppings microcode. Finally! Besides, there is already a pr_info() in microcode_reload_late() that shows both the old and new revisions. What is more, the CPU signature (sig=0x50654) and Processor Flags (pf=0x80) above aren't that useful to the end user, they are available via /proc/cpuinfo and they don't change anyway. Remove the redundant pr_info(). [ bp: Heavily massage. ] Fixes: b6f86689d5b7 ("x86/microcode: Rip out the subsys interface gunk") Reported-by: Tony Luck Signed-off-by: Ashok Raj Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20221103175901.164783-2-ashok.raj@intel.com Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/intel.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index aed2b4e6c91a..80a5c9d87c97 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -547,7 +547,6 @@ void reload_ucode_intel(void) static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) { - static struct cpu_signature prev; struct cpuinfo_x86 *c = &cpu_data(cpu_num); unsigned int val[2]; @@ -563,13 +562,6 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) csig->rev = c->microcode; - /* No extra locking on prev, races are harmless. */ - if (csig->sig != prev.sig || csig->pf != prev.pf || csig->rev != prev.rev) { - pr_info("sig=0x%x, pf=0x%x, revision=0x%x\n", - csig->sig, csig->pf, csig->rev); - prev = *csig; - } - return 0; } -- Gitee From d355cd050d4a72d1977fad8dbf743f224b1f6018 Mon Sep 17 00:00:00 2001 From: Ashok Raj Date: Tue, 29 Nov 2022 13:08:27 -0800 Subject: [PATCH 34/34] x86/microcode/intel: Do not retry microcode reloading on the APs mainline inclusion from mainline-v6.2-rc1 commit be1b670f61443aa5d0d01782e9b8ea0ee825d018 category: feature feature: Backport Intel In Field Scan(IFS) multi-blob images support bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337 CVE: N/A Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ commit/?id=be1b670f61443aa5d0d01782e9b8ea0ee825d018 Intel-SIG: commit be1b670f6144 ("x86/microcode/intel: Do not retry microcode reloading on the APs") ------------------------------------- x86/microcode/intel: Do not retry microcode reloading on the APs The retries in load_ucode_intel_ap() were in place to support systems with mixed steppings. Mixed steppings are no longer supported and there is only one microcode image at a time. Any retries will simply reattempt to apply the same image over and over without making progress. [ bp: Zap the circumstantial reasoning from the commit message. ] Fixes: 06b8534cb728 ("x86/microcode: Rework microcode loading") Signed-off-by: Ashok Raj Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Thomas Gleixner Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20221129210832.107850-3-ashok.raj@intel.com Signed-off-by: Aichun Shi --- arch/x86/kernel/cpu/microcode/intel.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 80a5c9d87c97..3c0d1a15aef4 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -488,7 +488,6 @@ void load_ucode_intel_ap(void) else iup = &intel_ucode_patch; -reget: if (!*iup) { patch = __load_ucode_intel(&uci); if (!patch) @@ -499,12 +498,7 @@ void load_ucode_intel_ap(void) uci.mc = *iup; - if (apply_microcode_early(&uci, true)) { - /* Mixed-silicon system? Try to refetch the proper patch: */ - *iup = NULL; - - goto reget; - } + apply_microcode_early(&uci, true); } static struct microcode_intel *find_patch(struct ucode_cpu_info *uci) -- Gitee