From patchwork Mon Dec 9 08:41:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eslam Elnikety X-Patchwork-Id: 11278631 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1EB96930 for ; Mon, 9 Dec 2019 08:42:49 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E41262073D for ; Mon, 9 Dec 2019 08:42:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="KvY+cMp5" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E41262073D Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ieEby-0005qG-Co; Mon, 09 Dec 2019 08:41:46 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ieEbx-0005qA-AQ for xen-devel@lists.xenproject.org; Mon, 09 Dec 2019 08:41:45 +0000 X-Inumbo-ID: ba28919e-1a5f-11ea-88e7-bc764e2007e4 Received: from smtp-fw-33001.amazon.com (unknown [207.171.190.10]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id ba28919e-1a5f-11ea-88e7-bc764e2007e4; Mon, 09 Dec 2019 08:41:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1575880904; x=1607416904; h=from:to:cc:subject:date:message-id:mime-version; bh=pwlC6sxXmldbAPEiwwgLsC9GBEAIad6fp0DInhId544=; b=KvY+cMp5+E8VQs7PyfSr5cReFh9pP4x2njBbHs1rPgGyPtX1iHV3o8n9 tMbzmDH/RZr5Ms+seOTnivNCWKPW0Gu76sJIOzvFMe7pLT5kYZh6YhQm4 dZiMu6x0GM011WJ1r7h3j79K9VSWDC161vm43J/mm+ZZp+g3ILDLPaGuh Q=; IronPort-SDR: RHiK+PF3nR5ByXaQ5VNQxlOrsPJOaG/mePXXSGxsdu1PSb1s0b1YCX/zN5GFy82NVeTWaSbul3 SAj2QnevBjNQ== X-IronPort-AV: E=Sophos;i="5.69,294,1571702400"; d="scan'208";a="13745281" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2c-6f38efd9.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 09 Dec 2019 08:41:33 +0000 Received: from EX13MTAUEA001.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2c-6f38efd9.us-west-2.amazon.com (Postfix) with ESMTPS id 811ECA1CEA; Mon, 9 Dec 2019 08:41:31 +0000 (UTC) Received: from EX13D08UEB004.ant.amazon.com (10.43.60.142) by EX13MTAUEA001.ant.amazon.com (10.43.61.243) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 9 Dec 2019 08:41:30 +0000 Received: from EX13MTAUWB001.ant.amazon.com (10.43.161.207) by EX13D08UEB004.ant.amazon.com (10.43.60.142) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Mon, 9 Dec 2019 08:41:30 +0000 Received: from dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (10.15.63.96) by mail-relay.amazon.com (10.43.161.249) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Mon, 9 Dec 2019 08:41:29 +0000 Received: by dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (Postfix, from userid 6438462) id 078FAA0138; Mon, 9 Dec 2019 08:41:29 +0000 (UTC) From: Eslam Elnikety To: Date: Mon, 9 Dec 2019 08:41:19 +0000 Message-ID: <20191209084119.87563-1-elnikety@amazon.com> X-Mailer: git-send-email 2.16.5 MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH] x86/microcode: Support builtin CPU microcode X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Paul Durrant , Jan Beulich , xen-devel@lists.xenproject.org, David Woodhouse , =?utf-8?q?Roger_Pau_Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Xen relies on boot modules to perform early microcode updates. This commit adds another mode, namely "builtin" via the BUILTIN_UCODE config parameter. If set, the Xen image itself will contain the microcode updates. Upon boot, Xen inspects its image for microcode blobs and performs the update. A Xen image with builtin microcode can be explicitly instructed to: (a) look for microcode elsewhere (e.g., a boot module that contains more recent microcodes via ucode=scan), or (b) skip the builtin microcode update (e.g., ucode=no-builtin). Signed-off-by: Eslam Elnikety --- docs/misc/builtin-ucode.txt | 60 +++++++++++++++++++++++++++++++ docs/misc/xen-command-line.pandoc | 5 ++- xen/arch/x86/Kconfig | 20 +++++++++++ xen/arch/x86/Makefile | 1 + xen/arch/x86/microcode.c | 60 +++++++++++++++++++++++++++++-- xen/arch/x86/microcode/Makefile | 40 +++++++++++++++++++++ xen/arch/x86/xen.lds.S | 12 +++++++ 7 files changed, 194 insertions(+), 4 deletions(-) create mode 100644 docs/misc/builtin-ucode.txt create mode 100644 xen/arch/x86/microcode/Makefile diff --git a/docs/misc/builtin-ucode.txt b/docs/misc/builtin-ucode.txt new file mode 100644 index 0000000000..43bb60d3eb --- /dev/null +++ b/docs/misc/builtin-ucode.txt @@ -0,0 +1,60 @@ +------------------------------------------------- +Builtin Microcode Support for x86 (AMD and INTEL) +------------------------------------------------- +Author: + Eslam Elnikety +Initial version: + Dec 2019 +------------------------------------------------- + +About: +------ +* This documentation describes preparing the builtin microcode blobs to use as + builtin microcode update within the Xen image itself. + +* Support for builtin microcode is limited to x86. + +* Builtin support is available via the configurations BUILTIN_UCODE and + BUILTIN_UCODE_DIR. The first enables the support (default is off), and the + latter directs the build system to where it can find the microcode directory + (default is /lib/firmware). + +Microcode Directory: +-------------------- +This directory holds the microcode blobs to be built in the Xen image. There +are two subdirectories: amd-ucode and intel-ucode for AMD and INTEL, +respectively. + +INTEL microcode blobs typically follow the naming format FF-MM-SS for +{F}amily-{M}odel-{S}tepping. Alternatively, GenuineIntel.bin bundles a bunch +of FF-MM-SS blobs into a single binary and the one matching the host CPU gets +picked when performing the microcode update. For AMD, the canonical name is +AuthenticAMD.bin. Similarly, such binary can bundle a bunch of microcode blobs +for different families. + +The builtin microcode is generated by concatenating the microcode blobs under +intel-ucode into GenuineIntel.bin, and those under amd-ucode into +AuthenticAMD.bin. Those are then copied into the Xen image itself. + +Here is an example microcode directory structure, following the convention [1]: + +/lib/firmware +|-- amd-ucode +... +| |-- microcode_amd_fam15h.bin +... +|-- intel-ucode +... +| |-- 06-3a-09 +... + +Alternatively, the subdirectories can directly contain GenuineIntel.bin and +AuthenticAMD.bin (since both are concatenation of the individual microcode +blobs and the end result is the same). + +An empty or non-existant subdirectory (amd-ucode and/or intel-ucode) excludes +the respective AMD or INTEL microcode from being built in. + +Reference(s): +------------- +[1] https://www.kernel.org/doc/Documentation/x86/microcode.txt diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 891d2d439f..ba25db95da 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2113,7 +2113,7 @@ logic applies: active by default. ### ucode (x86) -> `= List of [ | scan=, nmi= ]` +> `= List of [ | scan= | builtin=, nmi= ]` Specify how and where to find CPU microcode update blob. @@ -2128,6 +2128,9 @@ when used with xen.efi (there the concept of modules doesn't exist, and the blob gets specified via the `ucode=` config file/section entry; see [EFI configuration file description](efi.html)). +'builtin' instructs the hypervisor to use the builtin microcode update. This +option is available only if option BUILTIN_UCODE is enabled. + 'scan' instructs the hypervisor to scan the multiboot images for an cpio image that contains microcode. Depending on the platform the blob with the microcode in the cpio name space must be: diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 02bb05f42e..14c5992d86 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -218,6 +218,26 @@ config MEM_SHARING bool "Xen memory sharing support" if EXPERT = "y" depends on HVM +config BUILTIN_UCODE + def_bool n + prompt "Support for Builtin Microcode" + ---help--- + Include the CPU microcode update in the Xen image itself. With this + support, Xen can update the CPU microcode upon boot using the builtin + microcode, with no need for an additional microcode boot modules. + + If unsure, say N. + +config BUILTIN_UCODE_DIR + string + default "/lib/firmware" + depends on BUILTIN_UCODE + ---help--- + The directory containing the microcode blobs. + + See docs/misc/builtin-ucode.txt for how such directory should be + structured to hold AMD and INTEL microcode. + endmenu source "common/Kconfig" diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 7da5a2631e..8ac93a15a7 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -7,6 +7,7 @@ subdir-y += mm subdir-$(CONFIG_XENOPROF) += oprofile subdir-$(CONFIG_PV) += pv subdir-y += x86_64 +subdir-$(CONFIG_BUILTIN_UCODE) += microcode alternative-y := alternative.init.o alternative-$(CONFIG_LIVEPATCH) := diff --git a/xen/arch/x86/microcode.c b/xen/arch/x86/microcode.c index 6ced293d88..7afbe44286 100644 --- a/xen/arch/x86/microcode.c +++ b/xen/arch/x86/microcode.c @@ -97,6 +97,14 @@ static struct ucode_mod_blob __initdata ucode_blob; */ static bool_t __initdata ucode_scan; +#ifdef CONFIG_BUILTIN_UCODE +/* builtin is the default when BUILTIN_UCODE is set */ +static bool_t __initdata ucode_builtin = 1; + +extern const char __builtin_intel_ucode_start[], __builtin_intel_ucode_end[]; +extern const char __builtin_amd_ucode_start[], __builtin_amd_ucode_end[]; +#endif + /* By default, ucode loading is done in NMI handler */ static bool ucode_in_nmi = true; @@ -110,9 +118,9 @@ void __init microcode_set_module(unsigned int idx) } /* - * The format is '[|scan=, nmi=]'. Both options are - * optional. If the EFI has forced which of the multiboot payloads is to be - * used, only nmi= is parsed. + * The format is '[|scan=|builtin=, nmi=]'. All + * options are optional. If the EFI has forced which of the multiboot payloads + * is to be used, only nmi= is parsed. */ static int __init parse_ucode(const char *s) { @@ -130,6 +138,10 @@ static int __init parse_ucode(const char *s) { if ( (val = parse_boolean("scan", s, ss)) >= 0 ) ucode_scan = val; +#ifdef CONFIG_BUILTIN_UCODE + else if ( (val = parse_boolean("builtin", s, ss)) >= 0 ) + ucode_builtin = val; +#endif else { const char *q; @@ -237,6 +249,48 @@ void __init microcode_grab_module( scan: if ( ucode_scan ) microcode_scan_module(module_map, mbi); + +#ifdef CONFIG_BUILTIN_UCODE + /* + * Do not use the builtin microcode if: + * (a) builtin has been explicitly turned off (e.g., ucode=no-builtin) + * (b) a microcode module has been specified or a scan is successful + */ + if ( !ucode_builtin || ucode_mod.mod_end || ucode_blob.size ) + return; + + /* Set ucode_start/_end to the proper blob */ + if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) + ucode_blob.size = (size_t)(__builtin_amd_ucode_end + - __builtin_amd_ucode_start); + else if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ) + ucode_blob.size = (size_t)(__builtin_intel_ucode_end + - __builtin_intel_ucode_start); + else + return; + + if ( !ucode_blob.size ) + { + printk("No builtin ucode! 'ucode=builtin' is nullified.\n"); + return; + } + else if ( ucode_blob.size > MAX_EARLY_CPIO_MICROCODE ) + { + printk("Builtin microcode payload too big! (%ld, we can do %d)\n", + ucode_blob.size, MAX_EARLY_CPIO_MICROCODE); + ucode_blob.size = 0; + return; + } + + ucode_blob.data = xmalloc_bytes(ucode_blob.size); + if ( !ucode_blob.data ) + return; + + if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) + memcpy(ucode_blob.data, __builtin_amd_ucode_start, ucode_blob.size); + else + memcpy(ucode_blob.data, __builtin_intel_ucode_start, ucode_blob.size); +#endif } const struct microcode_ops *microcode_ops; diff --git a/xen/arch/x86/microcode/Makefile b/xen/arch/x86/microcode/Makefile new file mode 100644 index 0000000000..6d585c5482 --- /dev/null +++ b/xen/arch/x86/microcode/Makefile @@ -0,0 +1,40 @@ +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. +# Author: Eslam Elnikety +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +obj-y += builtin_ucode.o + +# Directory holding the microcode updates. +UCODE_DIR=$(patsubst "%",%,$(CONFIG_BUILTIN_UCODE_DIR)) +amd-blobs := $(wildcard $(UCODE_DIR)/amd-ucode/*) +intel-blobs := $(wildcard $(UCODE_DIR)/intel-ucode/*) + +builtin_ucode.o: Makefile $(amd-blobs) $(intel-blobs) + # Create AMD microcode blob if there are AMD updates on the build system + if [ ! -z "$(amd-blobs)" ]; then \ + cat $(amd-blobs) > $@.bin ; \ + $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 --rename-section .data=.builtin_amd_ucode,alloc,load,readonly,data,contents $@.bin $@.amd; \ + rm -f $@.bin; \ + fi + # Create INTEL microcode blob if there are INTEL updates on the build system + if [ ! -z "$(intel-blobs)" ]; then \ + cat $(intel-blobs) > $@.bin; \ + $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 --rename-section .data=.builtin_intel_ucode,alloc,load,readonly,data,contents $@.bin $@.intel; \ + rm -f $@.bin; \ + fi + # Create fake builtin_ucode.o if no updates were present. Otherwise, builtin_ucode.o carries the available updates + if [ -z "$(amd-blobs)" -a -z "$(intel-blobs)" ]; then \ + $(CC) $(CFLAGS) -c -x c /dev/null -o $@; \ + else \ + $(LD) $(LDFLAGS) -r -o $@ $@.*; \ + rm -f $@.*; \ + fi diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 111edb5360..7a4c58c246 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -265,6 +265,18 @@ SECTIONS *(SORT(.data.vpci.*)) __end_vpci_array = .; #endif + +#if defined(CONFIG_BUILTIN_UCODE) + . = ALIGN(POINTER_ALIGN); + __builtin_amd_ucode_start = .; + *(.builtin_amd_ucode) + __builtin_amd_ucode_end = .; + + . = ALIGN(POINTER_ALIGN); + __builtin_intel_ucode_start = .; + *(.builtin_intel_ucode) + __builtin_intel_ucode_end = .; +#endif } :text . = ALIGN(SECTION_ALIGN);