From patchwork Wed Dec 18 01:32:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eslam Elnikety X-Patchwork-Id: 11299283 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0C11014B7 for ; Wed, 18 Dec 2019 01:34:41 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DBE6621582 for ; Wed, 18 Dec 2019 01:34:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="WdNGK2Z3" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DBE6621582 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihODh-0005xD-Rm; Wed, 18 Dec 2019 01:33:45 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihODg-0005ww-MV for xen-devel@lists.xenproject.org; Wed, 18 Dec 2019 01:33:44 +0000 X-Inumbo-ID: 6668b312-2136-11ea-88e7-bc764e2007e4 Received: from smtp-fw-6002.amazon.com (unknown [52.95.49.90]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 6668b312-2136-11ea-88e7-bc764e2007e4; Wed, 18 Dec 2019 01:33:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1576632812; x=1608168812; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=woBHRDSKm54ARLN5YytkBGBwJxc+m97Qhe1raLgjMb4=; b=WdNGK2Z3Rti9n2gDSFMMgz07MxaNzPKFZAHQyPWLtldaDbevc3tJcOyN qlCcRl/SmAEzy0UNpEhQmE6fMwwwikQ5+cYaL4Zo9m4PhG+pF/zFvUUEl DK0fBEvLTrG3nPeOdE9DfsYycbt1fUP9Fxv8CiMs+AxMl2905XMkdYGhp M=; IronPort-SDR: WG0zjMbp7D6xmr4Lzj1EhZrqqoTQL4sCntqMwAvdHlzQ0ro/Vf6Eb8YBun8G0NUiHBNnfBxVeE IQTI897ugh1A== X-IronPort-AV: E=Sophos;i="5.69,327,1571702400"; d="scan'208";a="8101741" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-2a-e7be2041.us-west-2.amazon.com) ([10.43.8.6]) by smtp-border-fw-out-6002.iad6.amazon.com with ESMTP; 18 Dec 2019 01:33:31 +0000 Received: from EX13MTAUEB002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan2.pdx.amazon.com [10.170.41.162]) by email-inbound-relay-2a-e7be2041.us-west-2.amazon.com (Postfix) with ESMTPS id 87E8AA21D9; Wed, 18 Dec 2019 01:33:29 +0000 (UTC) Received: from EX13D08UEB001.ant.amazon.com (10.43.60.245) by EX13MTAUEB002.ant.amazon.com (10.43.60.12) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:29 +0000 Received: from EX13MTAUEA002.ant.amazon.com (10.43.61.77) by EX13D08UEB001.ant.amazon.com (10.43.60.245) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:28 +0000 Received: from dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (10.15.63.96) by mail-relay.amazon.com (10.43.61.169) with Microsoft SMTP Server id 15.0.1236.3 via Frontend Transport; Wed, 18 Dec 2019 01:33:28 +0000 Received: by dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (Postfix, from userid 6438462) id A191CA0141; Wed, 18 Dec 2019 01:33:28 +0000 (UTC) From: Eslam Elnikety To: Date: Wed, 18 Dec 2019 01:32:56 +0000 Message-ID: <068a32f917937baca179d7ff4c483ec1584defb4.1576630344.git.elnikety@amazon.com> X-Mailer: git-send-email 2.16.5 In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH v2 1/4] x86/microcode: Improve documentation and parsing for ucode= X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Eslam Elnikety , Paul Durrant , Jan Beulich , David Woodhouse Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Decouple the microcode referencing mechanism when using GRUB to that when using EFI. This allows us to avoid the "unspecified effect" of using ` | scan` along xen.efi. With that, Xen can explicitly ignore those named options when using EFI. As an added benefit, we get a straightfoward parsing of the ucode parameter. While at it, simplify the logic in microcode_grab_module(). Update the command line documentation for consistency. Also, drop the leading comment for parse_ucode_param. (No practical use for it given this commit). Signed-off-by: Eslam Elnikety --- docs/misc/xen-command-line.pandoc | 18 ++++++++--- xen/arch/x86/microcode.c | 51 ++++++++++++++----------------- 2 files changed, 36 insertions(+), 33 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 7a1be84ca9..40faf3bc3a 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2128,7 +2128,13 @@ logic applies: ### ucode (x86) > `= List of [ | scan=, nmi= ]` -Specify how and where to find CPU microcode update blob. + Applicability: x86 + Default: `nmi` + +Controls for CPU microcode loading. For early loading, this parameter can +specify how and where to find the microcode update blob. For late loading, +this parameter specifies if the update happens within a NMI handler or in +a stop_machine context. 'integer' specifies the CPU microcode update blob module index. When positive, this specifies the n-th module (in the GrUB entry, zero based) to be used @@ -2136,10 +2142,7 @@ for updating CPU micrcode. When negative, counting starts at the end of the modules in the GrUB entry (so with the blob commonly being last, one could specify `ucode=-1`). Note that the value of zero is not valid here (entry zero, i.e. the first module, is always the Dom0 kernel -image). Note further that use of this option has an unspecified effect -when used with xen.efi (there the concept of modules doesn't exist, and -the blob gets specified via the `ucode=` config file/section -entry; see [EFI configuration file description](efi.html)). +image). 'scan' instructs the hypervisor to scan the multiboot images for an cpio image that contains microcode. Depending on the platform the blob with the @@ -2151,6 +2154,11 @@ microcode in the cpio name space must be: stop_machine context. In NMI handler, even NMIs are blocked, which is considered safer. The default value is `true`. +Note: When booting via EFI, both options 'integer' and 'scan' are ignored. +Here, the concept of modules does not exist. The microcode update blob for +early loading gets specified via the `ucode=` config file/section +entry; see [EFI configuration file description](efi.html)). + ### unrestricted_guest (Intel) > `= ` diff --git a/xen/arch/x86/microcode.c b/xen/arch/x86/microcode.c index 6ced293d88..8b4d87782c 100644 --- a/xen/arch/x86/microcode.c +++ b/xen/arch/x86/microcode.c @@ -60,7 +60,7 @@ static module_t __initdata ucode_mod; static signed int __initdata ucode_mod_idx; -static bool_t __initdata ucode_mod_forced; +static signed int __initdata ucode_mod_efi_idx; static unsigned int nr_cores; /* @@ -105,16 +105,10 @@ static struct microcode_patch *microcode_cache; void __init microcode_set_module(unsigned int idx) { - ucode_mod_idx = idx; - ucode_mod_forced = 1; + ucode_mod_efi_idx = idx; } -/* - * The format is '[|scan=, nmi=]'. Both options are - * optional. If the EFI has forced which of the multiboot payloads is to be - * used, only nmi= is parsed. - */ -static int __init parse_ucode(const char *s) +static int __init parse_ucode_param(const char *s) { const char *ss; int val, rc = 0; @@ -126,18 +120,15 @@ static int __init parse_ucode(const char *s) if ( (val = parse_boolean("nmi", s, ss)) >= 0 ) ucode_in_nmi = val; - else if ( !ucode_mod_forced ) /* Not forced by EFI */ + else if ( (val = parse_boolean("scan", s, ss)) >= 0 ) + ucode_scan = val; + else { - if ( (val = parse_boolean("scan", s, ss)) >= 0 ) - ucode_scan = val; - else - { - const char *q; - - ucode_mod_idx = simple_strtol(s, &q, 0); - if ( q != ss ) - rc = -EINVAL; - } + const char *q; + + ucode_mod_idx = simple_strtol(s, &q, 0); + if ( q != ss ) + rc = -EINVAL; } s = ss + 1; @@ -145,7 +136,7 @@ static int __init parse_ucode(const char *s) return rc; } -custom_param("ucode", parse_ucode); +custom_param("ucode", parse_ucode_param); /* * 8MB ought to be enough. @@ -228,14 +219,18 @@ void __init microcode_grab_module( { module_t *mod = (module_t *)__va(mbi->mods_addr); - if ( ucode_mod_idx < 0 ) + if ( ucode_mod_efi_idx ) /* Microcode specified by EFI */ + { + ucode_mod = mod[ucode_mod_efi_idx]; + return; + } + + if ( ucode_mod_idx < 0 ) /* Count from the end? */ ucode_mod_idx += mbi->mods_count; - if ( ucode_mod_idx <= 0 || ucode_mod_idx >= mbi->mods_count || - !__test_and_clear_bit(ucode_mod_idx, module_map) ) - goto scan; - ucode_mod = mod[ucode_mod_idx]; -scan: - if ( ucode_scan ) + if ( ucode_mod_idx > 0 && ucode_mod_idx < mbi->mods_count && + __test_and_clear_bit(ucode_mod_idx, module_map) ) + ucode_mod = mod[ucode_mod_idx]; + else if ( ucode_scan ) microcode_scan_module(module_map, mbi); } From patchwork Wed Dec 18 01:32:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eslam Elnikety X-Patchwork-Id: 11299281 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 96204109A for ; Wed, 18 Dec 2019 01:34:40 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6807021582 for ; Wed, 18 Dec 2019 01:34:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="DQqklKWB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6807021582 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihODY-0005w3-8q; Wed, 18 Dec 2019 01:33:36 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihODW-0005vy-Oe for xen-devel@lists.xenproject.org; Wed, 18 Dec 2019 01:33:34 +0000 X-Inumbo-ID: 6778ea9c-2136-11ea-b6f1-bc764e2007e4 Received: from smtp-fw-9101.amazon.com (unknown [207.171.184.25]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 6778ea9c-2136-11ea-b6f1-bc764e2007e4; Wed, 18 Dec 2019 01:33:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1576632815; x=1608168815; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=YX5aKn14c6/o2NvUIllJEdUbLgeEiYMz5ia17hfFzfI=; b=DQqklKWBt4x9r8Eo74urI5aHrt9n+aJF4SAY4HGAmdmapT6vVi7CfsPr +fVIhpRzPg0hOqfG/4PnUWtrbUMXRJQKWNkUxPf0j9ruOjv6ldcJ8wmiH qEIZylGJdjRD4SsMG/5lbWWFRANnr0YlMD2XzSqvbyIjpm4T3cFu7/+d5 M=; IronPort-SDR: 8jg9l1qXJNeLlvGj91S/r/z8ZpEt5MpSF7/8NLhVa9BBiQYL+s7ybfv1FX7t9qn3eFA0nraswT khfX5LY2kT1Q== X-IronPort-AV: E=Sophos;i="5.69,327,1571702400"; d="scan'208";a="5740179" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2b-c7131dcf.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-9101.sea19.amazon.com with ESMTP; 18 Dec 2019 01:33:33 +0000 Received: from EX13MTAUEE002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan2.pdx.amazon.com [10.170.41.162]) by email-inbound-relay-2b-c7131dcf.us-west-2.amazon.com (Postfix) with ESMTPS id 3EDFAA2704; Wed, 18 Dec 2019 01:33:32 +0000 (UTC) Received: from EX13D08UEE003.ant.amazon.com (10.43.62.118) by EX13MTAUEE002.ant.amazon.com (10.43.62.24) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:31 +0000 Received: from EX13MTAUEA002.ant.amazon.com (10.43.61.77) by EX13D08UEE003.ant.amazon.com (10.43.62.118) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:31 +0000 Received: from dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (10.15.63.96) by mail-relay.amazon.com (10.43.61.169) with Microsoft SMTP Server id 15.0.1236.3 via Frontend Transport; Wed, 18 Dec 2019 01:33:31 +0000 Received: by dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (Postfix, from userid 6438462) id 3AD62A0141; Wed, 18 Dec 2019 01:33:31 +0000 (UTC) From: Eslam Elnikety To: Date: Wed, 18 Dec 2019 01:32:57 +0000 Message-ID: X-Mailer: git-send-email 2.16.5 In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH v2 2/4] x86/microcode: avoid unnecessary xmalloc/memcpy of ucode data X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Eslam Elnikety , Paul Durrant , Jan Beulich , David Woodhouse Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" When using `ucode=scan` and if a matching module is found, the microcode payload is maintained in an xmalloc()'d region. This is unnecessary since the bootmap would just do. Remove the xmalloc and xfree on the microcode module scan path. This commit also does away with the restriction on the microcode module size limit. The concern that a large microcode module would consume too much memory preventing guests launch is misplaced since this is all the init path. While having such safeguards is valuable, this should apply across the board for all early/late microcode loading. Having it just on the `scan` path is confusing. Looking forward, we are a bit closer (i.e., one xmalloc down) to pulling the early microcode loading of the BSP a bit earlier in the early boot process. This commit is the low hanging fruit. There is still a sizable amount of work to get there as there are still a handful of xmalloc in microcode_{amd,intel}.c. First, there are xmallocs on the path of finding a matching microcode update. Similar to the commit at hand, searching through the microcode blob can be done on the already present buffer with no need to xmalloc any further. Even better, do the filtering in microcode.c before requesting the microcode update on all CPUs. The latter requires careful restructuring and exposing the arch-specific logic for iterating over patches and declaring a match. Second, there are xmallocs for the microcode cache. Here, we would need to ensure that the cache corresponding to the BSP gets xmalloc()'d and populated after the fact. Signed-off-by: Eslam Elnikety Acked-by: Jan Beulich --- xen/arch/x86/microcode.c | 32 ++++---------------------------- 1 file changed, 4 insertions(+), 28 deletions(-) diff --git a/xen/arch/x86/microcode.c b/xen/arch/x86/microcode.c index 8b4d87782c..c878fc71ff 100644 --- a/xen/arch/x86/microcode.c +++ b/xen/arch/x86/microcode.c @@ -138,11 +138,6 @@ static int __init parse_ucode_param(const char *s) } custom_param("ucode", parse_ucode_param); -/* - * 8MB ought to be enough. - */ -#define MAX_EARLY_CPIO_MICROCODE (8 << 20) - void __init microcode_scan_module( unsigned long *module_map, const multiboot_info_t *mbi) @@ -187,31 +182,12 @@ void __init microcode_scan_module( cd = find_cpio_data(p, _blob_start, _blob_size, &offset /* ignore */); if ( cd.data ) { - /* - * This is an arbitrary check - it would be sad if the blob - * consumed most of the memory and did not allow guests - * to launch. - */ - if ( cd.size > MAX_EARLY_CPIO_MICROCODE ) - { - printk("Multiboot %d microcode payload too big! (%ld, we can do %d)\n", - i, cd.size, MAX_EARLY_CPIO_MICROCODE); - goto err; - } - ucode_blob.size = cd.size; - ucode_blob.data = xmalloc_bytes(cd.size); - if ( !ucode_blob.data ) - cd.data = NULL; - else - memcpy(ucode_blob.data, cd.data, cd.size); + ucode_blob.size = cd.size; + ucode_blob.data = cd.data; + break; } bootstrap_map(NULL); - if ( cd.data ) - break; } - return; -err: - bootstrap_map(NULL); } void __init microcode_grab_module( unsigned long *module_map, @@ -725,7 +701,7 @@ static int __init microcode_init(void) */ if ( ucode_blob.size ) { - xfree(ucode_blob.data); + bootstrap_map(NULL); ucode_blob.size = 0; ucode_blob.data = NULL; } From patchwork Wed Dec 18 01:32:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eslam Elnikety X-Patchwork-Id: 11299287 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 59343109A for ; Wed, 18 Dec 2019 01:34:47 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3205921582 for ; Wed, 18 Dec 2019 01:34:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="Xbbw6MYI" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3205921582 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihODy-00061n-Ag; Wed, 18 Dec 2019 01:34:02 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihODx-00061M-13 for xen-devel@lists.xenproject.org; Wed, 18 Dec 2019 01:34:01 +0000 X-Inumbo-ID: 726e30c4-2136-11ea-b6f1-bc764e2007e4 Received: from smtp-fw-33001.amazon.com (unknown [207.171.190.10]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 726e30c4-2136-11ea-b6f1-bc764e2007e4; Wed, 18 Dec 2019 01:33:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1576632833; x=1608168833; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=wFPcKATxYt8ii+z7WoVMDj3MEqdBz73OudrsmUok3lw=; b=Xbbw6MYIo30eQJ9xtvengxtNGBAm8pOHoDy+mMgwR5aonDVFBC9+rsam kpQIQ4/khA/IlXedOZvNS32pr5eT6GHgAAUEkKrHOxkNFJSgHyGUKZBVj Yp09gPmrevUjnb5CnPhSano/xS6nr3nVx9glD25P3p86VkNI7fxdBITW9 Y=; IronPort-SDR: RuYN8gQ0d0tJ2TdaItZcvEuBkJb9HdfJz0WkorcmT5Kd8/qbGdZAS6Lv18RGUaNxJ6zmoxiZQJ ELtg+N5galBw== X-IronPort-AV: E=Sophos;i="5.69,327,1571702400"; d="scan'208";a="15519648" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2a-f14f4a47.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 18 Dec 2019 01:33:50 +0000 Received: from EX13MTAUEE002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan2.pdx.amazon.com [10.170.41.162]) by email-inbound-relay-2a-f14f4a47.us-west-2.amazon.com (Postfix) with ESMTPS id A44A6A2A15; Wed, 18 Dec 2019 01:33:49 +0000 (UTC) Received: from EX13D08UEE002.ant.amazon.com (10.43.62.92) by EX13MTAUEE002.ant.amazon.com (10.43.62.24) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:37 +0000 Received: from EX13MTAUWB001.ant.amazon.com (10.43.161.207) by EX13D08UEE002.ant.amazon.com (10.43.62.92) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:37 +0000 Received: from dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (10.15.63.96) by mail-relay.amazon.com (10.43.161.249) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Wed, 18 Dec 2019 01:33:36 +0000 Received: by dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (Postfix, from userid 6438462) id 53C8EA0141; Wed, 18 Dec 2019 01:33:36 +0000 (UTC) From: Eslam Elnikety To: Date: Wed, 18 Dec 2019 01:32:58 +0000 Message-ID: <3c4b61a2888f01b9344fd302603c56a8739a1c71.1576630344.git.elnikety@amazon.com> X-Mailer: git-send-email 2.16.5 In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH v2 3/4] x86/microcode: use const qualifier for microcode buffer X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Eslam Elnikety , Paul Durrant , Jan Beulich , David Woodhouse Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The buffer holding the microcode bits should be marked as const. Signed-off-by: Eslam Elnikety Acked-by: Jan Beulich --- xen/arch/x86/microcode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/microcode.c b/xen/arch/x86/microcode.c index c878fc71ff..4616fa9d2e 100644 --- a/xen/arch/x86/microcode.c +++ b/xen/arch/x86/microcode.c @@ -86,7 +86,7 @@ static enum { * memory. */ struct ucode_mod_blob { - void *data; + const void *data; size_t size; }; @@ -744,7 +744,7 @@ int microcode_update_one(bool start_update) int __init early_microcode_update_cpu(void) { int rc = 0; - void *data = NULL; + const void *data = NULL; size_t len; struct microcode_patch *patch; From patchwork Wed Dec 18 01:32:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eslam Elnikety X-Patchwork-Id: 11299289 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ED62414B7 for ; Wed, 18 Dec 2019 01:35:02 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BE25F2176D for ; Wed, 18 Dec 2019 01:35:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="RFT8TwjB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BE25F2176D Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=amazon.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihOE7-00064k-Jv; Wed, 18 Dec 2019 01:34:11 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihOE6-00064J-7a for xen-devel@lists.xenproject.org; Wed, 18 Dec 2019 01:34:10 +0000 X-Inumbo-ID: 77c56010-2136-11ea-b6f1-bc764e2007e4 Received: from smtp-fw-33001.amazon.com (unknown [207.171.190.10]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 77c56010-2136-11ea-b6f1-bc764e2007e4; Wed, 18 Dec 2019 01:34:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1576632841; x=1608168841; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=1AmW2XWh5Y39TfCFI8NO4QAoU0i8Kf6nryaWJ4r9h2s=; b=RFT8TwjBgd0XMOOigY/17PEycXqLaDPMW9ZLa1XlDlIOBCkl4PBG+qv8 KYIEY737j9bJdR0X2fYSa7oF161Ceu8fW4gp+FjRBagLsSmWaPwWhAraO 7tgfg6pN4c1FHW+cYVISW+ifhafWshpX0FR2miD/SXlYaIdC/rRIBYOX3 I=; IronPort-SDR: rw+vCH7QJc98JdND6l5XgBJQvc1WZNSTASM00hqT9GjS0QeqfHzpoeoPRSxomYjlENdilYeFUX p5XGZ8pbQtRg== X-IronPort-AV: E=Sophos;i="5.69,327,1571702400"; d="scan'208";a="15519633" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2b-8cc5d68b.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-33001.sea14.amazon.com with ESMTP; 18 Dec 2019 01:33:41 +0000 Received: from EX13MTAUEB002.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2b-8cc5d68b.us-west-2.amazon.com (Postfix) with ESMTPS id 98870A1BE5; Wed, 18 Dec 2019 01:33:40 +0000 (UTC) Received: from EX13D08UEB003.ant.amazon.com (10.43.60.11) by EX13MTAUEB002.ant.amazon.com (10.43.60.12) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:39 +0000 Received: from EX13MTAUEB002.ant.amazon.com (10.43.60.12) by EX13D08UEB003.ant.amazon.com (10.43.60.11) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Dec 2019 01:33:39 +0000 Received: from dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (10.15.63.96) by mail-relay.amazon.com (10.43.60.234) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Wed, 18 Dec 2019 01:33:39 +0000 Received: by dev-dsk-elnikety-1b-cd63f796.eu-west-1.amazon.com (Postfix, from userid 6438462) id 67621A0141; Wed, 18 Dec 2019 01:33:39 +0000 (UTC) From: Eslam Elnikety To: Date: Wed, 18 Dec 2019 01:32:59 +0000 Message-ID: X-Mailer: git-send-email 2.16.5 In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk Subject: [Xen-devel] [PATCH v2 4/4] x86/microcode: Support builtin CPU microcode X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Eslam Elnikety , Paul Durrant , Jan Beulich , David Woodhouse Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Xen relies on boot modules to perform early microcode updates. This commit adds another mode, namely "builtin" via the BUILTIN_UCODE config parameter. If set, the Xen image itself will contain the microcode updates. Upon boot, Xen inspects its image for microcode blobs and performs the update. A Xen image with builtin microcode will, by default, attempt the microcode update. Disabling the builtin microcode update can be done via the Xen command line parameter 'ucode=no-builtin'. Moreover, the microcode provided via other options (such as 'ucode=|scan' or 'ucode=' config when booting via EFI) takes precedence over the builtin one. Signed-off-by: Eslam Elnikety --- Changes in v2: - Allow for ucode=|scan,{no-}builtin and detail the model. Reflect those changes onto microcode.c and docs/misc/xen-command-line.pandoc - Add documentation to the existing docs/admin-guide/microcode-loading.rst - Build on Patches 1--3 to avoid xmalloc/memcpy for the builtin microcode - Work configuration in order to specify the individual microcode blobs to use for the builtin microcode, and rework the microcode/Makefile accordingly --- docs/admin-guide/microcode-loading.rst | 31 +++++++++++++++ docs/misc/xen-command-line.pandoc | 10 ++++- xen/arch/x86/Kconfig | 30 +++++++++++++++ xen/arch/x86/Makefile | 1 + xen/arch/x86/microcode.c | 52 ++++++++++++++++++++++++++ xen/arch/x86/microcode/Makefile | 46 +++++++++++++++++++++++ xen/arch/x86/xen.lds.S | 12 ++++++ 7 files changed, 180 insertions(+), 2 deletions(-) create mode 100644 xen/arch/x86/microcode/Makefile diff --git a/docs/admin-guide/microcode-loading.rst b/docs/admin-guide/microcode-loading.rst index e83cadd2c2..989e8d446b 100644 --- a/docs/admin-guide/microcode-loading.rst +++ b/docs/admin-guide/microcode-loading.rst @@ -104,6 +104,37 @@ The ``ucode=scan`` command line option will cause Xen to search through all modules to find any CPIO archives, and search the archive for the applicable file. Xen will stop searching at the first match. +Loading microcode built within the Xen image +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Xen can bundle microcode updates within its image. This support is conditional +on the build configuration BUILTIN_UCODE being enabled. Builtin microcode is +useful to ensure that, by default, a minimum microcode patch level will be +applied to the underlying CPU. + +To use microcode updates available on the build system as builtin, +use BUILTIN_UCODE_DIR to refer to the directory containing the firmware updates +and specify the individual microcode patches via either BUILTIN_UCODE_AMD or +BUILTIN_UCODE_INTEL for AMD microcode or INTEL microcode, respectively. For +instance, the configuration below is suitable for a build system which has a +``/lib/firmware/`` directory which, in turn, includes the individual microcode +patches ``amd-ucode/microcode_amd_fam15h.bin``, ``intel-ucode/06-3a-09``, and +``intel-ucode/06-2f-02``. + + CONFIG_BUILTIN_UCODE=y + CONFIG_BUILTIN_UCODE_DIR="/lib/firmware/" + CONFIG_BUILTIN_UCODE_AMD="amd-ucode/microcode_amd_fam15h.bin" + CONFIG_BUILTIN_UCODE_INTEL="intel-ucode/06-3a-09 intel-ucode/06-2f-02" + +Alternatively, CONFIG_BUILTIN_UCODE_{AMD,INTEL} can directly point to the +concatenation of the individual microcode blobs. For instance, assuming that +``amd-ucode/AuthenticAMD.bin`` and ``intel-ucode/GenuineIntel.bin`` hold +multiple microcode updates for AMD and INTEL, respectively, you may use the +configuration below. + + CONFIG_BUILTIN_UCODE_AMD="amd-ucode/AuthenticAMD.bin" + CONFIG_BUILTIN_UCODE_INTEL="intel-ucode/GenuineIntel.bin" + Run time microcode loading -------------------------- diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc index 40faf3bc3a..9cfc2df05a 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -2126,10 +2126,10 @@ logic applies: active by default. ### ucode (x86) -> `= List of [ | scan=, nmi= ]` +> `= List of [ | scan=, builtin=, nmi= ]` Applicability: x86 - Default: `nmi` + Default: `nmi` if BUILTIN_UCODE is not enabled, `builtin,nmi` otherwise Controls for CPU microcode loading. For early loading, this parameter can specify how and where to find the microcode update blob. For late loading, @@ -2150,6 +2150,12 @@ microcode in the cpio name space must be: - on Intel: kernel/x86/microcode/GenuineIntel.bin - on AMD : kernel/x86/microcode/AuthenticAMD.bin +'builtin' instructs the hypervisor to use the builtin microcode update. This +option is available only if option BUILTIN_UCODE is enabled at build. The +default value is `true`. If a microcode is provided via other options (such +as 'integer', 'scan', or `ucode=` config when booting via EFI), +the provided microcode takes precedence over the builtin one. + 'nmi' determines late loading is performed in NMI handler or just in stop_machine context. In NMI handler, even NMIs are blocked, which is considered safer. The default value is `true`. diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 02bb05f42e..9bc220925b 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -218,6 +218,36 @@ config MEM_SHARING bool "Xen memory sharing support" if EXPERT = "y" depends on HVM +config BUILTIN_UCODE + bool "Support for Builtin Microcode" + ---help--- + Include the CPU microcode update in the Xen image itself. With this + support, Xen can update the CPU microcode upon boot using the builtin + microcode, with no need for an additional microcode boot modules. + + If unsure, say N. + +config BUILTIN_UCODE_DIR + string "Directory containing microcode updates" + default "/lib/firmware/" + depends on BUILTIN_UCODE + ---help--- + The directory containing the microcode blobs. + +config BUILTIN_UCODE_AMD + string "AMD microcode updates" + default "" + depends on BUILTIN_UCODE + ---help--- + AMD builtin microcode; space-sparated, relative to BUILTIN_UCODE_DIR. + +config BUILTIN_UCODE_INTEL + string "INTEL microcode updates" + default "" + depends on BUILTIN_UCODE + ---help--- + INTEL builtin microcode; space-sparated, relative to BUILTIN_UCODE_DIR. + endmenu source "common/Kconfig" diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile index 7da5a2631e..886691a377 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile @@ -3,6 +3,7 @@ subdir-y += cpu subdir-y += genapic subdir-$(CONFIG_GUEST) += guest subdir-$(CONFIG_HVM) += hvm +subdir-$(CONFIG_BUILTIN_UCODE) += microcode subdir-y += mm subdir-$(CONFIG_XENOPROF) += oprofile subdir-$(CONFIG_PV) += pv diff --git a/xen/arch/x86/microcode.c b/xen/arch/x86/microcode.c index 4616fa9d2e..bcfbd31041 100644 --- a/xen/arch/x86/microcode.c +++ b/xen/arch/x86/microcode.c @@ -97,6 +97,14 @@ static struct ucode_mod_blob __initdata ucode_blob; */ static bool_t __initdata ucode_scan; +#ifdef CONFIG_BUILTIN_UCODE +/* builtin is the default when BUILTIN_UCODE is set */ +static bool __initdata ucode_builtin = true; + +extern const char __builtin_intel_ucode_start[], __builtin_intel_ucode_end[]; +extern const char __builtin_amd_ucode_start[], __builtin_amd_ucode_end[]; +#endif + /* By default, ucode loading is done in NMI handler */ static bool ucode_in_nmi = true; @@ -122,6 +130,10 @@ static int __init parse_ucode_param(const char *s) ucode_in_nmi = val; else if ( (val = parse_boolean("scan", s, ss)) >= 0 ) ucode_scan = val; +#ifdef CONFIG_BUILTIN_UCODE + else if ( (val = parse_boolean("builtin", s, ss)) >= 0 ) + ucode_builtin = val; +#endif else { const char *q; @@ -208,6 +220,40 @@ void __init microcode_grab_module( ucode_mod = mod[ucode_mod_idx]; else if ( ucode_scan ) microcode_scan_module(module_map, mbi); + +#ifdef CONFIG_BUILTIN_UCODE + /* + * Do not use the builtin microcode if: + * (a) builtin has been explicitly turned off (e.g., ucode=no-builtin) + * (b) a microcode module has been specified or a scan is successful + */ + if ( !ucode_builtin || ucode_mod.mod_end || ucode_blob.size ) + { + ucode_builtin = false; + return; + } + + /* Set ucode_start/_end to the proper blob */ + if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) + { + ucode_blob.size = __builtin_amd_ucode_end - __builtin_amd_ucode_start; + ucode_blob.data = __builtin_amd_ucode_start; + } + else if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ) + { + ucode_blob.size = __builtin_intel_ucode_end - + __builtin_intel_ucode_start; + ucode_blob.data = __builtin_intel_ucode_start; + } + else + return; + + if ( !ucode_blob.size ) + { + printk("No builtin ucode for the CPU vendor.\n"); + ucode_blob.data = NULL; + } +#endif } const struct microcode_ops *microcode_ops; @@ -701,7 +747,13 @@ static int __init microcode_init(void) */ if ( ucode_blob.size ) { +#ifdef CONFIG_BUILTIN_UCODE + /* No need to destroy module mappings if builtin was used */ + if ( !ucode_builtin ) + bootstrap_map(NULL); +#else bootstrap_map(NULL); +#endif ucode_blob.size = 0; ucode_blob.data = NULL; } diff --git a/xen/arch/x86/microcode/Makefile b/xen/arch/x86/microcode/Makefile new file mode 100644 index 0000000000..c34d99903a --- /dev/null +++ b/xen/arch/x86/microcode/Makefile @@ -0,0 +1,46 @@ +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. +# Author: Eslam Elnikety +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# Remove quotes and excess spaces from configuration strings +UCODE_DIR=$(strip $(subst $\",,$(CONFIG_BUILTIN_UCODE_DIR))) +UCODE_AMD=$(strip $(subst $\",,$(CONFIG_BUILTIN_UCODE_AMD))) +UCODE_INTEL=$(strip $(subst $\",,$(CONFIG_BUILTIN_UCODE_INTEL))) + +# AMD and INTEL microcode blobs. Use 'wildcard' to filter for existing blobs. +amd-blobs := $(wildcard $(addprefix $(UCODE_DIR),$(UCODE_AMD))) +intel-blobs := $(wildcard $(addprefix $(UCODE_DIR),$(UCODE_INTEL))) + +ifneq ($(amd-blobs),) +obj-y += ucode_amd.o +endif + +ifneq ($(intel-blobs),) +obj-y += ucode_intel.o +endif + +ifeq ($(amd-blobs)$(intel-blobs),) +obj-y += ucode_dummy.o +endif + +ucode_amd.o: Makefile $(amd-blobs) + cat $(amd-blobs) > $@.bin + $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 --rename-section .data=.builtin_amd_ucode,alloc,load,readonly,data,contents $@.bin $@ + rm -f $@.bin + +ucode_intel.o: Makefile $(intel-blobs) + cat $(intel-blobs) > $@.bin + $(OBJCOPY) -I binary -O elf64-x86-64 -B i386:x86-64 --rename-section .data=.builtin_intel_ucode,alloc,load,readonly,data,contents $@.bin $@ + rm -f $@.bin + +ucode_dummy.o: Makefile + $(CC) $(CFLAGS) -c -x c /dev/null -o $@; diff --git a/xen/arch/x86/xen.lds.S b/xen/arch/x86/xen.lds.S index 111edb5360..7a4c58c246 100644 --- a/xen/arch/x86/xen.lds.S +++ b/xen/arch/x86/xen.lds.S @@ -265,6 +265,18 @@ SECTIONS *(SORT(.data.vpci.*)) __end_vpci_array = .; #endif + +#if defined(CONFIG_BUILTIN_UCODE) + . = ALIGN(POINTER_ALIGN); + __builtin_amd_ucode_start = .; + *(.builtin_amd_ucode) + __builtin_amd_ucode_end = .; + + . = ALIGN(POINTER_ALIGN); + __builtin_intel_ucode_start = .; + *(.builtin_intel_ucode) + __builtin_intel_ucode_end = .; +#endif } :text . = ALIGN(SECTION_ALIGN);