Commit f5a968e7 authored by Borislav Petkov's avatar Borislav Petkov Committed by Aichun Shi
Browse files

x86/microcode: Default-disable late loading 

mainline inclusion
from mainline-v5.19-rc1
commit a77a94f8
category: feature
feature: Backport Intel In Field Scan(IFS) multi-blob images support
bugzilla: https://gitee.com/openeuler/intel-kernel/issues/I6L337
CVE: N/A
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/


commit/?id=a77a94f8

Intel-SIG: commit a77a94f8 ("x86/microcode: Default-disable late loading")

-------------------------------------

x86/microcode: Default-disable late loading

It is dangerous and it should not be used anyway - there's a nice early
loading already.

Requested-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20220525161232.14924-3-bp@alien8.de


Signed-off-by: default avatarAichun Shi <aichun.shi@intel.com>
parent 05a2ea3f

arch/x86/Kconfig

+11 −0
Original line number Diff line number Diff line
@@ -1336,6 +1336,17 @@ config MICROCODE_AMD 
	  If you select this option, microcode patch loading support for AMD

	  processors will be enabled.



config MICROCODE_LATE_LOADING

	bool "Late microcode loading (DANGEROUS)"

	default n

	depends on MICROCODE

	help

	  Loading microcode late, when the system is up and executing instructions

	  is a tricky business and should be avoided if possible. Just the sequence

	  of synchronizing all cores and SMT threads is one fragile dance which does

	  not guarantee that cores might not softlock after the loading. Therefore,

	  use this at your own risk. Late loading taints the kernel too.



config X86_MSR

	tristate "/dev/cpu/*/msr - Model-specific register support"

	help

arch/x86/kernel/cpu/common.c

+2 −0
Original line number Diff line number Diff line
@@ -2140,6 +2140,7 @@ void cpu_init(void) 
	load_fixmap_gdt(cpu);

}



#ifdef CONFIG_MICROCODE_LATE_LOADING

/*

 * The microcode loader calls this upon late microcode load to recheck features,

 * only when microcode has been updated. Caller holds microcode_mutex and CPU
@@ -2169,6 +2170,7 @@ void microcode_check(void) 
	pr_warn("x86/CPU: CPU features have changed after loading microcode, but might not take effect.\n");

	pr_warn("x86/CPU: Please consider either early loading through initrd/built-in or a potential BIOS update.\n");

}

#endif



/*

 * Invoked from core CPU hotplug code after hotplug operations

arch/x86/kernel/cpu/microcode/core.c

+6 −1
Original line number Diff line number Diff line
@@ -393,6 +393,7 @@ static int apply_microcode_on_target(int cpu) 
/* fake device for request_firmware */

static struct platform_device	*microcode_pdev;



#ifdef CONFIG_MICROCODE_LATE_LOADING

/*

 * Late loading dance. Why the heavy-handed stomp_machine effort?

 *
@@ -560,6 +561,9 @@ static ssize_t reload_store(struct device *dev, 
	return ret;

}



static DEVICE_ATTR_WO(reload);

#endif



static ssize_t version_show(struct device *dev,

			struct device_attribute *attr, char *buf)

{
@@ -576,7 +580,6 @@ static ssize_t pf_show(struct device *dev, 
	return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);

}



static DEVICE_ATTR_WO(reload);

static DEVICE_ATTR(version, 0444, version_show, NULL);

static DEVICE_ATTR(processor_flags, 0444, pf_show, NULL);
@@ -729,7 +732,9 @@ static int mc_cpu_down_prep(unsigned int cpu) 
}



static struct attribute *cpu_root_microcode_attrs[] = {

#ifdef CONFIG_MICROCODE_LATE_LOADING

	&dev_attr_reload.attr,

#endif

	NULL

};