Loading...
1/*
2 * CPU Microcode Update Driver for Linux
3 *
4 * Copyright (C) 2000-2006 Tigran Aivazian <aivazian.tigran@gmail.com>
5 * 2006 Shaohua Li <shaohua.li@intel.com>
6 * 2013-2016 Borislav Petkov <bp@alien8.de>
7 *
8 * X86 CPU microcode early update for Linux:
9 *
10 * Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com>
11 * H Peter Anvin" <hpa@zytor.com>
12 * (C) 2015 Borislav Petkov <bp@alien8.de>
13 *
14 * This driver allows to upgrade microcode on x86 processors.
15 *
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License
18 * as published by the Free Software Foundation; either version
19 * 2 of the License, or (at your option) any later version.
20 */
21
22#define pr_fmt(fmt) "microcode: " fmt
23
24#include <linux/platform_device.h>
25#include <linux/stop_machine.h>
26#include <linux/syscore_ops.h>
27#include <linux/miscdevice.h>
28#include <linux/capability.h>
29#include <linux/firmware.h>
30#include <linux/kernel.h>
31#include <linux/delay.h>
32#include <linux/mutex.h>
33#include <linux/cpu.h>
34#include <linux/nmi.h>
35#include <linux/fs.h>
36#include <linux/mm.h>
37
38#include <asm/microcode_intel.h>
39#include <asm/cpu_device_id.h>
40#include <asm/microcode_amd.h>
41#include <asm/perf_event.h>
42#include <asm/microcode.h>
43#include <asm/processor.h>
44#include <asm/cmdline.h>
45#include <asm/setup.h>
46
47#define DRIVER_VERSION "2.2"
48
49static struct microcode_ops *microcode_ops;
50static bool dis_ucode_ldr = true;
51
52bool initrd_gone;
53
54LIST_HEAD(microcode_cache);
55
56/*
57 * Synchronization.
58 *
59 * All non cpu-hotplug-callback call sites use:
60 *
61 * - microcode_mutex to synchronize with each other;
62 * - get/put_online_cpus() to synchronize with
63 * the cpu-hotplug-callback call sites.
64 *
65 * We guarantee that only a single cpu is being
66 * updated at any particular moment of time.
67 */
68static DEFINE_MUTEX(microcode_mutex);
69
70/*
71 * Serialize late loading so that CPUs get updated one-by-one.
72 */
73static DEFINE_SPINLOCK(update_lock);
74
75struct ucode_cpu_info ucode_cpu_info[NR_CPUS];
76
77struct cpu_info_ctx {
78 struct cpu_signature *cpu_sig;
79 int err;
80};
81
82/*
83 * Those patch levels cannot be updated to newer ones and thus should be final.
84 */
85static u32 final_levels[] = {
86 0x01000098,
87 0x0100009f,
88 0x010000af,
89 0, /* T-101 terminator */
90};
91
92/*
93 * Check the current patch level on this CPU.
94 *
95 * Returns:
96 * - true: if update should stop
97 * - false: otherwise
98 */
99static bool amd_check_current_patch_level(void)
100{
101 u32 lvl, dummy, i;
102 u32 *levels;
103
104 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
105
106 if (IS_ENABLED(CONFIG_X86_32))
107 levels = (u32 *)__pa_nodebug(&final_levels);
108 else
109 levels = final_levels;
110
111 for (i = 0; levels[i]; i++) {
112 if (lvl == levels[i])
113 return true;
114 }
115 return false;
116}
117
118static bool __init check_loader_disabled_bsp(void)
119{
120 static const char *__dis_opt_str = "dis_ucode_ldr";
121
122#ifdef CONFIG_X86_32
123 const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
124 const char *option = (const char *)__pa_nodebug(__dis_opt_str);
125 bool *res = (bool *)__pa_nodebug(&dis_ucode_ldr);
126
127#else /* CONFIG_X86_64 */
128 const char *cmdline = boot_command_line;
129 const char *option = __dis_opt_str;
130 bool *res = &dis_ucode_ldr;
131#endif
132
133 /*
134 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
135 * completely accurate as xen pv guests don't see that CPUID bit set but
136 * that's good enough as they don't land on the BSP path anyway.
137 */
138 if (native_cpuid_ecx(1) & BIT(31))
139 return *res;
140
141 if (x86_cpuid_vendor() == X86_VENDOR_AMD) {
142 if (amd_check_current_patch_level())
143 return *res;
144 }
145
146 if (cmdline_find_option_bool(cmdline, option) <= 0)
147 *res = false;
148
149 return *res;
150}
151
152extern struct builtin_fw __start_builtin_fw[];
153extern struct builtin_fw __end_builtin_fw[];
154
155bool get_builtin_firmware(struct cpio_data *cd, const char *name)
156{
157#ifdef CONFIG_FW_LOADER
158 struct builtin_fw *b_fw;
159
160 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
161 if (!strcmp(name, b_fw->name)) {
162 cd->size = b_fw->size;
163 cd->data = b_fw->data;
164 return true;
165 }
166 }
167#endif
168 return false;
169}
170
171void __init load_ucode_bsp(void)
172{
173 unsigned int cpuid_1_eax;
174 bool intel = true;
175
176 if (!have_cpuid_p())
177 return;
178
179 cpuid_1_eax = native_cpuid_eax(1);
180
181 switch (x86_cpuid_vendor()) {
182 case X86_VENDOR_INTEL:
183 if (x86_family(cpuid_1_eax) < 6)
184 return;
185 break;
186
187 case X86_VENDOR_AMD:
188 if (x86_family(cpuid_1_eax) < 0x10)
189 return;
190 intel = false;
191 break;
192
193 default:
194 return;
195 }
196
197 if (check_loader_disabled_bsp())
198 return;
199
200 if (intel)
201 load_ucode_intel_bsp();
202 else
203 load_ucode_amd_bsp(cpuid_1_eax);
204}
205
206static bool check_loader_disabled_ap(void)
207{
208#ifdef CONFIG_X86_32
209 return *((bool *)__pa_nodebug(&dis_ucode_ldr));
210#else
211 return dis_ucode_ldr;
212#endif
213}
214
215void load_ucode_ap(void)
216{
217 unsigned int cpuid_1_eax;
218
219 if (check_loader_disabled_ap())
220 return;
221
222 cpuid_1_eax = native_cpuid_eax(1);
223
224 switch (x86_cpuid_vendor()) {
225 case X86_VENDOR_INTEL:
226 if (x86_family(cpuid_1_eax) >= 6)
227 load_ucode_intel_ap();
228 break;
229 case X86_VENDOR_AMD:
230 if (x86_family(cpuid_1_eax) >= 0x10)
231 load_ucode_amd_ap(cpuid_1_eax);
232 break;
233 default:
234 break;
235 }
236}
237
238static int __init save_microcode_in_initrd(void)
239{
240 struct cpuinfo_x86 *c = &boot_cpu_data;
241 int ret = -EINVAL;
242
243 switch (c->x86_vendor) {
244 case X86_VENDOR_INTEL:
245 if (c->x86 >= 6)
246 ret = save_microcode_in_initrd_intel();
247 break;
248 case X86_VENDOR_AMD:
249 if (c->x86 >= 0x10)
250 ret = save_microcode_in_initrd_amd(cpuid_eax(1));
251 break;
252 default:
253 break;
254 }
255
256 initrd_gone = true;
257
258 return ret;
259}
260
261struct cpio_data find_microcode_in_initrd(const char *path, bool use_pa)
262{
263#ifdef CONFIG_BLK_DEV_INITRD
264 unsigned long start = 0;
265 size_t size;
266
267#ifdef CONFIG_X86_32
268 struct boot_params *params;
269
270 if (use_pa)
271 params = (struct boot_params *)__pa_nodebug(&boot_params);
272 else
273 params = &boot_params;
274
275 size = params->hdr.ramdisk_size;
276
277 /*
278 * Set start only if we have an initrd image. We cannot use initrd_start
279 * because it is not set that early yet.
280 */
281 if (size)
282 start = params->hdr.ramdisk_image;
283
284# else /* CONFIG_X86_64 */
285 size = (unsigned long)boot_params.ext_ramdisk_size << 32;
286 size |= boot_params.hdr.ramdisk_size;
287
288 if (size) {
289 start = (unsigned long)boot_params.ext_ramdisk_image << 32;
290 start |= boot_params.hdr.ramdisk_image;
291
292 start += PAGE_OFFSET;
293 }
294# endif
295
296 /*
297 * Fixup the start address: after reserve_initrd() runs, initrd_start
298 * has the virtual address of the beginning of the initrd. It also
299 * possibly relocates the ramdisk. In either case, initrd_start contains
300 * the updated address so use that instead.
301 *
302 * initrd_gone is for the hotplug case where we've thrown out initrd
303 * already.
304 */
305 if (!use_pa) {
306 if (initrd_gone)
307 return (struct cpio_data){ NULL, 0, "" };
308 if (initrd_start)
309 start = initrd_start;
310 } else {
311 /*
312 * The picture with physical addresses is a bit different: we
313 * need to get the *physical* address to which the ramdisk was
314 * relocated, i.e., relocated_ramdisk (not initrd_start) and
315 * since we're running from physical addresses, we need to access
316 * relocated_ramdisk through its *physical* address too.
317 */
318 u64 *rr = (u64 *)__pa_nodebug(&relocated_ramdisk);
319 if (*rr)
320 start = *rr;
321 }
322
323 return find_cpio_data(path, (void *)start, size, NULL);
324#else /* !CONFIG_BLK_DEV_INITRD */
325 return (struct cpio_data){ NULL, 0, "" };
326#endif
327}
328
329void reload_early_microcode(void)
330{
331 int vendor, family;
332
333 vendor = x86_cpuid_vendor();
334 family = x86_cpuid_family();
335
336 switch (vendor) {
337 case X86_VENDOR_INTEL:
338 if (family >= 6)
339 reload_ucode_intel();
340 break;
341 case X86_VENDOR_AMD:
342 if (family >= 0x10)
343 reload_ucode_amd();
344 break;
345 default:
346 break;
347 }
348}
349
350static void collect_cpu_info_local(void *arg)
351{
352 struct cpu_info_ctx *ctx = arg;
353
354 ctx->err = microcode_ops->collect_cpu_info(smp_processor_id(),
355 ctx->cpu_sig);
356}
357
358static int collect_cpu_info_on_target(int cpu, struct cpu_signature *cpu_sig)
359{
360 struct cpu_info_ctx ctx = { .cpu_sig = cpu_sig, .err = 0 };
361 int ret;
362
363 ret = smp_call_function_single(cpu, collect_cpu_info_local, &ctx, 1);
364 if (!ret)
365 ret = ctx.err;
366
367 return ret;
368}
369
370static int collect_cpu_info(int cpu)
371{
372 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
373 int ret;
374
375 memset(uci, 0, sizeof(*uci));
376
377 ret = collect_cpu_info_on_target(cpu, &uci->cpu_sig);
378 if (!ret)
379 uci->valid = 1;
380
381 return ret;
382}
383
384static void apply_microcode_local(void *arg)
385{
386 enum ucode_state *err = arg;
387
388 *err = microcode_ops->apply_microcode(smp_processor_id());
389}
390
391static int apply_microcode_on_target(int cpu)
392{
393 enum ucode_state err;
394 int ret;
395
396 ret = smp_call_function_single(cpu, apply_microcode_local, &err, 1);
397 if (!ret) {
398 if (err == UCODE_ERROR)
399 ret = 1;
400 }
401 return ret;
402}
403
404#ifdef CONFIG_MICROCODE_OLD_INTERFACE
405static int do_microcode_update(const void __user *buf, size_t size)
406{
407 int error = 0;
408 int cpu;
409
410 for_each_online_cpu(cpu) {
411 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
412 enum ucode_state ustate;
413
414 if (!uci->valid)
415 continue;
416
417 ustate = microcode_ops->request_microcode_user(cpu, buf, size);
418 if (ustate == UCODE_ERROR) {
419 error = -1;
420 break;
421 } else if (ustate == UCODE_OK)
422 apply_microcode_on_target(cpu);
423 }
424
425 return error;
426}
427
428static int microcode_open(struct inode *inode, struct file *file)
429{
430 return capable(CAP_SYS_RAWIO) ? nonseekable_open(inode, file) : -EPERM;
431}
432
433static ssize_t microcode_write(struct file *file, const char __user *buf,
434 size_t len, loff_t *ppos)
435{
436 ssize_t ret = -EINVAL;
437
438 if ((len >> PAGE_SHIFT) > totalram_pages) {
439 pr_err("too much data (max %ld pages)\n", totalram_pages);
440 return ret;
441 }
442
443 get_online_cpus();
444 mutex_lock(µcode_mutex);
445
446 if (do_microcode_update(buf, len) == 0)
447 ret = (ssize_t)len;
448
449 if (ret > 0)
450 perf_check_microcode();
451
452 mutex_unlock(µcode_mutex);
453 put_online_cpus();
454
455 return ret;
456}
457
458static const struct file_operations microcode_fops = {
459 .owner = THIS_MODULE,
460 .write = microcode_write,
461 .open = microcode_open,
462 .llseek = no_llseek,
463};
464
465static struct miscdevice microcode_dev = {
466 .minor = MICROCODE_MINOR,
467 .name = "microcode",
468 .nodename = "cpu/microcode",
469 .fops = µcode_fops,
470};
471
472static int __init microcode_dev_init(void)
473{
474 int error;
475
476 error = misc_register(µcode_dev);
477 if (error) {
478 pr_err("can't misc_register on minor=%d\n", MICROCODE_MINOR);
479 return error;
480 }
481
482 return 0;
483}
484
485static void __exit microcode_dev_exit(void)
486{
487 misc_deregister(µcode_dev);
488}
489#else
490#define microcode_dev_init() 0
491#define microcode_dev_exit() do { } while (0)
492#endif
493
494/* fake device for request_firmware */
495static struct platform_device *microcode_pdev;
496
497/*
498 * Late loading dance. Why the heavy-handed stomp_machine effort?
499 *
500 * - HT siblings must be idle and not execute other code while the other sibling
501 * is loading microcode in order to avoid any negative interactions caused by
502 * the loading.
503 *
504 * - In addition, microcode update on the cores must be serialized until this
505 * requirement can be relaxed in the future. Right now, this is conservative
506 * and good.
507 */
508#define SPINUNIT 100 /* 100 nsec */
509
510static int check_online_cpus(void)
511{
512 if (num_online_cpus() == num_present_cpus())
513 return 0;
514
515 pr_err("Not all CPUs online, aborting microcode update.\n");
516
517 return -EINVAL;
518}
519
520static atomic_t late_cpus_in;
521static atomic_t late_cpus_out;
522
523static int __wait_for_cpus(atomic_t *t, long long timeout)
524{
525 int all_cpus = num_online_cpus();
526
527 atomic_inc(t);
528
529 while (atomic_read(t) < all_cpus) {
530 if (timeout < SPINUNIT) {
531 pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n",
532 all_cpus - atomic_read(t));
533 return 1;
534 }
535
536 ndelay(SPINUNIT);
537 timeout -= SPINUNIT;
538
539 touch_nmi_watchdog();
540 }
541 return 0;
542}
543
544/*
545 * Returns:
546 * < 0 - on error
547 * 0 - no update done
548 * 1 - microcode was updated
549 */
550static int __reload_late(void *info)
551{
552 int cpu = smp_processor_id();
553 enum ucode_state err;
554 int ret = 0;
555
556 /*
557 * Wait for all CPUs to arrive. A load will not be attempted unless all
558 * CPUs show up.
559 * */
560 if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC))
561 return -1;
562
563 spin_lock(&update_lock);
564 apply_microcode_local(&err);
565 spin_unlock(&update_lock);
566
567 /* siblings return UCODE_OK because their engine got updated already */
568 if (err > UCODE_NFOUND) {
569 pr_warn("Error reloading microcode on CPU %d\n", cpu);
570 ret = -1;
571 } else if (err == UCODE_UPDATED || err == UCODE_OK) {
572 ret = 1;
573 }
574
575 /*
576 * Increase the wait timeout to a safe value here since we're
577 * serializing the microcode update and that could take a while on a
578 * large number of CPUs. And that is fine as the *actual* timeout will
579 * be determined by the last CPU finished updating and thus cut short.
580 */
581 if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC * num_online_cpus()))
582 panic("Timeout during microcode update!\n");
583
584 return ret;
585}
586
587/*
588 * Reload microcode late on all CPUs. Wait for a sec until they
589 * all gather together.
590 */
591static int microcode_reload_late(void)
592{
593 int ret;
594
595 atomic_set(&late_cpus_in, 0);
596 atomic_set(&late_cpus_out, 0);
597
598 ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask);
599 if (ret > 0)
600 microcode_check();
601
602 return ret;
603}
604
605static ssize_t reload_store(struct device *dev,
606 struct device_attribute *attr,
607 const char *buf, size_t size)
608{
609 enum ucode_state tmp_ret = UCODE_OK;
610 int bsp = boot_cpu_data.cpu_index;
611 unsigned long val;
612 ssize_t ret = 0;
613
614 ret = kstrtoul(buf, 0, &val);
615 if (ret)
616 return ret;
617
618 if (val != 1)
619 return size;
620
621 tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true);
622 if (tmp_ret != UCODE_NEW)
623 return size;
624
625 get_online_cpus();
626
627 ret = check_online_cpus();
628 if (ret)
629 goto put;
630
631 mutex_lock(µcode_mutex);
632 ret = microcode_reload_late();
633 mutex_unlock(µcode_mutex);
634
635put:
636 put_online_cpus();
637
638 if (ret >= 0)
639 ret = size;
640
641 return ret;
642}
643
644static ssize_t version_show(struct device *dev,
645 struct device_attribute *attr, char *buf)
646{
647 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
648
649 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
650}
651
652static ssize_t pf_show(struct device *dev,
653 struct device_attribute *attr, char *buf)
654{
655 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
656
657 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
658}
659
660static DEVICE_ATTR_WO(reload);
661static DEVICE_ATTR(version, 0400, version_show, NULL);
662static DEVICE_ATTR(processor_flags, 0400, pf_show, NULL);
663
664static struct attribute *mc_default_attrs[] = {
665 &dev_attr_version.attr,
666 &dev_attr_processor_flags.attr,
667 NULL
668};
669
670static const struct attribute_group mc_attr_group = {
671 .attrs = mc_default_attrs,
672 .name = "microcode",
673};
674
675static void microcode_fini_cpu(int cpu)
676{
677 if (microcode_ops->microcode_fini_cpu)
678 microcode_ops->microcode_fini_cpu(cpu);
679}
680
681static enum ucode_state microcode_resume_cpu(int cpu)
682{
683 if (apply_microcode_on_target(cpu))
684 return UCODE_ERROR;
685
686 pr_debug("CPU%d updated upon resume\n", cpu);
687
688 return UCODE_OK;
689}
690
691static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw)
692{
693 enum ucode_state ustate;
694 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
695
696 if (uci->valid)
697 return UCODE_OK;
698
699 if (collect_cpu_info(cpu))
700 return UCODE_ERROR;
701
702 /* --dimm. Trigger a delayed update? */
703 if (system_state != SYSTEM_RUNNING)
704 return UCODE_NFOUND;
705
706 ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, refresh_fw);
707 if (ustate == UCODE_NEW) {
708 pr_debug("CPU%d updated upon init\n", cpu);
709 apply_microcode_on_target(cpu);
710 }
711
712 return ustate;
713}
714
715static enum ucode_state microcode_update_cpu(int cpu)
716{
717 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
718
719 /* Refresh CPU microcode revision after resume. */
720 collect_cpu_info(cpu);
721
722 if (uci->valid)
723 return microcode_resume_cpu(cpu);
724
725 return microcode_init_cpu(cpu, false);
726}
727
728static int mc_device_add(struct device *dev, struct subsys_interface *sif)
729{
730 int err, cpu = dev->id;
731
732 if (!cpu_online(cpu))
733 return 0;
734
735 pr_debug("CPU%d added\n", cpu);
736
737 err = sysfs_create_group(&dev->kobj, &mc_attr_group);
738 if (err)
739 return err;
740
741 if (microcode_init_cpu(cpu, true) == UCODE_ERROR)
742 return -EINVAL;
743
744 return err;
745}
746
747static void mc_device_remove(struct device *dev, struct subsys_interface *sif)
748{
749 int cpu = dev->id;
750
751 if (!cpu_online(cpu))
752 return;
753
754 pr_debug("CPU%d removed\n", cpu);
755 microcode_fini_cpu(cpu);
756 sysfs_remove_group(&dev->kobj, &mc_attr_group);
757}
758
759static struct subsys_interface mc_cpu_interface = {
760 .name = "microcode",
761 .subsys = &cpu_subsys,
762 .add_dev = mc_device_add,
763 .remove_dev = mc_device_remove,
764};
765
766/**
767 * mc_bp_resume - Update boot CPU microcode during resume.
768 */
769static void mc_bp_resume(void)
770{
771 int cpu = smp_processor_id();
772 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
773
774 if (uci->valid && uci->mc)
775 microcode_ops->apply_microcode(cpu);
776 else if (!uci->mc)
777 reload_early_microcode();
778}
779
780static struct syscore_ops mc_syscore_ops = {
781 .resume = mc_bp_resume,
782};
783
784static int mc_cpu_online(unsigned int cpu)
785{
786 struct device *dev;
787
788 dev = get_cpu_device(cpu);
789 microcode_update_cpu(cpu);
790 pr_debug("CPU%d added\n", cpu);
791
792 if (sysfs_create_group(&dev->kobj, &mc_attr_group))
793 pr_err("Failed to create group for CPU%d\n", cpu);
794 return 0;
795}
796
797static int mc_cpu_down_prep(unsigned int cpu)
798{
799 struct device *dev;
800
801 dev = get_cpu_device(cpu);
802 /* Suspend is in progress, only remove the interface */
803 sysfs_remove_group(&dev->kobj, &mc_attr_group);
804 pr_debug("CPU%d removed\n", cpu);
805
806 return 0;
807}
808
809static struct attribute *cpu_root_microcode_attrs[] = {
810 &dev_attr_reload.attr,
811 NULL
812};
813
814static const struct attribute_group cpu_root_microcode_group = {
815 .name = "microcode",
816 .attrs = cpu_root_microcode_attrs,
817};
818
819int __init microcode_init(void)
820{
821 struct cpuinfo_x86 *c = &boot_cpu_data;
822 int error;
823
824 if (dis_ucode_ldr)
825 return -EINVAL;
826
827 if (c->x86_vendor == X86_VENDOR_INTEL)
828 microcode_ops = init_intel_microcode();
829 else if (c->x86_vendor == X86_VENDOR_AMD)
830 microcode_ops = init_amd_microcode();
831 else
832 pr_err("no support for this CPU vendor\n");
833
834 if (!microcode_ops)
835 return -ENODEV;
836
837 microcode_pdev = platform_device_register_simple("microcode", -1,
838 NULL, 0);
839 if (IS_ERR(microcode_pdev))
840 return PTR_ERR(microcode_pdev);
841
842 get_online_cpus();
843 mutex_lock(µcode_mutex);
844
845 error = subsys_interface_register(&mc_cpu_interface);
846 if (!error)
847 perf_check_microcode();
848 mutex_unlock(µcode_mutex);
849 put_online_cpus();
850
851 if (error)
852 goto out_pdev;
853
854 error = sysfs_create_group(&cpu_subsys.dev_root->kobj,
855 &cpu_root_microcode_group);
856
857 if (error) {
858 pr_err("Error creating microcode group!\n");
859 goto out_driver;
860 }
861
862 error = microcode_dev_init();
863 if (error)
864 goto out_ucode_group;
865
866 register_syscore_ops(&mc_syscore_ops);
867 cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
868 mc_cpu_online, mc_cpu_down_prep);
869
870 pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION);
871
872 return 0;
873
874 out_ucode_group:
875 sysfs_remove_group(&cpu_subsys.dev_root->kobj,
876 &cpu_root_microcode_group);
877
878 out_driver:
879 get_online_cpus();
880 mutex_lock(µcode_mutex);
881
882 subsys_interface_unregister(&mc_cpu_interface);
883
884 mutex_unlock(µcode_mutex);
885 put_online_cpus();
886
887 out_pdev:
888 platform_device_unregister(microcode_pdev);
889 return error;
890
891}
892fs_initcall(save_microcode_in_initrd);
893late_initcall(microcode_init);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * CPU Microcode Update Driver for Linux
4 *
5 * Copyright (C) 2000-2006 Tigran Aivazian <aivazian.tigran@gmail.com>
6 * 2006 Shaohua Li <shaohua.li@intel.com>
7 * 2013-2016 Borislav Petkov <bp@alien8.de>
8 *
9 * X86 CPU microcode early update for Linux:
10 *
11 * Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com>
12 * H Peter Anvin" <hpa@zytor.com>
13 * (C) 2015 Borislav Petkov <bp@alien8.de>
14 *
15 * This driver allows to upgrade microcode on x86 processors.
16 */
17
18#define pr_fmt(fmt) "microcode: " fmt
19
20#include <linux/platform_device.h>
21#include <linux/stop_machine.h>
22#include <linux/syscore_ops.h>
23#include <linux/miscdevice.h>
24#include <linux/capability.h>
25#include <linux/firmware.h>
26#include <linux/kernel.h>
27#include <linux/delay.h>
28#include <linux/mutex.h>
29#include <linux/cpu.h>
30#include <linux/nmi.h>
31#include <linux/fs.h>
32#include <linux/mm.h>
33
34#include <asm/microcode_intel.h>
35#include <asm/cpu_device_id.h>
36#include <asm/microcode_amd.h>
37#include <asm/perf_event.h>
38#include <asm/microcode.h>
39#include <asm/processor.h>
40#include <asm/cmdline.h>
41#include <asm/setup.h>
42
43#define DRIVER_VERSION "2.2"
44
45static struct microcode_ops *microcode_ops;
46static bool dis_ucode_ldr = true;
47
48bool initrd_gone;
49
50LIST_HEAD(microcode_cache);
51
52/*
53 * Synchronization.
54 *
55 * All non cpu-hotplug-callback call sites use:
56 *
57 * - microcode_mutex to synchronize with each other;
58 * - cpus_read_lock/unlock() to synchronize with
59 * the cpu-hotplug-callback call sites.
60 *
61 * We guarantee that only a single cpu is being
62 * updated at any particular moment of time.
63 */
64static DEFINE_MUTEX(microcode_mutex);
65
66struct ucode_cpu_info ucode_cpu_info[NR_CPUS];
67
68struct cpu_info_ctx {
69 struct cpu_signature *cpu_sig;
70 int err;
71};
72
73/*
74 * Those patch levels cannot be updated to newer ones and thus should be final.
75 */
76static u32 final_levels[] = {
77 0x01000098,
78 0x0100009f,
79 0x010000af,
80 0, /* T-101 terminator */
81};
82
83/*
84 * Check the current patch level on this CPU.
85 *
86 * Returns:
87 * - true: if update should stop
88 * - false: otherwise
89 */
90static bool amd_check_current_patch_level(void)
91{
92 u32 lvl, dummy, i;
93 u32 *levels;
94
95 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
96
97 if (IS_ENABLED(CONFIG_X86_32))
98 levels = (u32 *)__pa_nodebug(&final_levels);
99 else
100 levels = final_levels;
101
102 for (i = 0; levels[i]; i++) {
103 if (lvl == levels[i])
104 return true;
105 }
106 return false;
107}
108
109static bool __init check_loader_disabled_bsp(void)
110{
111 static const char *__dis_opt_str = "dis_ucode_ldr";
112
113#ifdef CONFIG_X86_32
114 const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
115 const char *option = (const char *)__pa_nodebug(__dis_opt_str);
116 bool *res = (bool *)__pa_nodebug(&dis_ucode_ldr);
117
118#else /* CONFIG_X86_64 */
119 const char *cmdline = boot_command_line;
120 const char *option = __dis_opt_str;
121 bool *res = &dis_ucode_ldr;
122#endif
123
124 /*
125 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
126 * completely accurate as xen pv guests don't see that CPUID bit set but
127 * that's good enough as they don't land on the BSP path anyway.
128 */
129 if (native_cpuid_ecx(1) & BIT(31))
130 return *res;
131
132 if (x86_cpuid_vendor() == X86_VENDOR_AMD) {
133 if (amd_check_current_patch_level())
134 return *res;
135 }
136
137 if (cmdline_find_option_bool(cmdline, option) <= 0)
138 *res = false;
139
140 return *res;
141}
142
143void __init load_ucode_bsp(void)
144{
145 unsigned int cpuid_1_eax;
146 bool intel = true;
147
148 if (!have_cpuid_p())
149 return;
150
151 cpuid_1_eax = native_cpuid_eax(1);
152
153 switch (x86_cpuid_vendor()) {
154 case X86_VENDOR_INTEL:
155 if (x86_family(cpuid_1_eax) < 6)
156 return;
157 break;
158
159 case X86_VENDOR_AMD:
160 if (x86_family(cpuid_1_eax) < 0x10)
161 return;
162 intel = false;
163 break;
164
165 default:
166 return;
167 }
168
169 if (check_loader_disabled_bsp())
170 return;
171
172 if (intel)
173 load_ucode_intel_bsp();
174 else
175 load_ucode_amd_bsp(cpuid_1_eax);
176}
177
178static bool check_loader_disabled_ap(void)
179{
180#ifdef CONFIG_X86_32
181 return *((bool *)__pa_nodebug(&dis_ucode_ldr));
182#else
183 return dis_ucode_ldr;
184#endif
185}
186
187void load_ucode_ap(void)
188{
189 unsigned int cpuid_1_eax;
190
191 if (check_loader_disabled_ap())
192 return;
193
194 cpuid_1_eax = native_cpuid_eax(1);
195
196 switch (x86_cpuid_vendor()) {
197 case X86_VENDOR_INTEL:
198 if (x86_family(cpuid_1_eax) >= 6)
199 load_ucode_intel_ap();
200 break;
201 case X86_VENDOR_AMD:
202 if (x86_family(cpuid_1_eax) >= 0x10)
203 load_ucode_amd_ap(cpuid_1_eax);
204 break;
205 default:
206 break;
207 }
208}
209
210static int __init save_microcode_in_initrd(void)
211{
212 struct cpuinfo_x86 *c = &boot_cpu_data;
213 int ret = -EINVAL;
214
215 switch (c->x86_vendor) {
216 case X86_VENDOR_INTEL:
217 if (c->x86 >= 6)
218 ret = save_microcode_in_initrd_intel();
219 break;
220 case X86_VENDOR_AMD:
221 if (c->x86 >= 0x10)
222 ret = save_microcode_in_initrd_amd(cpuid_eax(1));
223 break;
224 default:
225 break;
226 }
227
228 initrd_gone = true;
229
230 return ret;
231}
232
233struct cpio_data find_microcode_in_initrd(const char *path, bool use_pa)
234{
235#ifdef CONFIG_BLK_DEV_INITRD
236 unsigned long start = 0;
237 size_t size;
238
239#ifdef CONFIG_X86_32
240 struct boot_params *params;
241
242 if (use_pa)
243 params = (struct boot_params *)__pa_nodebug(&boot_params);
244 else
245 params = &boot_params;
246
247 size = params->hdr.ramdisk_size;
248
249 /*
250 * Set start only if we have an initrd image. We cannot use initrd_start
251 * because it is not set that early yet.
252 */
253 if (size)
254 start = params->hdr.ramdisk_image;
255
256# else /* CONFIG_X86_64 */
257 size = (unsigned long)boot_params.ext_ramdisk_size << 32;
258 size |= boot_params.hdr.ramdisk_size;
259
260 if (size) {
261 start = (unsigned long)boot_params.ext_ramdisk_image << 32;
262 start |= boot_params.hdr.ramdisk_image;
263
264 start += PAGE_OFFSET;
265 }
266# endif
267
268 /*
269 * Fixup the start address: after reserve_initrd() runs, initrd_start
270 * has the virtual address of the beginning of the initrd. It also
271 * possibly relocates the ramdisk. In either case, initrd_start contains
272 * the updated address so use that instead.
273 *
274 * initrd_gone is for the hotplug case where we've thrown out initrd
275 * already.
276 */
277 if (!use_pa) {
278 if (initrd_gone)
279 return (struct cpio_data){ NULL, 0, "" };
280 if (initrd_start)
281 start = initrd_start;
282 } else {
283 /*
284 * The picture with physical addresses is a bit different: we
285 * need to get the *physical* address to which the ramdisk was
286 * relocated, i.e., relocated_ramdisk (not initrd_start) and
287 * since we're running from physical addresses, we need to access
288 * relocated_ramdisk through its *physical* address too.
289 */
290 u64 *rr = (u64 *)__pa_nodebug(&relocated_ramdisk);
291 if (*rr)
292 start = *rr;
293 }
294
295 return find_cpio_data(path, (void *)start, size, NULL);
296#else /* !CONFIG_BLK_DEV_INITRD */
297 return (struct cpio_data){ NULL, 0, "" };
298#endif
299}
300
301void reload_early_microcode(void)
302{
303 int vendor, family;
304
305 vendor = x86_cpuid_vendor();
306 family = x86_cpuid_family();
307
308 switch (vendor) {
309 case X86_VENDOR_INTEL:
310 if (family >= 6)
311 reload_ucode_intel();
312 break;
313 case X86_VENDOR_AMD:
314 if (family >= 0x10)
315 reload_ucode_amd();
316 break;
317 default:
318 break;
319 }
320}
321
322/* fake device for request_firmware */
323static struct platform_device *microcode_pdev;
324
325#ifdef CONFIG_MICROCODE_LATE_LOADING
326/*
327 * Late loading dance. Why the heavy-handed stomp_machine effort?
328 *
329 * - HT siblings must be idle and not execute other code while the other sibling
330 * is loading microcode in order to avoid any negative interactions caused by
331 * the loading.
332 *
333 * - In addition, microcode update on the cores must be serialized until this
334 * requirement can be relaxed in the future. Right now, this is conservative
335 * and good.
336 */
337#define SPINUNIT 100 /* 100 nsec */
338
339static int check_online_cpus(void)
340{
341 unsigned int cpu;
342
343 /*
344 * Make sure all CPUs are online. It's fine for SMT to be disabled if
345 * all the primary threads are still online.
346 */
347 for_each_present_cpu(cpu) {
348 if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) {
349 pr_err("Not all CPUs online, aborting microcode update.\n");
350 return -EINVAL;
351 }
352 }
353
354 return 0;
355}
356
357static atomic_t late_cpus_in;
358static atomic_t late_cpus_out;
359
360static int __wait_for_cpus(atomic_t *t, long long timeout)
361{
362 int all_cpus = num_online_cpus();
363
364 atomic_inc(t);
365
366 while (atomic_read(t) < all_cpus) {
367 if (timeout < SPINUNIT) {
368 pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n",
369 all_cpus - atomic_read(t));
370 return 1;
371 }
372
373 ndelay(SPINUNIT);
374 timeout -= SPINUNIT;
375
376 touch_nmi_watchdog();
377 }
378 return 0;
379}
380
381/*
382 * Returns:
383 * < 0 - on error
384 * 0 - success (no update done or microcode was updated)
385 */
386static int __reload_late(void *info)
387{
388 int cpu = smp_processor_id();
389 enum ucode_state err;
390 int ret = 0;
391
392 /*
393 * Wait for all CPUs to arrive. A load will not be attempted unless all
394 * CPUs show up.
395 * */
396 if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC))
397 return -1;
398
399 /*
400 * On an SMT system, it suffices to load the microcode on one sibling of
401 * the core because the microcode engine is shared between the threads.
402 * Synchronization still needs to take place so that no concurrent
403 * loading attempts happen on multiple threads of an SMT core. See
404 * below.
405 */
406 if (cpumask_first(topology_sibling_cpumask(cpu)) == cpu)
407 err = microcode_ops->apply_microcode(cpu);
408 else
409 goto wait_for_siblings;
410
411 if (err >= UCODE_NFOUND) {
412 if (err == UCODE_ERROR)
413 pr_warn("Error reloading microcode on CPU %d\n", cpu);
414
415 ret = -1;
416 }
417
418wait_for_siblings:
419 if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC))
420 panic("Timeout during microcode update!\n");
421
422 /*
423 * At least one thread has completed update on each core.
424 * For others, simply call the update to make sure the
425 * per-cpu cpuinfo can be updated with right microcode
426 * revision.
427 */
428 if (cpumask_first(topology_sibling_cpumask(cpu)) != cpu)
429 err = microcode_ops->apply_microcode(cpu);
430
431 return ret;
432}
433
434/*
435 * Reload microcode late on all CPUs. Wait for a sec until they
436 * all gather together.
437 */
438static int microcode_reload_late(void)
439{
440 int old = boot_cpu_data.microcode, ret;
441
442 pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
443 pr_err("You should switch to early loading, if possible.\n");
444
445 atomic_set(&late_cpus_in, 0);
446 atomic_set(&late_cpus_out, 0);
447
448 ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask);
449 if (ret == 0)
450 microcode_check();
451
452 pr_info("Reload completed, microcode revision: 0x%x -> 0x%x\n",
453 old, boot_cpu_data.microcode);
454
455 return ret;
456}
457
458static ssize_t reload_store(struct device *dev,
459 struct device_attribute *attr,
460 const char *buf, size_t size)
461{
462 enum ucode_state tmp_ret = UCODE_OK;
463 int bsp = boot_cpu_data.cpu_index;
464 unsigned long val;
465 ssize_t ret = 0;
466
467 ret = kstrtoul(buf, 0, &val);
468 if (ret)
469 return ret;
470
471 if (val != 1)
472 return size;
473
474 cpus_read_lock();
475
476 ret = check_online_cpus();
477 if (ret)
478 goto put;
479
480 tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev);
481 if (tmp_ret != UCODE_NEW)
482 goto put;
483
484 mutex_lock(µcode_mutex);
485 ret = microcode_reload_late();
486 mutex_unlock(µcode_mutex);
487
488put:
489 cpus_read_unlock();
490
491 if (ret == 0)
492 ret = size;
493
494 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
495
496 return ret;
497}
498
499static DEVICE_ATTR_WO(reload);
500#endif
501
502static ssize_t version_show(struct device *dev,
503 struct device_attribute *attr, char *buf)
504{
505 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
506
507 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
508}
509
510static ssize_t pf_show(struct device *dev,
511 struct device_attribute *attr, char *buf)
512{
513 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
514
515 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
516}
517
518static DEVICE_ATTR(version, 0444, version_show, NULL);
519static DEVICE_ATTR(processor_flags, 0444, pf_show, NULL);
520
521static struct attribute *mc_default_attrs[] = {
522 &dev_attr_version.attr,
523 &dev_attr_processor_flags.attr,
524 NULL
525};
526
527static const struct attribute_group mc_attr_group = {
528 .attrs = mc_default_attrs,
529 .name = "microcode",
530};
531
532static void microcode_fini_cpu(int cpu)
533{
534 if (microcode_ops->microcode_fini_cpu)
535 microcode_ops->microcode_fini_cpu(cpu);
536}
537
538static enum ucode_state microcode_init_cpu(int cpu)
539{
540 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
541
542 memset(uci, 0, sizeof(*uci));
543
544 microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig);
545
546 return microcode_ops->apply_microcode(cpu);
547}
548
549/**
550 * microcode_bsp_resume - Update boot CPU microcode during resume.
551 */
552void microcode_bsp_resume(void)
553{
554 int cpu = smp_processor_id();
555 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
556
557 if (uci->mc)
558 microcode_ops->apply_microcode(cpu);
559 else
560 reload_early_microcode();
561}
562
563static struct syscore_ops mc_syscore_ops = {
564 .resume = microcode_bsp_resume,
565};
566
567static int mc_cpu_starting(unsigned int cpu)
568{
569 enum ucode_state err = microcode_ops->apply_microcode(cpu);
570
571 pr_debug("%s: CPU%d, err: %d\n", __func__, cpu, err);
572
573 return err == UCODE_ERROR;
574}
575
576static int mc_cpu_online(unsigned int cpu)
577{
578 struct device *dev = get_cpu_device(cpu);
579
580 if (sysfs_create_group(&dev->kobj, &mc_attr_group))
581 pr_err("Failed to create group for CPU%d\n", cpu);
582 return 0;
583}
584
585static int mc_cpu_down_prep(unsigned int cpu)
586{
587 struct device *dev;
588
589 dev = get_cpu_device(cpu);
590
591 microcode_fini_cpu(cpu);
592
593 /* Suspend is in progress, only remove the interface */
594 sysfs_remove_group(&dev->kobj, &mc_attr_group);
595 pr_debug("%s: CPU%d\n", __func__, cpu);
596
597 return 0;
598}
599
600static void setup_online_cpu(struct work_struct *work)
601{
602 int cpu = smp_processor_id();
603 enum ucode_state err;
604
605 err = microcode_init_cpu(cpu);
606 if (err == UCODE_ERROR) {
607 pr_err("Error applying microcode on CPU%d\n", cpu);
608 return;
609 }
610
611 mc_cpu_online(cpu);
612}
613
614static struct attribute *cpu_root_microcode_attrs[] = {
615#ifdef CONFIG_MICROCODE_LATE_LOADING
616 &dev_attr_reload.attr,
617#endif
618 NULL
619};
620
621static const struct attribute_group cpu_root_microcode_group = {
622 .name = "microcode",
623 .attrs = cpu_root_microcode_attrs,
624};
625
626static int __init microcode_init(void)
627{
628 struct cpuinfo_x86 *c = &boot_cpu_data;
629 int error;
630
631 if (dis_ucode_ldr)
632 return -EINVAL;
633
634 if (c->x86_vendor == X86_VENDOR_INTEL)
635 microcode_ops = init_intel_microcode();
636 else if (c->x86_vendor == X86_VENDOR_AMD)
637 microcode_ops = init_amd_microcode();
638 else
639 pr_err("no support for this CPU vendor\n");
640
641 if (!microcode_ops)
642 return -ENODEV;
643
644 microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0);
645 if (IS_ERR(microcode_pdev))
646 return PTR_ERR(microcode_pdev);
647
648 error = sysfs_create_group(&cpu_subsys.dev_root->kobj, &cpu_root_microcode_group);
649 if (error) {
650 pr_err("Error creating microcode group!\n");
651 goto out_pdev;
652 }
653
654 /* Do per-CPU setup */
655 schedule_on_each_cpu(setup_online_cpu);
656
657 register_syscore_ops(&mc_syscore_ops);
658 cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting",
659 mc_cpu_starting, NULL);
660 cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
661 mc_cpu_online, mc_cpu_down_prep);
662
663 pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION);
664
665 return 0;
666
667 out_pdev:
668 platform_device_unregister(microcode_pdev);
669 return error;
670
671}
672fs_initcall(save_microcode_in_initrd);
673late_initcall(microcode_init);