Loading...
1/*
2 * CPU Microcode Update Driver for Linux
3 *
4 * Copyright (C) 2000-2006 Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
5 * 2006 Shaohua Li <shaohua.li@intel.com>
6 * 2013-2015 Borislav Petkov <bp@alien8.de>
7 *
8 * X86 CPU microcode early update for Linux:
9 *
10 * Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com>
11 * H Peter Anvin" <hpa@zytor.com>
12 * (C) 2015 Borislav Petkov <bp@alien8.de>
13 *
14 * This driver allows to upgrade microcode on x86 processors.
15 *
16 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License
18 * as published by the Free Software Foundation; either version
19 * 2 of the License, or (at your option) any later version.
20 */
21
22#define pr_fmt(fmt) "microcode: " fmt
23
24#include <linux/platform_device.h>
25#include <linux/syscore_ops.h>
26#include <linux/miscdevice.h>
27#include <linux/capability.h>
28#include <linux/firmware.h>
29#include <linux/kernel.h>
30#include <linux/mutex.h>
31#include <linux/cpu.h>
32#include <linux/fs.h>
33#include <linux/mm.h>
34
35#include <asm/microcode_intel.h>
36#include <asm/cpu_device_id.h>
37#include <asm/microcode_amd.h>
38#include <asm/perf_event.h>
39#include <asm/microcode.h>
40#include <asm/processor.h>
41#include <asm/cmdline.h>
42
43#define MICROCODE_VERSION "2.01"
44
45static struct microcode_ops *microcode_ops;
46static bool dis_ucode_ldr;
47
48/*
49 * Synchronization.
50 *
51 * All non cpu-hotplug-callback call sites use:
52 *
53 * - microcode_mutex to synchronize with each other;
54 * - get/put_online_cpus() to synchronize with
55 * the cpu-hotplug-callback call sites.
56 *
57 * We guarantee that only a single cpu is being
58 * updated at any particular moment of time.
59 */
60static DEFINE_MUTEX(microcode_mutex);
61
62struct ucode_cpu_info ucode_cpu_info[NR_CPUS];
63EXPORT_SYMBOL_GPL(ucode_cpu_info);
64
65/*
66 * Operations that are run on a target cpu:
67 */
68
69struct cpu_info_ctx {
70 struct cpu_signature *cpu_sig;
71 int err;
72};
73
74static bool __init check_loader_disabled_bsp(void)
75{
76 static const char *__dis_opt_str = "dis_ucode_ldr";
77
78#ifdef CONFIG_X86_32
79 const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
80 const char *option = (const char *)__pa_nodebug(__dis_opt_str);
81 bool *res = (bool *)__pa_nodebug(&dis_ucode_ldr);
82
83#else /* CONFIG_X86_64 */
84 const char *cmdline = boot_command_line;
85 const char *option = __dis_opt_str;
86 bool *res = &dis_ucode_ldr;
87#endif
88
89 if (cmdline_find_option_bool(cmdline, option))
90 *res = true;
91
92 return *res;
93}
94
95extern struct builtin_fw __start_builtin_fw[];
96extern struct builtin_fw __end_builtin_fw[];
97
98bool get_builtin_firmware(struct cpio_data *cd, const char *name)
99{
100#ifdef CONFIG_FW_LOADER
101 struct builtin_fw *b_fw;
102
103 for (b_fw = __start_builtin_fw; b_fw != __end_builtin_fw; b_fw++) {
104 if (!strcmp(name, b_fw->name)) {
105 cd->size = b_fw->size;
106 cd->data = b_fw->data;
107 return true;
108 }
109 }
110#endif
111 return false;
112}
113
114void __init load_ucode_bsp(void)
115{
116 int vendor;
117 unsigned int family;
118
119 if (check_loader_disabled_bsp())
120 return;
121
122 if (!have_cpuid_p())
123 return;
124
125 vendor = x86_cpuid_vendor();
126 family = x86_cpuid_family();
127
128 switch (vendor) {
129 case X86_VENDOR_INTEL:
130 if (family >= 6)
131 load_ucode_intel_bsp();
132 break;
133 case X86_VENDOR_AMD:
134 if (family >= 0x10)
135 load_ucode_amd_bsp(family);
136 break;
137 default:
138 break;
139 }
140}
141
142static bool check_loader_disabled_ap(void)
143{
144#ifdef CONFIG_X86_32
145 return *((bool *)__pa_nodebug(&dis_ucode_ldr));
146#else
147 return dis_ucode_ldr;
148#endif
149}
150
151void load_ucode_ap(void)
152{
153 int vendor, family;
154
155 if (check_loader_disabled_ap())
156 return;
157
158 if (!have_cpuid_p())
159 return;
160
161 vendor = x86_cpuid_vendor();
162 family = x86_cpuid_family();
163
164 switch (vendor) {
165 case X86_VENDOR_INTEL:
166 if (family >= 6)
167 load_ucode_intel_ap();
168 break;
169 case X86_VENDOR_AMD:
170 if (family >= 0x10)
171 load_ucode_amd_ap();
172 break;
173 default:
174 break;
175 }
176}
177
178int __init save_microcode_in_initrd(void)
179{
180 struct cpuinfo_x86 *c = &boot_cpu_data;
181
182 switch (c->x86_vendor) {
183 case X86_VENDOR_INTEL:
184 if (c->x86 >= 6)
185 save_microcode_in_initrd_intel();
186 break;
187 case X86_VENDOR_AMD:
188 if (c->x86 >= 0x10)
189 save_microcode_in_initrd_amd();
190 break;
191 default:
192 break;
193 }
194
195 return 0;
196}
197
198void reload_early_microcode(void)
199{
200 int vendor, family;
201
202 vendor = x86_cpuid_vendor();
203 family = x86_cpuid_family();
204
205 switch (vendor) {
206 case X86_VENDOR_INTEL:
207 if (family >= 6)
208 reload_ucode_intel();
209 break;
210 case X86_VENDOR_AMD:
211 if (family >= 0x10)
212 reload_ucode_amd();
213 break;
214 default:
215 break;
216 }
217}
218
219static void collect_cpu_info_local(void *arg)
220{
221 struct cpu_info_ctx *ctx = arg;
222
223 ctx->err = microcode_ops->collect_cpu_info(smp_processor_id(),
224 ctx->cpu_sig);
225}
226
227static int collect_cpu_info_on_target(int cpu, struct cpu_signature *cpu_sig)
228{
229 struct cpu_info_ctx ctx = { .cpu_sig = cpu_sig, .err = 0 };
230 int ret;
231
232 ret = smp_call_function_single(cpu, collect_cpu_info_local, &ctx, 1);
233 if (!ret)
234 ret = ctx.err;
235
236 return ret;
237}
238
239static int collect_cpu_info(int cpu)
240{
241 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
242 int ret;
243
244 memset(uci, 0, sizeof(*uci));
245
246 ret = collect_cpu_info_on_target(cpu, &uci->cpu_sig);
247 if (!ret)
248 uci->valid = 1;
249
250 return ret;
251}
252
253struct apply_microcode_ctx {
254 int err;
255};
256
257static void apply_microcode_local(void *arg)
258{
259 struct apply_microcode_ctx *ctx = arg;
260
261 ctx->err = microcode_ops->apply_microcode(smp_processor_id());
262}
263
264static int apply_microcode_on_target(int cpu)
265{
266 struct apply_microcode_ctx ctx = { .err = 0 };
267 int ret;
268
269 ret = smp_call_function_single(cpu, apply_microcode_local, &ctx, 1);
270 if (!ret)
271 ret = ctx.err;
272
273 return ret;
274}
275
276#ifdef CONFIG_MICROCODE_OLD_INTERFACE
277static int do_microcode_update(const void __user *buf, size_t size)
278{
279 int error = 0;
280 int cpu;
281
282 for_each_online_cpu(cpu) {
283 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
284 enum ucode_state ustate;
285
286 if (!uci->valid)
287 continue;
288
289 ustate = microcode_ops->request_microcode_user(cpu, buf, size);
290 if (ustate == UCODE_ERROR) {
291 error = -1;
292 break;
293 } else if (ustate == UCODE_OK)
294 apply_microcode_on_target(cpu);
295 }
296
297 return error;
298}
299
300static int microcode_open(struct inode *inode, struct file *file)
301{
302 return capable(CAP_SYS_RAWIO) ? nonseekable_open(inode, file) : -EPERM;
303}
304
305static ssize_t microcode_write(struct file *file, const char __user *buf,
306 size_t len, loff_t *ppos)
307{
308 ssize_t ret = -EINVAL;
309
310 if ((len >> PAGE_SHIFT) > totalram_pages) {
311 pr_err("too much data (max %ld pages)\n", totalram_pages);
312 return ret;
313 }
314
315 get_online_cpus();
316 mutex_lock(µcode_mutex);
317
318 if (do_microcode_update(buf, len) == 0)
319 ret = (ssize_t)len;
320
321 if (ret > 0)
322 perf_check_microcode();
323
324 mutex_unlock(µcode_mutex);
325 put_online_cpus();
326
327 return ret;
328}
329
330static const struct file_operations microcode_fops = {
331 .owner = THIS_MODULE,
332 .write = microcode_write,
333 .open = microcode_open,
334 .llseek = no_llseek,
335};
336
337static struct miscdevice microcode_dev = {
338 .minor = MICROCODE_MINOR,
339 .name = "microcode",
340 .nodename = "cpu/microcode",
341 .fops = µcode_fops,
342};
343
344static int __init microcode_dev_init(void)
345{
346 int error;
347
348 error = misc_register(µcode_dev);
349 if (error) {
350 pr_err("can't misc_register on minor=%d\n", MICROCODE_MINOR);
351 return error;
352 }
353
354 return 0;
355}
356
357static void __exit microcode_dev_exit(void)
358{
359 misc_deregister(µcode_dev);
360}
361#else
362#define microcode_dev_init() 0
363#define microcode_dev_exit() do { } while (0)
364#endif
365
366/* fake device for request_firmware */
367static struct platform_device *microcode_pdev;
368
369static int reload_for_cpu(int cpu)
370{
371 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
372 enum ucode_state ustate;
373 int err = 0;
374
375 if (!uci->valid)
376 return err;
377
378 ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, true);
379 if (ustate == UCODE_OK)
380 apply_microcode_on_target(cpu);
381 else
382 if (ustate == UCODE_ERROR)
383 err = -EINVAL;
384 return err;
385}
386
387static ssize_t reload_store(struct device *dev,
388 struct device_attribute *attr,
389 const char *buf, size_t size)
390{
391 unsigned long val;
392 int cpu;
393 ssize_t ret = 0, tmp_ret;
394
395 ret = kstrtoul(buf, 0, &val);
396 if (ret)
397 return ret;
398
399 if (val != 1)
400 return size;
401
402 get_online_cpus();
403 mutex_lock(µcode_mutex);
404 for_each_online_cpu(cpu) {
405 tmp_ret = reload_for_cpu(cpu);
406 if (tmp_ret != 0)
407 pr_warn("Error reloading microcode on CPU %d\n", cpu);
408
409 /* save retval of the first encountered reload error */
410 if (!ret)
411 ret = tmp_ret;
412 }
413 if (!ret)
414 perf_check_microcode();
415 mutex_unlock(µcode_mutex);
416 put_online_cpus();
417
418 if (!ret)
419 ret = size;
420
421 return ret;
422}
423
424static ssize_t version_show(struct device *dev,
425 struct device_attribute *attr, char *buf)
426{
427 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
428
429 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
430}
431
432static ssize_t pf_show(struct device *dev,
433 struct device_attribute *attr, char *buf)
434{
435 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
436
437 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
438}
439
440static DEVICE_ATTR(reload, 0200, NULL, reload_store);
441static DEVICE_ATTR(version, 0400, version_show, NULL);
442static DEVICE_ATTR(processor_flags, 0400, pf_show, NULL);
443
444static struct attribute *mc_default_attrs[] = {
445 &dev_attr_version.attr,
446 &dev_attr_processor_flags.attr,
447 NULL
448};
449
450static struct attribute_group mc_attr_group = {
451 .attrs = mc_default_attrs,
452 .name = "microcode",
453};
454
455static void microcode_fini_cpu(int cpu)
456{
457 microcode_ops->microcode_fini_cpu(cpu);
458}
459
460static enum ucode_state microcode_resume_cpu(int cpu)
461{
462 pr_debug("CPU%d updated upon resume\n", cpu);
463
464 if (apply_microcode_on_target(cpu))
465 return UCODE_ERROR;
466
467 return UCODE_OK;
468}
469
470static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw)
471{
472 enum ucode_state ustate;
473 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
474
475 if (uci->valid)
476 return UCODE_OK;
477
478 if (collect_cpu_info(cpu))
479 return UCODE_ERROR;
480
481 /* --dimm. Trigger a delayed update? */
482 if (system_state != SYSTEM_RUNNING)
483 return UCODE_NFOUND;
484
485 ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev,
486 refresh_fw);
487
488 if (ustate == UCODE_OK) {
489 pr_debug("CPU%d updated upon init\n", cpu);
490 apply_microcode_on_target(cpu);
491 }
492
493 return ustate;
494}
495
496static enum ucode_state microcode_update_cpu(int cpu)
497{
498 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
499
500 if (uci->valid)
501 return microcode_resume_cpu(cpu);
502
503 return microcode_init_cpu(cpu, false);
504}
505
506static int mc_device_add(struct device *dev, struct subsys_interface *sif)
507{
508 int err, cpu = dev->id;
509
510 if (!cpu_online(cpu))
511 return 0;
512
513 pr_debug("CPU%d added\n", cpu);
514
515 err = sysfs_create_group(&dev->kobj, &mc_attr_group);
516 if (err)
517 return err;
518
519 if (microcode_init_cpu(cpu, true) == UCODE_ERROR)
520 return -EINVAL;
521
522 return err;
523}
524
525static void mc_device_remove(struct device *dev, struct subsys_interface *sif)
526{
527 int cpu = dev->id;
528
529 if (!cpu_online(cpu))
530 return;
531
532 pr_debug("CPU%d removed\n", cpu);
533 microcode_fini_cpu(cpu);
534 sysfs_remove_group(&dev->kobj, &mc_attr_group);
535}
536
537static struct subsys_interface mc_cpu_interface = {
538 .name = "microcode",
539 .subsys = &cpu_subsys,
540 .add_dev = mc_device_add,
541 .remove_dev = mc_device_remove,
542};
543
544/**
545 * mc_bp_resume - Update boot CPU microcode during resume.
546 */
547static void mc_bp_resume(void)
548{
549 int cpu = smp_processor_id();
550 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
551
552 if (uci->valid && uci->mc)
553 microcode_ops->apply_microcode(cpu);
554 else if (!uci->mc)
555 reload_early_microcode();
556}
557
558static struct syscore_ops mc_syscore_ops = {
559 .resume = mc_bp_resume,
560};
561
562static int
563mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
564{
565 unsigned int cpu = (unsigned long)hcpu;
566 struct device *dev;
567
568 dev = get_cpu_device(cpu);
569
570 switch (action & ~CPU_TASKS_FROZEN) {
571 case CPU_ONLINE:
572 microcode_update_cpu(cpu);
573 pr_debug("CPU%d added\n", cpu);
574 /*
575 * "break" is missing on purpose here because we want to fall
576 * through in order to create the sysfs group.
577 */
578
579 case CPU_DOWN_FAILED:
580 if (sysfs_create_group(&dev->kobj, &mc_attr_group))
581 pr_err("Failed to create group for CPU%d\n", cpu);
582 break;
583
584 case CPU_DOWN_PREPARE:
585 /* Suspend is in progress, only remove the interface */
586 sysfs_remove_group(&dev->kobj, &mc_attr_group);
587 pr_debug("CPU%d removed\n", cpu);
588 break;
589
590 /*
591 * case CPU_DEAD:
592 *
593 * When a CPU goes offline, don't free up or invalidate the copy of
594 * the microcode in kernel memory, so that we can reuse it when the
595 * CPU comes back online without unnecessarily requesting the userspace
596 * for it again.
597 */
598 }
599
600 /* The CPU refused to come up during a system resume */
601 if (action == CPU_UP_CANCELED_FROZEN)
602 microcode_fini_cpu(cpu);
603
604 return NOTIFY_OK;
605}
606
607static struct notifier_block mc_cpu_notifier = {
608 .notifier_call = mc_cpu_callback,
609};
610
611static struct attribute *cpu_root_microcode_attrs[] = {
612 &dev_attr_reload.attr,
613 NULL
614};
615
616static struct attribute_group cpu_root_microcode_group = {
617 .name = "microcode",
618 .attrs = cpu_root_microcode_attrs,
619};
620
621int __init microcode_init(void)
622{
623 struct cpuinfo_x86 *c = &boot_cpu_data;
624 int error;
625
626 if (dis_ucode_ldr)
627 return -EINVAL;
628
629 if (c->x86_vendor == X86_VENDOR_INTEL)
630 microcode_ops = init_intel_microcode();
631 else if (c->x86_vendor == X86_VENDOR_AMD)
632 microcode_ops = init_amd_microcode();
633 else
634 pr_err("no support for this CPU vendor\n");
635
636 if (!microcode_ops)
637 return -ENODEV;
638
639 microcode_pdev = platform_device_register_simple("microcode", -1,
640 NULL, 0);
641 if (IS_ERR(microcode_pdev))
642 return PTR_ERR(microcode_pdev);
643
644 get_online_cpus();
645 mutex_lock(µcode_mutex);
646
647 error = subsys_interface_register(&mc_cpu_interface);
648 if (!error)
649 perf_check_microcode();
650 mutex_unlock(µcode_mutex);
651 put_online_cpus();
652
653 if (error)
654 goto out_pdev;
655
656 error = sysfs_create_group(&cpu_subsys.dev_root->kobj,
657 &cpu_root_microcode_group);
658
659 if (error) {
660 pr_err("Error creating microcode group!\n");
661 goto out_driver;
662 }
663
664 error = microcode_dev_init();
665 if (error)
666 goto out_ucode_group;
667
668 register_syscore_ops(&mc_syscore_ops);
669 register_hotcpu_notifier(&mc_cpu_notifier);
670
671 pr_info("Microcode Update Driver: v" MICROCODE_VERSION
672 " <tigran@aivazian.fsnet.co.uk>, Peter Oruba\n");
673
674 return 0;
675
676 out_ucode_group:
677 sysfs_remove_group(&cpu_subsys.dev_root->kobj,
678 &cpu_root_microcode_group);
679
680 out_driver:
681 get_online_cpus();
682 mutex_lock(µcode_mutex);
683
684 subsys_interface_unregister(&mc_cpu_interface);
685
686 mutex_unlock(µcode_mutex);
687 put_online_cpus();
688
689 out_pdev:
690 platform_device_unregister(microcode_pdev);
691 return error;
692
693}
694late_initcall(microcode_init);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * CPU Microcode Update Driver for Linux
4 *
5 * Copyright (C) 2000-2006 Tigran Aivazian <aivazian.tigran@gmail.com>
6 * 2006 Shaohua Li <shaohua.li@intel.com>
7 * 2013-2016 Borislav Petkov <bp@alien8.de>
8 *
9 * X86 CPU microcode early update for Linux:
10 *
11 * Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com>
12 * H Peter Anvin" <hpa@zytor.com>
13 * (C) 2015 Borislav Petkov <bp@alien8.de>
14 *
15 * This driver allows to upgrade microcode on x86 processors.
16 */
17
18#define pr_fmt(fmt) "microcode: " fmt
19
20#include <linux/platform_device.h>
21#include <linux/stop_machine.h>
22#include <linux/syscore_ops.h>
23#include <linux/miscdevice.h>
24#include <linux/capability.h>
25#include <linux/firmware.h>
26#include <linux/cpumask.h>
27#include <linux/kernel.h>
28#include <linux/delay.h>
29#include <linux/mutex.h>
30#include <linux/cpu.h>
31#include <linux/nmi.h>
32#include <linux/fs.h>
33#include <linux/mm.h>
34
35#include <asm/apic.h>
36#include <asm/cpu_device_id.h>
37#include <asm/perf_event.h>
38#include <asm/processor.h>
39#include <asm/cmdline.h>
40#include <asm/setup.h>
41
42#include "internal.h"
43
44static struct microcode_ops *microcode_ops;
45bool dis_ucode_ldr = true;
46
47bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
48module_param(force_minrev, bool, S_IRUSR | S_IWUSR);
49
50/*
51 * Synchronization.
52 *
53 * All non cpu-hotplug-callback call sites use:
54 *
55 * - cpus_read_lock/unlock() to synchronize with
56 * the cpu-hotplug-callback call sites.
57 *
58 * We guarantee that only a single cpu is being
59 * updated at any particular moment of time.
60 */
61struct ucode_cpu_info ucode_cpu_info[NR_CPUS];
62
63/*
64 * Those patch levels cannot be updated to newer ones and thus should be final.
65 */
66static u32 final_levels[] = {
67 0x01000098,
68 0x0100009f,
69 0x010000af,
70 0, /* T-101 terminator */
71};
72
73struct early_load_data early_data;
74
75/*
76 * Check the current patch level on this CPU.
77 *
78 * Returns:
79 * - true: if update should stop
80 * - false: otherwise
81 */
82static bool amd_check_current_patch_level(void)
83{
84 u32 lvl, dummy, i;
85 u32 *levels;
86
87 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
88
89 levels = final_levels;
90
91 for (i = 0; levels[i]; i++) {
92 if (lvl == levels[i])
93 return true;
94 }
95 return false;
96}
97
98static bool __init check_loader_disabled_bsp(void)
99{
100 static const char *__dis_opt_str = "dis_ucode_ldr";
101 const char *cmdline = boot_command_line;
102 const char *option = __dis_opt_str;
103
104 /*
105 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
106 * completely accurate as xen pv guests don't see that CPUID bit set but
107 * that's good enough as they don't land on the BSP path anyway.
108 */
109 if (native_cpuid_ecx(1) & BIT(31))
110 return true;
111
112 if (x86_cpuid_vendor() == X86_VENDOR_AMD) {
113 if (amd_check_current_patch_level())
114 return true;
115 }
116
117 if (cmdline_find_option_bool(cmdline, option) <= 0)
118 dis_ucode_ldr = false;
119
120 return dis_ucode_ldr;
121}
122
123void __init load_ucode_bsp(void)
124{
125 unsigned int cpuid_1_eax;
126 bool intel = true;
127
128 if (!have_cpuid_p())
129 return;
130
131 cpuid_1_eax = native_cpuid_eax(1);
132
133 switch (x86_cpuid_vendor()) {
134 case X86_VENDOR_INTEL:
135 if (x86_family(cpuid_1_eax) < 6)
136 return;
137 break;
138
139 case X86_VENDOR_AMD:
140 if (x86_family(cpuid_1_eax) < 0x10)
141 return;
142 intel = false;
143 break;
144
145 default:
146 return;
147 }
148
149 if (check_loader_disabled_bsp())
150 return;
151
152 if (intel)
153 load_ucode_intel_bsp(&early_data);
154 else
155 load_ucode_amd_bsp(&early_data, cpuid_1_eax);
156}
157
158void load_ucode_ap(void)
159{
160 unsigned int cpuid_1_eax;
161
162 if (dis_ucode_ldr)
163 return;
164
165 cpuid_1_eax = native_cpuid_eax(1);
166
167 switch (x86_cpuid_vendor()) {
168 case X86_VENDOR_INTEL:
169 if (x86_family(cpuid_1_eax) >= 6)
170 load_ucode_intel_ap();
171 break;
172 case X86_VENDOR_AMD:
173 if (x86_family(cpuid_1_eax) >= 0x10)
174 load_ucode_amd_ap(cpuid_1_eax);
175 break;
176 default:
177 break;
178 }
179}
180
181struct cpio_data __init find_microcode_in_initrd(const char *path)
182{
183#ifdef CONFIG_BLK_DEV_INITRD
184 unsigned long start = 0;
185 size_t size;
186
187#ifdef CONFIG_X86_32
188 size = boot_params.hdr.ramdisk_size;
189 /* Early load on BSP has a temporary mapping. */
190 if (size)
191 start = initrd_start_early;
192
193#else /* CONFIG_X86_64 */
194 size = (unsigned long)boot_params.ext_ramdisk_size << 32;
195 size |= boot_params.hdr.ramdisk_size;
196
197 if (size) {
198 start = (unsigned long)boot_params.ext_ramdisk_image << 32;
199 start |= boot_params.hdr.ramdisk_image;
200 start += PAGE_OFFSET;
201 }
202#endif
203
204 /*
205 * Fixup the start address: after reserve_initrd() runs, initrd_start
206 * has the virtual address of the beginning of the initrd. It also
207 * possibly relocates the ramdisk. In either case, initrd_start contains
208 * the updated address so use that instead.
209 */
210 if (initrd_start)
211 start = initrd_start;
212
213 return find_cpio_data(path, (void *)start, size, NULL);
214#else /* !CONFIG_BLK_DEV_INITRD */
215 return (struct cpio_data){ NULL, 0, "" };
216#endif
217}
218
219static void reload_early_microcode(unsigned int cpu)
220{
221 int vendor, family;
222
223 vendor = x86_cpuid_vendor();
224 family = x86_cpuid_family();
225
226 switch (vendor) {
227 case X86_VENDOR_INTEL:
228 if (family >= 6)
229 reload_ucode_intel();
230 break;
231 case X86_VENDOR_AMD:
232 if (family >= 0x10)
233 reload_ucode_amd(cpu);
234 break;
235 default:
236 break;
237 }
238}
239
240/* fake device for request_firmware */
241static struct platform_device *microcode_pdev;
242
243#ifdef CONFIG_MICROCODE_LATE_LOADING
244/*
245 * Late loading dance. Why the heavy-handed stomp_machine effort?
246 *
247 * - HT siblings must be idle and not execute other code while the other sibling
248 * is loading microcode in order to avoid any negative interactions caused by
249 * the loading.
250 *
251 * - In addition, microcode update on the cores must be serialized until this
252 * requirement can be relaxed in the future. Right now, this is conservative
253 * and good.
254 */
255enum sibling_ctrl {
256 /* Spinwait with timeout */
257 SCTRL_WAIT,
258 /* Invoke the microcode_apply() callback */
259 SCTRL_APPLY,
260 /* Proceed without invoking the microcode_apply() callback */
261 SCTRL_DONE,
262};
263
264struct microcode_ctrl {
265 enum sibling_ctrl ctrl;
266 enum ucode_state result;
267 unsigned int ctrl_cpu;
268 bool nmi_enabled;
269};
270
271DEFINE_STATIC_KEY_FALSE(microcode_nmi_handler_enable);
272static DEFINE_PER_CPU(struct microcode_ctrl, ucode_ctrl);
273static atomic_t late_cpus_in, offline_in_nmi;
274static unsigned int loops_per_usec;
275static cpumask_t cpu_offline_mask;
276
277static noinstr bool wait_for_cpus(atomic_t *cnt)
278{
279 unsigned int timeout, loops;
280
281 WARN_ON_ONCE(raw_atomic_dec_return(cnt) < 0);
282
283 for (timeout = 0; timeout < USEC_PER_SEC; timeout++) {
284 if (!raw_atomic_read(cnt))
285 return true;
286
287 for (loops = 0; loops < loops_per_usec; loops++)
288 cpu_relax();
289
290 /* If invoked directly, tickle the NMI watchdog */
291 if (!microcode_ops->use_nmi && !(timeout % USEC_PER_MSEC)) {
292 instrumentation_begin();
293 touch_nmi_watchdog();
294 instrumentation_end();
295 }
296 }
297 /* Prevent the late comers from making progress and let them time out */
298 raw_atomic_inc(cnt);
299 return false;
300}
301
302static noinstr bool wait_for_ctrl(void)
303{
304 unsigned int timeout, loops;
305
306 for (timeout = 0; timeout < USEC_PER_SEC; timeout++) {
307 if (raw_cpu_read(ucode_ctrl.ctrl) != SCTRL_WAIT)
308 return true;
309
310 for (loops = 0; loops < loops_per_usec; loops++)
311 cpu_relax();
312
313 /* If invoked directly, tickle the NMI watchdog */
314 if (!microcode_ops->use_nmi && !(timeout % USEC_PER_MSEC)) {
315 instrumentation_begin();
316 touch_nmi_watchdog();
317 instrumentation_end();
318 }
319 }
320 return false;
321}
322
323/*
324 * Protected against instrumentation up to the point where the primary
325 * thread completed the update. See microcode_nmi_handler() for details.
326 */
327static noinstr bool load_secondary_wait(unsigned int ctrl_cpu)
328{
329 /* Initial rendezvous to ensure that all CPUs have arrived */
330 if (!wait_for_cpus(&late_cpus_in)) {
331 raw_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT);
332 return false;
333 }
334
335 /*
336 * Wait for primary threads to complete. If one of them hangs due
337 * to the update, there is no way out. This is non-recoverable
338 * because the CPU might hold locks or resources and confuse the
339 * scheduler, watchdogs etc. There is no way to safely evacuate the
340 * machine.
341 */
342 if (wait_for_ctrl())
343 return true;
344
345 instrumentation_begin();
346 panic("Microcode load: Primary CPU %d timed out\n", ctrl_cpu);
347 instrumentation_end();
348}
349
350/*
351 * Protected against instrumentation up to the point where the primary
352 * thread completed the update. See microcode_nmi_handler() for details.
353 */
354static noinstr void load_secondary(unsigned int cpu)
355{
356 unsigned int ctrl_cpu = raw_cpu_read(ucode_ctrl.ctrl_cpu);
357 enum ucode_state ret;
358
359 if (!load_secondary_wait(ctrl_cpu)) {
360 instrumentation_begin();
361 pr_err_once("load: %d CPUs timed out\n",
362 atomic_read(&late_cpus_in) - 1);
363 instrumentation_end();
364 return;
365 }
366
367 /* Primary thread completed. Allow to invoke instrumentable code */
368 instrumentation_begin();
369 /*
370 * If the primary succeeded then invoke the apply() callback,
371 * otherwise copy the state from the primary thread.
372 */
373 if (this_cpu_read(ucode_ctrl.ctrl) == SCTRL_APPLY)
374 ret = microcode_ops->apply_microcode(cpu);
375 else
376 ret = per_cpu(ucode_ctrl.result, ctrl_cpu);
377
378 this_cpu_write(ucode_ctrl.result, ret);
379 this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE);
380 instrumentation_end();
381}
382
383static void __load_primary(unsigned int cpu)
384{
385 struct cpumask *secondaries = topology_sibling_cpumask(cpu);
386 enum sibling_ctrl ctrl;
387 enum ucode_state ret;
388 unsigned int sibling;
389
390 /* Initial rendezvous to ensure that all CPUs have arrived */
391 if (!wait_for_cpus(&late_cpus_in)) {
392 this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT);
393 pr_err_once("load: %d CPUs timed out\n", atomic_read(&late_cpus_in) - 1);
394 return;
395 }
396
397 ret = microcode_ops->apply_microcode(cpu);
398 this_cpu_write(ucode_ctrl.result, ret);
399 this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE);
400
401 /*
402 * If the update was successful, let the siblings run the apply()
403 * callback. If not, tell them it's done. This also covers the
404 * case where the CPU has uniform loading at package or system
405 * scope implemented but does not advertise it.
406 */
407 if (ret == UCODE_UPDATED || ret == UCODE_OK)
408 ctrl = SCTRL_APPLY;
409 else
410 ctrl = SCTRL_DONE;
411
412 for_each_cpu(sibling, secondaries) {
413 if (sibling != cpu)
414 per_cpu(ucode_ctrl.ctrl, sibling) = ctrl;
415 }
416}
417
418static bool kick_offline_cpus(unsigned int nr_offl)
419{
420 unsigned int cpu, timeout;
421
422 for_each_cpu(cpu, &cpu_offline_mask) {
423 /* Enable the rendezvous handler and send NMI */
424 per_cpu(ucode_ctrl.nmi_enabled, cpu) = true;
425 apic_send_nmi_to_offline_cpu(cpu);
426 }
427
428 /* Wait for them to arrive */
429 for (timeout = 0; timeout < (USEC_PER_SEC / 2); timeout++) {
430 if (atomic_read(&offline_in_nmi) == nr_offl)
431 return true;
432 udelay(1);
433 }
434 /* Let the others time out */
435 return false;
436}
437
438static void release_offline_cpus(void)
439{
440 unsigned int cpu;
441
442 for_each_cpu(cpu, &cpu_offline_mask)
443 per_cpu(ucode_ctrl.ctrl, cpu) = SCTRL_DONE;
444}
445
446static void load_primary(unsigned int cpu)
447{
448 unsigned int nr_offl = cpumask_weight(&cpu_offline_mask);
449 bool proceed = true;
450
451 /* Kick soft-offlined SMT siblings if required */
452 if (!cpu && nr_offl)
453 proceed = kick_offline_cpus(nr_offl);
454
455 /* If the soft-offlined CPUs did not respond, abort */
456 if (proceed)
457 __load_primary(cpu);
458
459 /* Unconditionally release soft-offlined SMT siblings if required */
460 if (!cpu && nr_offl)
461 release_offline_cpus();
462}
463
464/*
465 * Minimal stub rendezvous handler for soft-offlined CPUs which participate
466 * in the NMI rendezvous to protect against a concurrent NMI on affected
467 * CPUs.
468 */
469void noinstr microcode_offline_nmi_handler(void)
470{
471 if (!raw_cpu_read(ucode_ctrl.nmi_enabled))
472 return;
473 raw_cpu_write(ucode_ctrl.nmi_enabled, false);
474 raw_cpu_write(ucode_ctrl.result, UCODE_OFFLINE);
475 raw_atomic_inc(&offline_in_nmi);
476 wait_for_ctrl();
477}
478
479static noinstr bool microcode_update_handler(void)
480{
481 unsigned int cpu = raw_smp_processor_id();
482
483 if (raw_cpu_read(ucode_ctrl.ctrl_cpu) == cpu) {
484 instrumentation_begin();
485 load_primary(cpu);
486 instrumentation_end();
487 } else {
488 load_secondary(cpu);
489 }
490
491 instrumentation_begin();
492 touch_nmi_watchdog();
493 instrumentation_end();
494
495 return true;
496}
497
498/*
499 * Protection against instrumentation is required for CPUs which are not
500 * safe against an NMI which is delivered to the secondary SMT sibling
501 * while the primary thread updates the microcode. Instrumentation can end
502 * up in #INT3, #DB and #PF. The IRET from those exceptions reenables NMI
503 * which is the opposite of what the NMI rendezvous is trying to achieve.
504 *
505 * The primary thread is safe versus instrumentation as the actual
506 * microcode update handles this correctly. It's only the sibling code
507 * path which must be NMI safe until the primary thread completed the
508 * update.
509 */
510bool noinstr microcode_nmi_handler(void)
511{
512 if (!raw_cpu_read(ucode_ctrl.nmi_enabled))
513 return false;
514
515 raw_cpu_write(ucode_ctrl.nmi_enabled, false);
516 return microcode_update_handler();
517}
518
519static int load_cpus_stopped(void *unused)
520{
521 if (microcode_ops->use_nmi) {
522 /* Enable the NMI handler and raise NMI */
523 this_cpu_write(ucode_ctrl.nmi_enabled, true);
524 apic->send_IPI(smp_processor_id(), NMI_VECTOR);
525 } else {
526 /* Just invoke the handler directly */
527 microcode_update_handler();
528 }
529 return 0;
530}
531
532static int load_late_stop_cpus(bool is_safe)
533{
534 unsigned int cpu, updated = 0, failed = 0, timedout = 0, siblings = 0;
535 unsigned int nr_offl, offline = 0;
536 int old_rev = boot_cpu_data.microcode;
537 struct cpuinfo_x86 prev_info;
538
539 if (!is_safe) {
540 pr_err("Late microcode loading without minimal revision check.\n");
541 pr_err("You should switch to early loading, if possible.\n");
542 }
543
544 atomic_set(&late_cpus_in, num_online_cpus());
545 atomic_set(&offline_in_nmi, 0);
546 loops_per_usec = loops_per_jiffy / (TICK_NSEC / 1000);
547
548 /*
549 * Take a snapshot before the microcode update in order to compare and
550 * check whether any bits changed after an update.
551 */
552 store_cpu_caps(&prev_info);
553
554 if (microcode_ops->use_nmi)
555 static_branch_enable_cpuslocked(µcode_nmi_handler_enable);
556
557 stop_machine_cpuslocked(load_cpus_stopped, NULL, cpu_online_mask);
558
559 if (microcode_ops->use_nmi)
560 static_branch_disable_cpuslocked(µcode_nmi_handler_enable);
561
562 /* Analyze the results */
563 for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) {
564 switch (per_cpu(ucode_ctrl.result, cpu)) {
565 case UCODE_UPDATED: updated++; break;
566 case UCODE_TIMEOUT: timedout++; break;
567 case UCODE_OK: siblings++; break;
568 case UCODE_OFFLINE: offline++; break;
569 default: failed++; break;
570 }
571 }
572
573 if (microcode_ops->finalize_late_load)
574 microcode_ops->finalize_late_load(!updated);
575
576 if (!updated) {
577 /* Nothing changed. */
578 if (!failed && !timedout)
579 return 0;
580
581 nr_offl = cpumask_weight(&cpu_offline_mask);
582 if (offline < nr_offl) {
583 pr_warn("%u offline siblings did not respond.\n",
584 nr_offl - atomic_read(&offline_in_nmi));
585 return -EIO;
586 }
587 pr_err("update failed: %u CPUs failed %u CPUs timed out\n",
588 failed, timedout);
589 return -EIO;
590 }
591
592 if (!is_safe || failed || timedout)
593 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
594
595 pr_info("load: updated on %u primary CPUs with %u siblings\n", updated, siblings);
596 if (failed || timedout) {
597 pr_err("load incomplete. %u CPUs timed out or failed\n",
598 num_online_cpus() - (updated + siblings));
599 }
600 pr_info("revision: 0x%x -> 0x%x\n", old_rev, boot_cpu_data.microcode);
601 microcode_check(&prev_info);
602
603 return updated + siblings == num_online_cpus() ? 0 : -EIO;
604}
605
606/*
607 * This function does two things:
608 *
609 * 1) Ensure that all required CPUs which are present and have been booted
610 * once are online.
611 *
612 * To pass this check, all primary threads must be online.
613 *
614 * If the microcode load is not safe against NMI then all SMT threads
615 * must be online as well because they still react to NMIs when they are
616 * soft-offlined and parked in one of the play_dead() variants. So if a
617 * NMI hits while the primary thread updates the microcode the resulting
618 * behaviour is undefined. The default play_dead() implementation on
619 * modern CPUs uses MWAIT, which is also not guaranteed to be safe
620 * against a microcode update which affects MWAIT.
621 *
622 * As soft-offlined CPUs still react on NMIs, the SMT sibling
623 * restriction can be lifted when the vendor driver signals to use NMI
624 * for rendezvous and the APIC provides a mechanism to send an NMI to a
625 * soft-offlined CPU. The soft-offlined CPUs are then able to
626 * participate in the rendezvous in a trivial stub handler.
627 *
628 * 2) Initialize the per CPU control structure and create a cpumask
629 * which contains "offline"; secondary threads, so they can be handled
630 * correctly by a control CPU.
631 */
632static bool setup_cpus(void)
633{
634 struct microcode_ctrl ctrl = { .ctrl = SCTRL_WAIT, .result = -1, };
635 bool allow_smt_offline;
636 unsigned int cpu;
637
638 allow_smt_offline = microcode_ops->nmi_safe ||
639 (microcode_ops->use_nmi && apic->nmi_to_offline_cpu);
640
641 cpumask_clear(&cpu_offline_mask);
642
643 for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) {
644 /*
645 * Offline CPUs sit in one of the play_dead() functions
646 * with interrupts disabled, but they still react on NMIs
647 * and execute arbitrary code. Also MWAIT being updated
648 * while the offline CPU sits there is not necessarily safe
649 * on all CPU variants.
650 *
651 * Mark them in the offline_cpus mask which will be handled
652 * by CPU0 later in the update process.
653 *
654 * Ensure that the primary thread is online so that it is
655 * guaranteed that all cores are updated.
656 */
657 if (!cpu_online(cpu)) {
658 if (topology_is_primary_thread(cpu) || !allow_smt_offline) {
659 pr_err("CPU %u not online, loading aborted\n", cpu);
660 return false;
661 }
662 cpumask_set_cpu(cpu, &cpu_offline_mask);
663 per_cpu(ucode_ctrl, cpu) = ctrl;
664 continue;
665 }
666
667 /*
668 * Initialize the per CPU state. This is core scope for now,
669 * but prepared to take package or system scope into account.
670 */
671 ctrl.ctrl_cpu = cpumask_first(topology_sibling_cpumask(cpu));
672 per_cpu(ucode_ctrl, cpu) = ctrl;
673 }
674 return true;
675}
676
677static int load_late_locked(void)
678{
679 if (!setup_cpus())
680 return -EBUSY;
681
682 switch (microcode_ops->request_microcode_fw(0, µcode_pdev->dev)) {
683 case UCODE_NEW:
684 return load_late_stop_cpus(false);
685 case UCODE_NEW_SAFE:
686 return load_late_stop_cpus(true);
687 case UCODE_NFOUND:
688 return -ENOENT;
689 default:
690 return -EBADFD;
691 }
692}
693
694static ssize_t reload_store(struct device *dev,
695 struct device_attribute *attr,
696 const char *buf, size_t size)
697{
698 unsigned long val;
699 ssize_t ret;
700
701 ret = kstrtoul(buf, 0, &val);
702 if (ret || val != 1)
703 return -EINVAL;
704
705 cpus_read_lock();
706 ret = load_late_locked();
707 cpus_read_unlock();
708
709 return ret ? : size;
710}
711
712static DEVICE_ATTR_WO(reload);
713#endif
714
715static ssize_t version_show(struct device *dev,
716 struct device_attribute *attr, char *buf)
717{
718 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
719
720 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
721}
722
723static ssize_t processor_flags_show(struct device *dev,
724 struct device_attribute *attr, char *buf)
725{
726 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
727
728 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
729}
730
731static DEVICE_ATTR_RO(version);
732static DEVICE_ATTR_RO(processor_flags);
733
734static struct attribute *mc_default_attrs[] = {
735 &dev_attr_version.attr,
736 &dev_attr_processor_flags.attr,
737 NULL
738};
739
740static const struct attribute_group mc_attr_group = {
741 .attrs = mc_default_attrs,
742 .name = "microcode",
743};
744
745static void microcode_fini_cpu(int cpu)
746{
747 if (microcode_ops->microcode_fini_cpu)
748 microcode_ops->microcode_fini_cpu(cpu);
749}
750
751/**
752 * microcode_bsp_resume - Update boot CPU microcode during resume.
753 */
754void microcode_bsp_resume(void)
755{
756 int cpu = smp_processor_id();
757 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
758
759 if (uci->mc)
760 microcode_ops->apply_microcode(cpu);
761 else
762 reload_early_microcode(cpu);
763}
764
765static struct syscore_ops mc_syscore_ops = {
766 .resume = microcode_bsp_resume,
767};
768
769static int mc_cpu_online(unsigned int cpu)
770{
771 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
772 struct device *dev = get_cpu_device(cpu);
773
774 memset(uci, 0, sizeof(*uci));
775
776 microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig);
777 cpu_data(cpu).microcode = uci->cpu_sig.rev;
778 if (!cpu)
779 boot_cpu_data.microcode = uci->cpu_sig.rev;
780
781 if (sysfs_create_group(&dev->kobj, &mc_attr_group))
782 pr_err("Failed to create group for CPU%d\n", cpu);
783 return 0;
784}
785
786static int mc_cpu_down_prep(unsigned int cpu)
787{
788 struct device *dev = get_cpu_device(cpu);
789
790 microcode_fini_cpu(cpu);
791 sysfs_remove_group(&dev->kobj, &mc_attr_group);
792 return 0;
793}
794
795static struct attribute *cpu_root_microcode_attrs[] = {
796#ifdef CONFIG_MICROCODE_LATE_LOADING
797 &dev_attr_reload.attr,
798#endif
799 NULL
800};
801
802static const struct attribute_group cpu_root_microcode_group = {
803 .name = "microcode",
804 .attrs = cpu_root_microcode_attrs,
805};
806
807static int __init microcode_init(void)
808{
809 struct device *dev_root;
810 struct cpuinfo_x86 *c = &boot_cpu_data;
811 int error;
812
813 if (dis_ucode_ldr)
814 return -EINVAL;
815
816 if (c->x86_vendor == X86_VENDOR_INTEL)
817 microcode_ops = init_intel_microcode();
818 else if (c->x86_vendor == X86_VENDOR_AMD)
819 microcode_ops = init_amd_microcode();
820 else
821 pr_err("no support for this CPU vendor\n");
822
823 if (!microcode_ops)
824 return -ENODEV;
825
826 pr_info_once("Current revision: 0x%08x\n", (early_data.new_rev ?: early_data.old_rev));
827
828 if (early_data.new_rev)
829 pr_info_once("Updated early from: 0x%08x\n", early_data.old_rev);
830
831 microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0);
832 if (IS_ERR(microcode_pdev))
833 return PTR_ERR(microcode_pdev);
834
835 dev_root = bus_get_dev_root(&cpu_subsys);
836 if (dev_root) {
837 error = sysfs_create_group(&dev_root->kobj, &cpu_root_microcode_group);
838 put_device(dev_root);
839 if (error) {
840 pr_err("Error creating microcode group!\n");
841 goto out_pdev;
842 }
843 }
844
845 register_syscore_ops(&mc_syscore_ops);
846 cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
847 mc_cpu_online, mc_cpu_down_prep);
848
849 return 0;
850
851 out_pdev:
852 platform_device_unregister(microcode_pdev);
853 return error;
854
855}
856late_initcall(microcode_init);