Re: x86, microcode: BUG: microcode update that changes x86_capability

From: Henrique de Moraes Holschuh
Date: Fri Sep 19 2014 - 12:42:36 EST


On Fri, 19 Sep 2014, Borislav Petkov wrote:
> On Fri, Sep 19, 2014 at 07:54:14AM -0500, Chuck Ebbert wrote:
> > 2) Don't allow a late update if TSX is still enabled on those
> > processors.
>
> Yeah, so the use case I have in mind is when a long-running machine
> wants to apply microcode and this microcode disables CPUID bits and
> instructions. And the machine cannot be rebooted.
>
> I guess in that case we would have to issue a warning only on the
> affected processors that a rebooted is mandatory and fail the update...
> Maybe something like that.

Well, in this case we'd have to (on Intel, but AMD is likely the same):

1. offline a "guinea pig" group of "cpus", i.e. an entire "microcode update
unit" that doesn't include the BSP. This is going to be a pain, as what
composes a "microcode update unit" is not set in stone, and could change in
a future microarch.

2. apply the update to one of the "guinea pig" "cpus" (which will update all
"cpus" in the same "microcode update unit").

3. sanity check.

4a. abort the update run if something nasty happened, leaving the "guinea
pig" "cpus" locked offline until the next reboot. Warn the user.

4b. online the "guinea pig" "cpus" if the update looks good, and proceed to
update the rest of the "cpus" in the system.

We need this dance because we cannot roll-back a microcode update in the
general case.

To me, it looks way too complicated to be worth the effort.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/