1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * CPU Microcode Update Driver for Linux 4 * 5 * Copyright (C) 2000-2006 Tigran Aivazian <[email protected]> 6 * 2006 Shaohua Li <[email protected]> 7 * 2013-2016 Borislav Petkov <[email protected]> 8 * 9 * X86 CPU microcode early update for Linux: 10 * 11 * Copyright (C) 2012 Fenghua Yu <[email protected]> 12 * H Peter Anvin" <[email protected]> 13 * (C) 2015 Borislav Petkov <[email protected]> 14 * 15 * This driver allows to upgrade microcode on x86 processors. 16 */ 17 18 #define pr_fmt(fmt) "microcode: " fmt 19 20 #include <linux/platform_device.h> 21 #include <linux/stop_machine.h> 22 #include <linux/syscore_ops.h> 23 #include <linux/miscdevice.h> 24 #include <linux/capability.h> 25 #include <linux/firmware.h> 26 #include <linux/kernel.h> 27 #include <linux/delay.h> 28 #include <linux/mutex.h> 29 #include <linux/cpu.h> 30 #include <linux/nmi.h> 31 #include <linux/fs.h> 32 #include <linux/mm.h> 33 34 #include <asm/cpu_device_id.h> 35 #include <asm/perf_event.h> 36 #include <asm/processor.h> 37 #include <asm/cmdline.h> 38 #include <asm/setup.h> 39 40 #include "internal.h" 41 42 #define DRIVER_VERSION "2.2" 43 44 static struct microcode_ops *microcode_ops; 45 bool dis_ucode_ldr = true; 46 47 /* 48 * Synchronization. 49 * 50 * All non cpu-hotplug-callback call sites use: 51 * 52 * - cpus_read_lock/unlock() to synchronize with 53 * the cpu-hotplug-callback call sites. 54 * 55 * We guarantee that only a single cpu is being 56 * updated at any particular moment of time. 57 */ 58 struct ucode_cpu_info ucode_cpu_info[NR_CPUS]; 59 60 struct cpu_info_ctx { 61 struct cpu_signature *cpu_sig; 62 int err; 63 }; 64 65 /* 66 * Those patch levels cannot be updated to newer ones and thus should be final. 67 */ 68 static u32 final_levels[] = { 69 0x01000098, 70 0x0100009f, 71 0x010000af, 72 0, /* T-101 terminator */ 73 }; 74 75 /* 76 * Check the current patch level on this CPU. 77 * 78 * Returns: 79 * - true: if update should stop 80 * - false: otherwise 81 */ 82 static bool amd_check_current_patch_level(void) 83 { 84 u32 lvl, dummy, i; 85 u32 *levels; 86 87 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy); 88 89 levels = final_levels; 90 91 for (i = 0; levels[i]; i++) { 92 if (lvl == levels[i]) 93 return true; 94 } 95 return false; 96 } 97 98 static bool __init check_loader_disabled_bsp(void) 99 { 100 static const char *__dis_opt_str = "dis_ucode_ldr"; 101 const char *cmdline = boot_command_line; 102 const char *option = __dis_opt_str; 103 104 /* 105 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not 106 * completely accurate as xen pv guests don't see that CPUID bit set but 107 * that's good enough as they don't land on the BSP path anyway. 108 */ 109 if (native_cpuid_ecx(1) & BIT(31)) 110 return true; 111 112 if (x86_cpuid_vendor() == X86_VENDOR_AMD) { 113 if (amd_check_current_patch_level()) 114 return true; 115 } 116 117 if (cmdline_find_option_bool(cmdline, option) <= 0) 118 dis_ucode_ldr = false; 119 120 return dis_ucode_ldr; 121 } 122 123 void __init load_ucode_bsp(void) 124 { 125 unsigned int cpuid_1_eax; 126 bool intel = true; 127 128 if (!have_cpuid_p()) 129 return; 130 131 cpuid_1_eax = native_cpuid_eax(1); 132 133 switch (x86_cpuid_vendor()) { 134 case X86_VENDOR_INTEL: 135 if (x86_family(cpuid_1_eax) < 6) 136 return; 137 break; 138 139 case X86_VENDOR_AMD: 140 if (x86_family(cpuid_1_eax) < 0x10) 141 return; 142 intel = false; 143 break; 144 145 default: 146 return; 147 } 148 149 if (check_loader_disabled_bsp()) 150 return; 151 152 if (intel) 153 load_ucode_intel_bsp(); 154 else 155 load_ucode_amd_bsp(cpuid_1_eax); 156 } 157 158 void load_ucode_ap(void) 159 { 160 unsigned int cpuid_1_eax; 161 162 if (dis_ucode_ldr) 163 return; 164 165 cpuid_1_eax = native_cpuid_eax(1); 166 167 switch (x86_cpuid_vendor()) { 168 case X86_VENDOR_INTEL: 169 if (x86_family(cpuid_1_eax) >= 6) 170 load_ucode_intel_ap(); 171 break; 172 case X86_VENDOR_AMD: 173 if (x86_family(cpuid_1_eax) >= 0x10) 174 load_ucode_amd_ap(cpuid_1_eax); 175 break; 176 default: 177 break; 178 } 179 } 180 181 struct cpio_data __init find_microcode_in_initrd(const char *path) 182 { 183 #ifdef CONFIG_BLK_DEV_INITRD 184 unsigned long start = 0; 185 size_t size; 186 187 #ifdef CONFIG_X86_32 188 size = boot_params.hdr.ramdisk_size; 189 /* Early load on BSP has a temporary mapping. */ 190 if (size) 191 start = initrd_start_early; 192 193 #else /* CONFIG_X86_64 */ 194 size = (unsigned long)boot_params.ext_ramdisk_size << 32; 195 size |= boot_params.hdr.ramdisk_size; 196 197 if (size) { 198 start = (unsigned long)boot_params.ext_ramdisk_image << 32; 199 start |= boot_params.hdr.ramdisk_image; 200 start += PAGE_OFFSET; 201 } 202 #endif 203 204 /* 205 * Fixup the start address: after reserve_initrd() runs, initrd_start 206 * has the virtual address of the beginning of the initrd. It also 207 * possibly relocates the ramdisk. In either case, initrd_start contains 208 * the updated address so use that instead. 209 */ 210 if (initrd_start) 211 start = initrd_start; 212 213 return find_cpio_data(path, (void *)start, size, NULL); 214 #else /* !CONFIG_BLK_DEV_INITRD */ 215 return (struct cpio_data){ NULL, 0, "" }; 216 #endif 217 } 218 219 static void reload_early_microcode(unsigned int cpu) 220 { 221 int vendor, family; 222 223 vendor = x86_cpuid_vendor(); 224 family = x86_cpuid_family(); 225 226 switch (vendor) { 227 case X86_VENDOR_INTEL: 228 if (family >= 6) 229 reload_ucode_intel(); 230 break; 231 case X86_VENDOR_AMD: 232 if (family >= 0x10) 233 reload_ucode_amd(cpu); 234 break; 235 default: 236 break; 237 } 238 } 239 240 /* fake device for request_firmware */ 241 static struct platform_device *microcode_pdev; 242 243 #ifdef CONFIG_MICROCODE_LATE_LOADING 244 /* 245 * Late loading dance. Why the heavy-handed stomp_machine effort? 246 * 247 * - HT siblings must be idle and not execute other code while the other sibling 248 * is loading microcode in order to avoid any negative interactions caused by 249 * the loading. 250 * 251 * - In addition, microcode update on the cores must be serialized until this 252 * requirement can be relaxed in the future. Right now, this is conservative 253 * and good. 254 */ 255 #define SPINUNIT 100 /* 100 nsec */ 256 257 static int check_online_cpus(void) 258 { 259 unsigned int cpu; 260 261 /* 262 * Make sure all CPUs are online. It's fine for SMT to be disabled if 263 * all the primary threads are still online. 264 */ 265 for_each_present_cpu(cpu) { 266 if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) { 267 pr_err("Not all CPUs online, aborting microcode update.\n"); 268 return -EINVAL; 269 } 270 } 271 272 return 0; 273 } 274 275 static atomic_t late_cpus_in; 276 static atomic_t late_cpus_out; 277 278 static int __wait_for_cpus(atomic_t *t, long long timeout) 279 { 280 int all_cpus = num_online_cpus(); 281 282 atomic_inc(t); 283 284 while (atomic_read(t) < all_cpus) { 285 if (timeout < SPINUNIT) { 286 pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", 287 all_cpus - atomic_read(t)); 288 return 1; 289 } 290 291 ndelay(SPINUNIT); 292 timeout -= SPINUNIT; 293 294 touch_nmi_watchdog(); 295 } 296 return 0; 297 } 298 299 /* 300 * Returns: 301 * < 0 - on error 302 * 0 - success (no update done or microcode was updated) 303 */ 304 static int __reload_late(void *info) 305 { 306 int cpu = smp_processor_id(); 307 enum ucode_state err; 308 int ret = 0; 309 310 /* 311 * Wait for all CPUs to arrive. A load will not be attempted unless all 312 * CPUs show up. 313 * */ 314 if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) 315 return -1; 316 317 /* 318 * On an SMT system, it suffices to load the microcode on one sibling of 319 * the core because the microcode engine is shared between the threads. 320 * Synchronization still needs to take place so that no concurrent 321 * loading attempts happen on multiple threads of an SMT core. See 322 * below. 323 */ 324 if (cpumask_first(topology_sibling_cpumask(cpu)) == cpu) 325 err = microcode_ops->apply_microcode(cpu); 326 else 327 goto wait_for_siblings; 328 329 if (err >= UCODE_NFOUND) { 330 if (err == UCODE_ERROR) { 331 pr_warn("Error reloading microcode on CPU %d\n", cpu); 332 ret = -1; 333 } 334 } 335 336 wait_for_siblings: 337 if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC)) 338 panic("Timeout during microcode update!\n"); 339 340 /* 341 * At least one thread has completed update on each core. 342 * For others, simply call the update to make sure the 343 * per-cpu cpuinfo can be updated with right microcode 344 * revision. 345 */ 346 if (cpumask_first(topology_sibling_cpumask(cpu)) != cpu) 347 err = microcode_ops->apply_microcode(cpu); 348 349 return ret; 350 } 351 352 /* 353 * Reload microcode late on all CPUs. Wait for a sec until they 354 * all gather together. 355 */ 356 static int microcode_reload_late(void) 357 { 358 int old = boot_cpu_data.microcode, ret; 359 struct cpuinfo_x86 prev_info; 360 361 pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); 362 pr_err("You should switch to early loading, if possible.\n"); 363 364 atomic_set(&late_cpus_in, 0); 365 atomic_set(&late_cpus_out, 0); 366 367 /* 368 * Take a snapshot before the microcode update in order to compare and 369 * check whether any bits changed after an update. 370 */ 371 store_cpu_caps(&prev_info); 372 373 ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); 374 375 if (microcode_ops->finalize_late_load) 376 microcode_ops->finalize_late_load(ret); 377 378 if (!ret) { 379 pr_info("Reload succeeded, microcode revision: 0x%x -> 0x%x\n", 380 old, boot_cpu_data.microcode); 381 microcode_check(&prev_info); 382 } else { 383 pr_info("Reload failed, current microcode revision: 0x%x\n", 384 boot_cpu_data.microcode); 385 } 386 387 return ret; 388 } 389 390 static ssize_t reload_store(struct device *dev, 391 struct device_attribute *attr, 392 const char *buf, size_t size) 393 { 394 enum ucode_state tmp_ret = UCODE_OK; 395 int bsp = boot_cpu_data.cpu_index; 396 unsigned long val; 397 ssize_t ret = 0; 398 399 ret = kstrtoul(buf, 0, &val); 400 if (ret || val != 1) 401 return -EINVAL; 402 403 cpus_read_lock(); 404 405 ret = check_online_cpus(); 406 if (ret) 407 goto put; 408 409 tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev); 410 if (tmp_ret != UCODE_NEW) 411 goto put; 412 413 ret = microcode_reload_late(); 414 put: 415 cpus_read_unlock(); 416 417 if (ret == 0) 418 ret = size; 419 420 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 421 422 return ret; 423 } 424 425 static DEVICE_ATTR_WO(reload); 426 #endif 427 428 static ssize_t version_show(struct device *dev, 429 struct device_attribute *attr, char *buf) 430 { 431 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id; 432 433 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev); 434 } 435 436 static ssize_t processor_flags_show(struct device *dev, 437 struct device_attribute *attr, char *buf) 438 { 439 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id; 440 441 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf); 442 } 443 444 static DEVICE_ATTR_RO(version); 445 static DEVICE_ATTR_RO(processor_flags); 446 447 static struct attribute *mc_default_attrs[] = { 448 &dev_attr_version.attr, 449 &dev_attr_processor_flags.attr, 450 NULL 451 }; 452 453 static const struct attribute_group mc_attr_group = { 454 .attrs = mc_default_attrs, 455 .name = "microcode", 456 }; 457 458 static void microcode_fini_cpu(int cpu) 459 { 460 if (microcode_ops->microcode_fini_cpu) 461 microcode_ops->microcode_fini_cpu(cpu); 462 } 463 464 /** 465 * microcode_bsp_resume - Update boot CPU microcode during resume. 466 */ 467 void microcode_bsp_resume(void) 468 { 469 int cpu = smp_processor_id(); 470 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 471 472 if (uci->mc) 473 microcode_ops->apply_microcode(cpu); 474 else 475 reload_early_microcode(cpu); 476 } 477 478 static struct syscore_ops mc_syscore_ops = { 479 .resume = microcode_bsp_resume, 480 }; 481 482 static int mc_cpu_online(unsigned int cpu) 483 { 484 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 485 struct device *dev = get_cpu_device(cpu); 486 487 memset(uci, 0, sizeof(*uci)); 488 489 microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); 490 cpu_data(cpu).microcode = uci->cpu_sig.rev; 491 if (!cpu) 492 boot_cpu_data.microcode = uci->cpu_sig.rev; 493 494 if (sysfs_create_group(&dev->kobj, &mc_attr_group)) 495 pr_err("Failed to create group for CPU%d\n", cpu); 496 return 0; 497 } 498 499 static int mc_cpu_down_prep(unsigned int cpu) 500 { 501 struct device *dev; 502 503 dev = get_cpu_device(cpu); 504 505 microcode_fini_cpu(cpu); 506 507 /* Suspend is in progress, only remove the interface */ 508 sysfs_remove_group(&dev->kobj, &mc_attr_group); 509 pr_debug("%s: CPU%d\n", __func__, cpu); 510 511 return 0; 512 } 513 514 static struct attribute *cpu_root_microcode_attrs[] = { 515 #ifdef CONFIG_MICROCODE_LATE_LOADING 516 &dev_attr_reload.attr, 517 #endif 518 NULL 519 }; 520 521 static const struct attribute_group cpu_root_microcode_group = { 522 .name = "microcode", 523 .attrs = cpu_root_microcode_attrs, 524 }; 525 526 static int __init microcode_init(void) 527 { 528 struct device *dev_root; 529 struct cpuinfo_x86 *c = &boot_cpu_data; 530 int error; 531 532 if (dis_ucode_ldr) 533 return -EINVAL; 534 535 if (c->x86_vendor == X86_VENDOR_INTEL) 536 microcode_ops = init_intel_microcode(); 537 else if (c->x86_vendor == X86_VENDOR_AMD) 538 microcode_ops = init_amd_microcode(); 539 else 540 pr_err("no support for this CPU vendor\n"); 541 542 if (!microcode_ops) 543 return -ENODEV; 544 545 microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0); 546 if (IS_ERR(microcode_pdev)) 547 return PTR_ERR(microcode_pdev); 548 549 dev_root = bus_get_dev_root(&cpu_subsys); 550 if (dev_root) { 551 error = sysfs_create_group(&dev_root->kobj, &cpu_root_microcode_group); 552 put_device(dev_root); 553 if (error) { 554 pr_err("Error creating microcode group!\n"); 555 goto out_pdev; 556 } 557 } 558 559 register_syscore_ops(&mc_syscore_ops); 560 cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", 561 mc_cpu_online, mc_cpu_down_prep); 562 563 pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION); 564 565 return 0; 566 567 out_pdev: 568 platform_device_unregister(microcode_pdev); 569 return error; 570 571 } 572 late_initcall(microcode_init); 573