1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * CPU Microcode Update Driver for Linux 4 * 5 * Copyright (C) 2000-2006 Tigran Aivazian <[email protected]> 6 * 2006 Shaohua Li <[email protected]> 7 * 2013-2016 Borislav Petkov <[email protected]> 8 * 9 * X86 CPU microcode early update for Linux: 10 * 11 * Copyright (C) 2012 Fenghua Yu <[email protected]> 12 * H Peter Anvin" <[email protected]> 13 * (C) 2015 Borislav Petkov <[email protected]> 14 * 15 * This driver allows to upgrade microcode on x86 processors. 16 */ 17 18 #define pr_fmt(fmt) "microcode: " fmt 19 20 #include <linux/platform_device.h> 21 #include <linux/stop_machine.h> 22 #include <linux/syscore_ops.h> 23 #include <linux/miscdevice.h> 24 #include <linux/capability.h> 25 #include <linux/firmware.h> 26 #include <linux/kernel.h> 27 #include <linux/delay.h> 28 #include <linux/mutex.h> 29 #include <linux/cpu.h> 30 #include <linux/nmi.h> 31 #include <linux/fs.h> 32 #include <linux/mm.h> 33 34 #include <asm/cpu_device_id.h> 35 #include <asm/perf_event.h> 36 #include <asm/processor.h> 37 #include <asm/cmdline.h> 38 #include <asm/setup.h> 39 40 #include "internal.h" 41 42 #define DRIVER_VERSION "2.2" 43 44 static struct microcode_ops *microcode_ops; 45 static bool dis_ucode_ldr = true; 46 47 bool initrd_gone; 48 49 /* 50 * Synchronization. 51 * 52 * All non cpu-hotplug-callback call sites use: 53 * 54 * - cpus_read_lock/unlock() to synchronize with 55 * the cpu-hotplug-callback call sites. 56 * 57 * We guarantee that only a single cpu is being 58 * updated at any particular moment of time. 59 */ 60 struct ucode_cpu_info ucode_cpu_info[NR_CPUS]; 61 62 struct cpu_info_ctx { 63 struct cpu_signature *cpu_sig; 64 int err; 65 }; 66 67 /* 68 * Those patch levels cannot be updated to newer ones and thus should be final. 69 */ 70 static u32 final_levels[] = { 71 0x01000098, 72 0x0100009f, 73 0x010000af, 74 0, /* T-101 terminator */ 75 }; 76 77 /* 78 * Check the current patch level on this CPU. 79 * 80 * Returns: 81 * - true: if update should stop 82 * - false: otherwise 83 */ 84 static bool amd_check_current_patch_level(void) 85 { 86 u32 lvl, dummy, i; 87 u32 *levels; 88 89 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy); 90 91 levels = final_levels; 92 93 for (i = 0; levels[i]; i++) { 94 if (lvl == levels[i]) 95 return true; 96 } 97 return false; 98 } 99 100 static bool __init check_loader_disabled_bsp(void) 101 { 102 static const char *__dis_opt_str = "dis_ucode_ldr"; 103 const char *cmdline = boot_command_line; 104 const char *option = __dis_opt_str; 105 106 /* 107 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not 108 * completely accurate as xen pv guests don't see that CPUID bit set but 109 * that's good enough as they don't land on the BSP path anyway. 110 */ 111 if (native_cpuid_ecx(1) & BIT(31)) 112 return true; 113 114 if (x86_cpuid_vendor() == X86_VENDOR_AMD) { 115 if (amd_check_current_patch_level()) 116 return true; 117 } 118 119 if (cmdline_find_option_bool(cmdline, option) <= 0) 120 dis_ucode_ldr = false; 121 122 return dis_ucode_ldr; 123 } 124 125 void __init load_ucode_bsp(void) 126 { 127 unsigned int cpuid_1_eax; 128 bool intel = true; 129 130 if (!have_cpuid_p()) 131 return; 132 133 cpuid_1_eax = native_cpuid_eax(1); 134 135 switch (x86_cpuid_vendor()) { 136 case X86_VENDOR_INTEL: 137 if (x86_family(cpuid_1_eax) < 6) 138 return; 139 break; 140 141 case X86_VENDOR_AMD: 142 if (x86_family(cpuid_1_eax) < 0x10) 143 return; 144 intel = false; 145 break; 146 147 default: 148 return; 149 } 150 151 if (check_loader_disabled_bsp()) 152 return; 153 154 if (intel) 155 load_ucode_intel_bsp(); 156 else 157 load_ucode_amd_early(cpuid_1_eax); 158 } 159 160 void load_ucode_ap(void) 161 { 162 unsigned int cpuid_1_eax; 163 164 if (dis_ucode_ldr) 165 return; 166 167 cpuid_1_eax = native_cpuid_eax(1); 168 169 switch (x86_cpuid_vendor()) { 170 case X86_VENDOR_INTEL: 171 if (x86_family(cpuid_1_eax) >= 6) 172 load_ucode_intel_ap(); 173 break; 174 case X86_VENDOR_AMD: 175 if (x86_family(cpuid_1_eax) >= 0x10) 176 load_ucode_amd_early(cpuid_1_eax); 177 break; 178 default: 179 break; 180 } 181 } 182 183 static int __init save_microcode_in_initrd(void) 184 { 185 struct cpuinfo_x86 *c = &boot_cpu_data; 186 int ret = -EINVAL; 187 188 switch (c->x86_vendor) { 189 case X86_VENDOR_INTEL: 190 if (c->x86 >= 6) 191 ret = save_microcode_in_initrd_intel(); 192 break; 193 case X86_VENDOR_AMD: 194 if (c->x86 >= 0x10) 195 ret = save_microcode_in_initrd_amd(cpuid_eax(1)); 196 break; 197 default: 198 break; 199 } 200 201 initrd_gone = true; 202 203 return ret; 204 } 205 206 struct cpio_data find_microcode_in_initrd(const char *path) 207 { 208 #ifdef CONFIG_BLK_DEV_INITRD 209 unsigned long start = 0; 210 size_t size; 211 212 #ifdef CONFIG_X86_32 213 size = boot_params.hdr.ramdisk_size; 214 /* Early load on BSP has a temporary mapping. */ 215 if (size) 216 start = initrd_start_early; 217 218 #else /* CONFIG_X86_64 */ 219 size = (unsigned long)boot_params.ext_ramdisk_size << 32; 220 size |= boot_params.hdr.ramdisk_size; 221 222 if (size) { 223 start = (unsigned long)boot_params.ext_ramdisk_image << 32; 224 start |= boot_params.hdr.ramdisk_image; 225 start += PAGE_OFFSET; 226 } 227 #endif 228 229 /* 230 * Fixup the start address: after reserve_initrd() runs, initrd_start 231 * has the virtual address of the beginning of the initrd. It also 232 * possibly relocates the ramdisk. In either case, initrd_start contains 233 * the updated address so use that instead. 234 * 235 * initrd_gone is for the hotplug case where we've thrown out initrd 236 * already. 237 */ 238 if (initrd_gone) 239 return (struct cpio_data){ NULL, 0, "" }; 240 if (initrd_start) 241 start = initrd_start; 242 243 return find_cpio_data(path, (void *)start, size, NULL); 244 #else /* !CONFIG_BLK_DEV_INITRD */ 245 return (struct cpio_data){ NULL, 0, "" }; 246 #endif 247 } 248 249 static void reload_early_microcode(unsigned int cpu) 250 { 251 int vendor, family; 252 253 vendor = x86_cpuid_vendor(); 254 family = x86_cpuid_family(); 255 256 switch (vendor) { 257 case X86_VENDOR_INTEL: 258 if (family >= 6) 259 reload_ucode_intel(); 260 break; 261 case X86_VENDOR_AMD: 262 if (family >= 0x10) 263 reload_ucode_amd(cpu); 264 break; 265 default: 266 break; 267 } 268 } 269 270 /* fake device for request_firmware */ 271 static struct platform_device *microcode_pdev; 272 273 #ifdef CONFIG_MICROCODE_LATE_LOADING 274 /* 275 * Late loading dance. Why the heavy-handed stomp_machine effort? 276 * 277 * - HT siblings must be idle and not execute other code while the other sibling 278 * is loading microcode in order to avoid any negative interactions caused by 279 * the loading. 280 * 281 * - In addition, microcode update on the cores must be serialized until this 282 * requirement can be relaxed in the future. Right now, this is conservative 283 * and good. 284 */ 285 #define SPINUNIT 100 /* 100 nsec */ 286 287 static int check_online_cpus(void) 288 { 289 unsigned int cpu; 290 291 /* 292 * Make sure all CPUs are online. It's fine for SMT to be disabled if 293 * all the primary threads are still online. 294 */ 295 for_each_present_cpu(cpu) { 296 if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) { 297 pr_err("Not all CPUs online, aborting microcode update.\n"); 298 return -EINVAL; 299 } 300 } 301 302 return 0; 303 } 304 305 static atomic_t late_cpus_in; 306 static atomic_t late_cpus_out; 307 308 static int __wait_for_cpus(atomic_t *t, long long timeout) 309 { 310 int all_cpus = num_online_cpus(); 311 312 atomic_inc(t); 313 314 while (atomic_read(t) < all_cpus) { 315 if (timeout < SPINUNIT) { 316 pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", 317 all_cpus - atomic_read(t)); 318 return 1; 319 } 320 321 ndelay(SPINUNIT); 322 timeout -= SPINUNIT; 323 324 touch_nmi_watchdog(); 325 } 326 return 0; 327 } 328 329 /* 330 * Returns: 331 * < 0 - on error 332 * 0 - success (no update done or microcode was updated) 333 */ 334 static int __reload_late(void *info) 335 { 336 int cpu = smp_processor_id(); 337 enum ucode_state err; 338 int ret = 0; 339 340 /* 341 * Wait for all CPUs to arrive. A load will not be attempted unless all 342 * CPUs show up. 343 * */ 344 if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) 345 return -1; 346 347 /* 348 * On an SMT system, it suffices to load the microcode on one sibling of 349 * the core because the microcode engine is shared between the threads. 350 * Synchronization still needs to take place so that no concurrent 351 * loading attempts happen on multiple threads of an SMT core. See 352 * below. 353 */ 354 if (cpumask_first(topology_sibling_cpumask(cpu)) == cpu) 355 err = microcode_ops->apply_microcode(cpu); 356 else 357 goto wait_for_siblings; 358 359 if (err >= UCODE_NFOUND) { 360 if (err == UCODE_ERROR) { 361 pr_warn("Error reloading microcode on CPU %d\n", cpu); 362 ret = -1; 363 } 364 } 365 366 wait_for_siblings: 367 if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC)) 368 panic("Timeout during microcode update!\n"); 369 370 /* 371 * At least one thread has completed update on each core. 372 * For others, simply call the update to make sure the 373 * per-cpu cpuinfo can be updated with right microcode 374 * revision. 375 */ 376 if (cpumask_first(topology_sibling_cpumask(cpu)) != cpu) 377 err = microcode_ops->apply_microcode(cpu); 378 379 return ret; 380 } 381 382 /* 383 * Reload microcode late on all CPUs. Wait for a sec until they 384 * all gather together. 385 */ 386 static int microcode_reload_late(void) 387 { 388 int old = boot_cpu_data.microcode, ret; 389 struct cpuinfo_x86 prev_info; 390 391 pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); 392 pr_err("You should switch to early loading, if possible.\n"); 393 394 atomic_set(&late_cpus_in, 0); 395 atomic_set(&late_cpus_out, 0); 396 397 /* 398 * Take a snapshot before the microcode update in order to compare and 399 * check whether any bits changed after an update. 400 */ 401 store_cpu_caps(&prev_info); 402 403 ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); 404 if (!ret) { 405 pr_info("Reload succeeded, microcode revision: 0x%x -> 0x%x\n", 406 old, boot_cpu_data.microcode); 407 microcode_check(&prev_info); 408 } else { 409 pr_info("Reload failed, current microcode revision: 0x%x\n", 410 boot_cpu_data.microcode); 411 } 412 413 return ret; 414 } 415 416 static ssize_t reload_store(struct device *dev, 417 struct device_attribute *attr, 418 const char *buf, size_t size) 419 { 420 enum ucode_state tmp_ret = UCODE_OK; 421 int bsp = boot_cpu_data.cpu_index; 422 unsigned long val; 423 ssize_t ret = 0; 424 425 ret = kstrtoul(buf, 0, &val); 426 if (ret || val != 1) 427 return -EINVAL; 428 429 cpus_read_lock(); 430 431 ret = check_online_cpus(); 432 if (ret) 433 goto put; 434 435 tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev); 436 if (tmp_ret != UCODE_NEW) 437 goto put; 438 439 ret = microcode_reload_late(); 440 put: 441 cpus_read_unlock(); 442 443 if (ret == 0) 444 ret = size; 445 446 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 447 448 return ret; 449 } 450 451 static DEVICE_ATTR_WO(reload); 452 #endif 453 454 static ssize_t version_show(struct device *dev, 455 struct device_attribute *attr, char *buf) 456 { 457 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id; 458 459 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev); 460 } 461 462 static ssize_t processor_flags_show(struct device *dev, 463 struct device_attribute *attr, char *buf) 464 { 465 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id; 466 467 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf); 468 } 469 470 static DEVICE_ATTR_RO(version); 471 static DEVICE_ATTR_RO(processor_flags); 472 473 static struct attribute *mc_default_attrs[] = { 474 &dev_attr_version.attr, 475 &dev_attr_processor_flags.attr, 476 NULL 477 }; 478 479 static const struct attribute_group mc_attr_group = { 480 .attrs = mc_default_attrs, 481 .name = "microcode", 482 }; 483 484 static void microcode_fini_cpu(int cpu) 485 { 486 if (microcode_ops->microcode_fini_cpu) 487 microcode_ops->microcode_fini_cpu(cpu); 488 } 489 490 static enum ucode_state microcode_init_cpu(int cpu) 491 { 492 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 493 494 memset(uci, 0, sizeof(*uci)); 495 496 microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig); 497 498 return microcode_ops->apply_microcode(cpu); 499 } 500 501 /** 502 * microcode_bsp_resume - Update boot CPU microcode during resume. 503 */ 504 void microcode_bsp_resume(void) 505 { 506 int cpu = smp_processor_id(); 507 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 508 509 if (uci->mc) 510 microcode_ops->apply_microcode(cpu); 511 else 512 reload_early_microcode(cpu); 513 } 514 515 static struct syscore_ops mc_syscore_ops = { 516 .resume = microcode_bsp_resume, 517 }; 518 519 static int mc_cpu_starting(unsigned int cpu) 520 { 521 enum ucode_state err = microcode_ops->apply_microcode(cpu); 522 523 pr_debug("%s: CPU%d, err: %d\n", __func__, cpu, err); 524 525 return err == UCODE_ERROR; 526 } 527 528 static int mc_cpu_online(unsigned int cpu) 529 { 530 struct device *dev = get_cpu_device(cpu); 531 532 if (sysfs_create_group(&dev->kobj, &mc_attr_group)) 533 pr_err("Failed to create group for CPU%d\n", cpu); 534 return 0; 535 } 536 537 static int mc_cpu_down_prep(unsigned int cpu) 538 { 539 struct device *dev; 540 541 dev = get_cpu_device(cpu); 542 543 microcode_fini_cpu(cpu); 544 545 /* Suspend is in progress, only remove the interface */ 546 sysfs_remove_group(&dev->kobj, &mc_attr_group); 547 pr_debug("%s: CPU%d\n", __func__, cpu); 548 549 return 0; 550 } 551 552 static void setup_online_cpu(struct work_struct *work) 553 { 554 int cpu = smp_processor_id(); 555 enum ucode_state err; 556 557 err = microcode_init_cpu(cpu); 558 if (err == UCODE_ERROR) { 559 pr_err("Error applying microcode on CPU%d\n", cpu); 560 return; 561 } 562 563 mc_cpu_online(cpu); 564 } 565 566 static struct attribute *cpu_root_microcode_attrs[] = { 567 #ifdef CONFIG_MICROCODE_LATE_LOADING 568 &dev_attr_reload.attr, 569 #endif 570 NULL 571 }; 572 573 static const struct attribute_group cpu_root_microcode_group = { 574 .name = "microcode", 575 .attrs = cpu_root_microcode_attrs, 576 }; 577 578 static int __init microcode_init(void) 579 { 580 struct device *dev_root; 581 struct cpuinfo_x86 *c = &boot_cpu_data; 582 int error; 583 584 if (dis_ucode_ldr) 585 return -EINVAL; 586 587 if (c->x86_vendor == X86_VENDOR_INTEL) 588 microcode_ops = init_intel_microcode(); 589 else if (c->x86_vendor == X86_VENDOR_AMD) 590 microcode_ops = init_amd_microcode(); 591 else 592 pr_err("no support for this CPU vendor\n"); 593 594 if (!microcode_ops) 595 return -ENODEV; 596 597 microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0); 598 if (IS_ERR(microcode_pdev)) 599 return PTR_ERR(microcode_pdev); 600 601 dev_root = bus_get_dev_root(&cpu_subsys); 602 if (dev_root) { 603 error = sysfs_create_group(&dev_root->kobj, &cpu_root_microcode_group); 604 put_device(dev_root); 605 if (error) { 606 pr_err("Error creating microcode group!\n"); 607 goto out_pdev; 608 } 609 } 610 611 /* Do per-CPU setup */ 612 schedule_on_each_cpu(setup_online_cpu); 613 614 register_syscore_ops(&mc_syscore_ops); 615 cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting", 616 mc_cpu_starting, NULL); 617 cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", 618 mc_cpu_online, mc_cpu_down_prep); 619 620 pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION); 621 622 return 0; 623 624 out_pdev: 625 platform_device_unregister(microcode_pdev); 626 return error; 627 628 } 629 fs_initcall(save_microcode_in_initrd); 630 late_initcall(microcode_init); 631