1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AMD CPU Microcode Update Driver for Linux
4 *
5 * This driver allows to upgrade microcode on F10h AMD
6 * CPUs and later.
7 *
8 * Copyright (C) 2008-2011 Advanced Micro Devices Inc.
9 * 2013-2018 Borislav Petkov <bp@alien8.de>
10 *
11 * Author: Peter Oruba <peter.oruba@amd.com>
12 *
13 * Based on work by:
14 * Tigran Aivazian <aivazian.tigran@gmail.com>
15 *
16 * early loader:
17 * Copyright (C) 2013 Advanced Micro Devices, Inc.
18 *
19 * Author: Jacob Shin <jacob.shin@amd.com>
20 * Fixes: Borislav Petkov <bp@suse.de>
21 */
22 #define pr_fmt(fmt) "microcode: " fmt
23
24 #include <linux/earlycpio.h>
25 #include <linux/firmware.h>
26 #include <linux/bsearch.h>
27 #include <linux/uaccess.h>
28 #include <linux/vmalloc.h>
29 #include <linux/initrd.h>
30 #include <linux/kernel.h>
31 #include <linux/pci.h>
32
33 #include <crypto/sha2.h>
34
35 #include <asm/microcode.h>
36 #include <asm/processor.h>
37 #include <asm/cmdline.h>
38 #include <asm/setup.h>
39 #include <asm/cpu.h>
40 #include <asm/msr.h>
41 #include <asm/tlb.h>
42
43 #include "internal.h"
44
45 struct ucode_patch {
46 struct list_head plist;
47 void *data;
48 unsigned int size;
49 u32 patch_id;
50 u16 equiv_cpu;
51 };
52
53 static LIST_HEAD(microcode_cache);
54
55 #define UCODE_MAGIC 0x00414d44
56 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000
57 #define UCODE_UCODE_TYPE 0x00000001
58
59 #define SECTION_HDR_SIZE 8
60 #define CONTAINER_HDR_SZ 12
61
62 struct equiv_cpu_entry {
63 u32 installed_cpu;
64 u32 fixed_errata_mask;
65 u32 fixed_errata_compare;
66 u16 equiv_cpu;
67 u16 res;
68 } __packed;
69
70 struct microcode_header_amd {
71 u32 data_code;
72 u32 patch_id;
73 u16 mc_patch_data_id;
74 u8 mc_patch_data_len;
75 u8 init_flag;
76 u32 mc_patch_data_checksum;
77 u32 nb_dev_id;
78 u32 sb_dev_id;
79 u16 processor_rev_id;
80 u8 nb_rev_id;
81 u8 sb_rev_id;
82 u8 bios_api_rev;
83 u8 reserved1[3];
84 u32 match_reg[8];
85 } __packed;
86
87 struct microcode_amd {
88 struct microcode_header_amd hdr;
89 unsigned int mpb[];
90 };
91
92 #define PATCH_MAX_SIZE (3 * PAGE_SIZE)
93
94 static struct equiv_cpu_table {
95 unsigned int num_entries;
96 struct equiv_cpu_entry *entry;
97 } equiv_table;
98
99 union zen_patch_rev {
100 struct {
101 __u32 rev : 8,
102 stepping : 4,
103 model : 4,
104 __reserved : 4,
105 ext_model : 4,
106 ext_fam : 8;
107 };
108 __u32 ucode_rev;
109 };
110
111 union cpuid_1_eax {
112 struct {
113 __u32 stepping : 4,
114 model : 4,
115 family : 4,
116 __reserved0 : 4,
117 ext_model : 4,
118 ext_fam : 8,
119 __reserved1 : 4;
120 };
121 __u32 full;
122 };
123
124 /*
125 * This points to the current valid container of microcode patches which we will
126 * save from the initrd/builtin before jettisoning its contents. @mc is the
127 * microcode patch we found to match.
128 */
129 struct cont_desc {
130 struct microcode_amd *mc;
131 u32 psize;
132 u8 *data;
133 size_t size;
134 };
135
136 /*
137 * Microcode patch container file is prepended to the initrd in cpio
138 * format. See Documentation/arch/x86/microcode.rst
139 */
140 static const char
141 ucode_path[] __maybe_unused = "kernel/x86/microcode/AuthenticAMD.bin";
142
143 /*
144 * This is CPUID(1).EAX on the BSP. It is used in two ways:
145 *
146 * 1. To ignore the equivalence table on Zen1 and newer.
147 *
148 * 2. To match which patches to load because the patch revision ID
149 * already contains the f/m/s for which the microcode is destined
150 * for.
151 */
152 static u32 bsp_cpuid_1_eax __ro_after_init;
153
154 static bool sha_check = true;
155
156 struct patch_digest {
157 u32 patch_id;
158 u8 sha256[SHA256_DIGEST_SIZE];
159 };
160
161 #include "amd_shas.c"
162
cmp_id(const void * key,const void * elem)163 static int cmp_id(const void *key, const void *elem)
164 {
165 struct patch_digest *pd = (struct patch_digest *)elem;
166 u32 patch_id = *(u32 *)key;
167
168 if (patch_id == pd->patch_id)
169 return 0;
170 else if (patch_id < pd->patch_id)
171 return -1;
172 else
173 return 1;
174 }
175
need_sha_check(u32 cur_rev)176 static bool need_sha_check(u32 cur_rev)
177 {
178 switch (cur_rev >> 8) {
179 case 0x80012: return cur_rev <= 0x800126f; break;
180 case 0x80082: return cur_rev <= 0x800820f; break;
181 case 0x83010: return cur_rev <= 0x830107c; break;
182 case 0x86001: return cur_rev <= 0x860010e; break;
183 case 0x86081: return cur_rev <= 0x8608108; break;
184 case 0x87010: return cur_rev <= 0x8701034; break;
185 case 0x8a000: return cur_rev <= 0x8a0000a; break;
186 case 0xa0010: return cur_rev <= 0xa00107a; break;
187 case 0xa0011: return cur_rev <= 0xa0011da; break;
188 case 0xa0012: return cur_rev <= 0xa001243; break;
189 case 0xa0082: return cur_rev <= 0xa00820e; break;
190 case 0xa1011: return cur_rev <= 0xa101153; break;
191 case 0xa1012: return cur_rev <= 0xa10124e; break;
192 case 0xa1081: return cur_rev <= 0xa108109; break;
193 case 0xa2010: return cur_rev <= 0xa20102f; break;
194 case 0xa2012: return cur_rev <= 0xa201212; break;
195 case 0xa4041: return cur_rev <= 0xa404109; break;
196 case 0xa5000: return cur_rev <= 0xa500013; break;
197 case 0xa6012: return cur_rev <= 0xa60120a; break;
198 case 0xa7041: return cur_rev <= 0xa704109; break;
199 case 0xa7052: return cur_rev <= 0xa705208; break;
200 case 0xa7080: return cur_rev <= 0xa708009; break;
201 case 0xa70c0: return cur_rev <= 0xa70C009; break;
202 case 0xaa001: return cur_rev <= 0xaa00116; break;
203 case 0xaa002: return cur_rev <= 0xaa00218; break;
204 default: break;
205 }
206
207 pr_info("You should not be seeing this. Please send the following couple of lines to x86-<at>-kernel.org\n");
208 pr_info("CPUID(1).EAX: 0x%x, current revision: 0x%x\n", bsp_cpuid_1_eax, cur_rev);
209 return true;
210 }
211
verify_sha256_digest(u32 patch_id,u32 cur_rev,const u8 * data,unsigned int len)212 static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsigned int len)
213 {
214 struct patch_digest *pd = NULL;
215 u8 digest[SHA256_DIGEST_SIZE];
216 struct sha256_state s;
217 int i;
218
219 if (x86_family(bsp_cpuid_1_eax) < 0x17 ||
220 x86_family(bsp_cpuid_1_eax) > 0x19)
221 return true;
222
223 if (!need_sha_check(cur_rev))
224 return true;
225
226 if (!sha_check)
227 return true;
228
229 pd = bsearch(&patch_id, phashes, ARRAY_SIZE(phashes), sizeof(struct patch_digest), cmp_id);
230 if (!pd) {
231 pr_err("No sha256 digest for patch ID: 0x%x found\n", patch_id);
232 return false;
233 }
234
235 sha256_init(&s);
236 sha256_update(&s, data, len);
237 sha256_final(&s, digest);
238
239 if (memcmp(digest, pd->sha256, sizeof(digest))) {
240 pr_err("Patch 0x%x SHA256 digest mismatch!\n", patch_id);
241
242 for (i = 0; i < SHA256_DIGEST_SIZE; i++)
243 pr_cont("0x%x ", digest[i]);
244 pr_info("\n");
245
246 return false;
247 }
248
249 return true;
250 }
251
get_patch_level(void)252 static u32 get_patch_level(void)
253 {
254 u32 rev, dummy __always_unused;
255
256 native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
257
258 return rev;
259 }
260
ucode_rev_to_cpuid(unsigned int val)261 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
262 {
263 union zen_patch_rev p;
264 union cpuid_1_eax c;
265
266 p.ucode_rev = val;
267 c.full = 0;
268
269 c.stepping = p.stepping;
270 c.model = p.model;
271 c.ext_model = p.ext_model;
272 c.family = 0xf;
273 c.ext_fam = p.ext_fam;
274
275 return c;
276 }
277
find_equiv_id(struct equiv_cpu_table * et,u32 sig)278 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig)
279 {
280 unsigned int i;
281
282 /* Zen and newer do not need an equivalence table. */
283 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
284 return 0;
285
286 if (!et || !et->num_entries)
287 return 0;
288
289 for (i = 0; i < et->num_entries; i++) {
290 struct equiv_cpu_entry *e = &et->entry[i];
291
292 if (sig == e->installed_cpu)
293 return e->equiv_cpu;
294 }
295 return 0;
296 }
297
298 /*
299 * Check whether there is a valid microcode container file at the beginning
300 * of @buf of size @buf_size.
301 */
verify_container(const u8 * buf,size_t buf_size)302 static bool verify_container(const u8 *buf, size_t buf_size)
303 {
304 u32 cont_magic;
305
306 if (buf_size <= CONTAINER_HDR_SZ) {
307 pr_debug("Truncated microcode container header.\n");
308 return false;
309 }
310
311 cont_magic = *(const u32 *)buf;
312 if (cont_magic != UCODE_MAGIC) {
313 pr_debug("Invalid magic value (0x%08x).\n", cont_magic);
314 return false;
315 }
316
317 return true;
318 }
319
320 /*
321 * Check whether there is a valid, non-truncated CPU equivalence table at the
322 * beginning of @buf of size @buf_size.
323 */
verify_equivalence_table(const u8 * buf,size_t buf_size)324 static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
325 {
326 const u32 *hdr = (const u32 *)buf;
327 u32 cont_type, equiv_tbl_len;
328
329 if (!verify_container(buf, buf_size))
330 return false;
331
332 /* Zen and newer do not need an equivalence table. */
333 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
334 return true;
335
336 cont_type = hdr[1];
337 if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
338 pr_debug("Wrong microcode container equivalence table type: %u.\n",
339 cont_type);
340 return false;
341 }
342
343 buf_size -= CONTAINER_HDR_SZ;
344
345 equiv_tbl_len = hdr[2];
346 if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
347 buf_size < equiv_tbl_len) {
348 pr_debug("Truncated equivalence table.\n");
349 return false;
350 }
351
352 return true;
353 }
354
355 /*
356 * Check whether there is a valid, non-truncated microcode patch section at the
357 * beginning of @buf of size @buf_size.
358 *
359 * On success, @sh_psize returns the patch size according to the section header,
360 * to the caller.
361 */
362 static bool
__verify_patch_section(const u8 * buf,size_t buf_size,u32 * sh_psize)363 __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize)
364 {
365 u32 p_type, p_size;
366 const u32 *hdr;
367
368 if (buf_size < SECTION_HDR_SIZE) {
369 pr_debug("Truncated patch section.\n");
370 return false;
371 }
372
373 hdr = (const u32 *)buf;
374 p_type = hdr[0];
375 p_size = hdr[1];
376
377 if (p_type != UCODE_UCODE_TYPE) {
378 pr_debug("Invalid type field (0x%x) in container file section header.\n",
379 p_type);
380 return false;
381 }
382
383 if (p_size < sizeof(struct microcode_header_amd)) {
384 pr_debug("Patch of size %u too short.\n", p_size);
385 return false;
386 }
387
388 *sh_psize = p_size;
389
390 return true;
391 }
392
393 /*
394 * Check whether the passed remaining file @buf_size is large enough to contain
395 * a patch of the indicated @sh_psize (and also whether this size does not
396 * exceed the per-family maximum). @sh_psize is the size read from the section
397 * header.
398 */
__verify_patch_size(u32 sh_psize,size_t buf_size)399 static bool __verify_patch_size(u32 sh_psize, size_t buf_size)
400 {
401 u8 family = x86_family(bsp_cpuid_1_eax);
402 u32 max_size;
403
404 if (family >= 0x15)
405 goto ret;
406
407 #define F1XH_MPB_MAX_SIZE 2048
408 #define F14H_MPB_MAX_SIZE 1824
409
410 switch (family) {
411 case 0x10 ... 0x12:
412 max_size = F1XH_MPB_MAX_SIZE;
413 break;
414 case 0x14:
415 max_size = F14H_MPB_MAX_SIZE;
416 break;
417 default:
418 WARN(1, "%s: WTF family: 0x%x\n", __func__, family);
419 return false;
420 }
421
422 if (sh_psize > max_size)
423 return false;
424
425 ret:
426 /* Working with the whole buffer so < is ok. */
427 return sh_psize <= buf_size;
428 }
429
430 /*
431 * Verify the patch in @buf.
432 *
433 * Returns:
434 * negative: on error
435 * positive: patch is not for this family, skip it
436 * 0: success
437 */
verify_patch(const u8 * buf,size_t buf_size,u32 * patch_size)438 static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
439 {
440 u8 family = x86_family(bsp_cpuid_1_eax);
441 struct microcode_header_amd *mc_hdr;
442 u32 sh_psize;
443 u16 proc_id;
444 u8 patch_fam;
445
446 if (!__verify_patch_section(buf, buf_size, &sh_psize))
447 return -1;
448
449 /*
450 * The section header length is not included in this indicated size
451 * but is present in the leftover file length so we need to subtract
452 * it before passing this value to the function below.
453 */
454 buf_size -= SECTION_HDR_SIZE;
455
456 /*
457 * Check if the remaining buffer is big enough to contain a patch of
458 * size sh_psize, as the section claims.
459 */
460 if (buf_size < sh_psize) {
461 pr_debug("Patch of size %u truncated.\n", sh_psize);
462 return -1;
463 }
464
465 if (!__verify_patch_size(sh_psize, buf_size)) {
466 pr_debug("Per-family patch size mismatch.\n");
467 return -1;
468 }
469
470 *patch_size = sh_psize;
471
472 mc_hdr = (struct microcode_header_amd *)(buf + SECTION_HDR_SIZE);
473 if (mc_hdr->nb_dev_id || mc_hdr->sb_dev_id) {
474 pr_err("Patch-ID 0x%08x: chipset-specific code unsupported.\n", mc_hdr->patch_id);
475 return -1;
476 }
477
478 proc_id = mc_hdr->processor_rev_id;
479 patch_fam = 0xf + (proc_id >> 12);
480 if (patch_fam != family)
481 return 1;
482
483 return 0;
484 }
485
mc_patch_matches(struct microcode_amd * mc,u16 eq_id)486 static bool mc_patch_matches(struct microcode_amd *mc, u16 eq_id)
487 {
488 /* Zen and newer do not need an equivalence table. */
489 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
490 return ucode_rev_to_cpuid(mc->hdr.patch_id).full == bsp_cpuid_1_eax;
491 else
492 return eq_id == mc->hdr.processor_rev_id;
493 }
494
495 /*
496 * This scans the ucode blob for the proper container as we can have multiple
497 * containers glued together. Returns the equivalence ID from the equivalence
498 * table or 0 if none found.
499 * Returns the amount of bytes consumed while scanning. @desc contains all the
500 * data we're going to use in later stages of the application.
501 */
parse_container(u8 * ucode,size_t size,struct cont_desc * desc)502 static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc)
503 {
504 struct equiv_cpu_table table;
505 size_t orig_size = size;
506 u32 *hdr = (u32 *)ucode;
507 u16 eq_id;
508 u8 *buf;
509
510 if (!verify_equivalence_table(ucode, size))
511 return 0;
512
513 buf = ucode;
514
515 table.entry = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ);
516 table.num_entries = hdr[2] / sizeof(struct equiv_cpu_entry);
517
518 /*
519 * Find the equivalence ID of our CPU in this table. Even if this table
520 * doesn't contain a patch for the CPU, scan through the whole container
521 * so that it can be skipped in case there are other containers appended.
522 */
523 eq_id = find_equiv_id(&table, bsp_cpuid_1_eax);
524
525 buf += hdr[2] + CONTAINER_HDR_SZ;
526 size -= hdr[2] + CONTAINER_HDR_SZ;
527
528 /*
529 * Scan through the rest of the container to find where it ends. We do
530 * some basic sanity-checking too.
531 */
532 while (size > 0) {
533 struct microcode_amd *mc;
534 u32 patch_size;
535 int ret;
536
537 ret = verify_patch(buf, size, &patch_size);
538 if (ret < 0) {
539 /*
540 * Patch verification failed, skip to the next container, if
541 * there is one. Before exit, check whether that container has
542 * found a patch already. If so, use it.
543 */
544 goto out;
545 } else if (ret > 0) {
546 goto skip;
547 }
548
549 mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE);
550 if (mc_patch_matches(mc, eq_id)) {
551 desc->psize = patch_size;
552 desc->mc = mc;
553 }
554
555 skip:
556 /* Skip patch section header too: */
557 buf += patch_size + SECTION_HDR_SIZE;
558 size -= patch_size + SECTION_HDR_SIZE;
559 }
560
561 out:
562 /*
563 * If we have found a patch (desc->mc), it means we're looking at the
564 * container which has a patch for this CPU so return 0 to mean, @ucode
565 * already points to the proper container. Otherwise, we return the size
566 * we scanned so that we can advance to the next container in the
567 * buffer.
568 */
569 if (desc->mc) {
570 desc->data = ucode;
571 desc->size = orig_size - size;
572
573 return 0;
574 }
575
576 return orig_size - size;
577 }
578
579 /*
580 * Scan the ucode blob for the proper container as we can have multiple
581 * containers glued together.
582 */
scan_containers(u8 * ucode,size_t size,struct cont_desc * desc)583 static void scan_containers(u8 *ucode, size_t size, struct cont_desc *desc)
584 {
585 while (size) {
586 size_t s = parse_container(ucode, size, desc);
587 if (!s)
588 return;
589
590 /* catch wraparound */
591 if (size >= s) {
592 ucode += s;
593 size -= s;
594 } else {
595 return;
596 }
597 }
598 }
599
__apply_microcode_amd(struct microcode_amd * mc,u32 * cur_rev,unsigned int psize)600 static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev,
601 unsigned int psize)
602 {
603 unsigned long p_addr = (unsigned long)&mc->hdr.data_code;
604
605 if (!verify_sha256_digest(mc->hdr.patch_id, *cur_rev, (const u8 *)p_addr, psize))
606 return -1;
607
608 native_wrmsrl(MSR_AMD64_PATCH_LOADER, p_addr);
609
610 if (x86_family(bsp_cpuid_1_eax) == 0x17) {
611 unsigned long p_addr_end = p_addr + psize - 1;
612
613 invlpg(p_addr);
614
615 /*
616 * Flush next page too if patch image is crossing a page
617 * boundary.
618 */
619 if (p_addr >> PAGE_SHIFT != p_addr_end >> PAGE_SHIFT)
620 invlpg(p_addr_end);
621 }
622
623 /* verify patch application was successful */
624 *cur_rev = get_patch_level();
625 if (*cur_rev != mc->hdr.patch_id)
626 return false;
627
628 return true;
629 }
630
631
get_builtin_microcode(struct cpio_data * cp)632 static bool get_builtin_microcode(struct cpio_data *cp)
633 {
634 char fw_name[36] = "amd-ucode/microcode_amd.bin";
635 u8 family = x86_family(bsp_cpuid_1_eax);
636 struct firmware fw;
637
638 if (IS_ENABLED(CONFIG_X86_32))
639 return false;
640
641 if (family >= 0x15)
642 snprintf(fw_name, sizeof(fw_name),
643 "amd-ucode/microcode_amd_fam%.2xh.bin", family);
644
645 if (firmware_request_builtin(&fw, fw_name)) {
646 cp->size = fw.size;
647 cp->data = (void *)fw.data;
648 return true;
649 }
650
651 return false;
652 }
653
find_blobs_in_containers(struct cpio_data * ret)654 static bool __init find_blobs_in_containers(struct cpio_data *ret)
655 {
656 struct cpio_data cp;
657 bool found;
658
659 if (!get_builtin_microcode(&cp))
660 cp = find_microcode_in_initrd(ucode_path);
661
662 found = cp.data && cp.size;
663 if (found)
664 *ret = cp;
665
666 return found;
667 }
668
669 /*
670 * Early load occurs before we can vmalloc(). So we look for the microcode
671 * patch container file in initrd, traverse equivalent cpu table, look for a
672 * matching microcode patch, and update, all in initrd memory in place.
673 * When vmalloc() is available for use later -- on 64-bit during first AP load,
674 * and on 32-bit during save_microcode_in_initrd() -- we can call
675 * load_microcode_amd() to save equivalent cpu table and microcode patches in
676 * kernel heap memory.
677 */
load_ucode_amd_bsp(struct early_load_data * ed,unsigned int cpuid_1_eax)678 void __init load_ucode_amd_bsp(struct early_load_data *ed, unsigned int cpuid_1_eax)
679 {
680 struct cont_desc desc = { };
681 struct microcode_amd *mc;
682 struct cpio_data cp = { };
683 char buf[4];
684 u32 rev;
685
686 if (cmdline_find_option(boot_command_line, "microcode.amd_sha_check", buf, 4)) {
687 if (!strncmp(buf, "off", 3)) {
688 sha_check = false;
689 pr_warn_once("It is a very very bad idea to disable the blobs SHA check!\n");
690 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
691 }
692 }
693
694 bsp_cpuid_1_eax = cpuid_1_eax;
695
696 rev = get_patch_level();
697 ed->old_rev = rev;
698
699 /* Needed in load_microcode_amd() */
700 ucode_cpu_info[0].cpu_sig.sig = cpuid_1_eax;
701
702 if (!find_blobs_in_containers(&cp))
703 return;
704
705 scan_containers(cp.data, cp.size, &desc);
706
707 mc = desc.mc;
708 if (!mc)
709 return;
710
711 /*
712 * Allow application of the same revision to pick up SMT-specific
713 * changes even if the revision of the other SMT thread is already
714 * up-to-date.
715 */
716 if (ed->old_rev > mc->hdr.patch_id)
717 return;
718
719 if (__apply_microcode_amd(mc, &rev, desc.psize))
720 ed->new_rev = rev;
721 }
722
patch_cpus_equivalent(struct ucode_patch * p,struct ucode_patch * n,bool ignore_stepping)723 static inline bool patch_cpus_equivalent(struct ucode_patch *p,
724 struct ucode_patch *n,
725 bool ignore_stepping)
726 {
727 /* Zen and newer hardcode the f/m/s in the patch ID */
728 if (x86_family(bsp_cpuid_1_eax) >= 0x17) {
729 union cpuid_1_eax p_cid = ucode_rev_to_cpuid(p->patch_id);
730 union cpuid_1_eax n_cid = ucode_rev_to_cpuid(n->patch_id);
731
732 if (ignore_stepping) {
733 p_cid.stepping = 0;
734 n_cid.stepping = 0;
735 }
736
737 return p_cid.full == n_cid.full;
738 } else {
739 return p->equiv_cpu == n->equiv_cpu;
740 }
741 }
742
743 /*
744 * a small, trivial cache of per-family ucode patches
745 */
cache_find_patch(struct ucode_cpu_info * uci,u16 equiv_cpu)746 static struct ucode_patch *cache_find_patch(struct ucode_cpu_info *uci, u16 equiv_cpu)
747 {
748 struct ucode_patch *p;
749 struct ucode_patch n;
750
751 n.equiv_cpu = equiv_cpu;
752 n.patch_id = uci->cpu_sig.rev;
753
754 WARN_ON_ONCE(!n.patch_id);
755
756 list_for_each_entry(p, µcode_cache, plist)
757 if (patch_cpus_equivalent(p, &n, false))
758 return p;
759
760 return NULL;
761 }
762
patch_newer(struct ucode_patch * p,struct ucode_patch * n)763 static inline int patch_newer(struct ucode_patch *p, struct ucode_patch *n)
764 {
765 /* Zen and newer hardcode the f/m/s in the patch ID */
766 if (x86_family(bsp_cpuid_1_eax) >= 0x17) {
767 union zen_patch_rev zp, zn;
768
769 zp.ucode_rev = p->patch_id;
770 zn.ucode_rev = n->patch_id;
771
772 if (zn.stepping != zp.stepping)
773 return -1;
774
775 return zn.rev > zp.rev;
776 } else {
777 return n->patch_id > p->patch_id;
778 }
779 }
780
update_cache(struct ucode_patch * new_patch)781 static void update_cache(struct ucode_patch *new_patch)
782 {
783 struct ucode_patch *p;
784 int ret;
785
786 list_for_each_entry(p, µcode_cache, plist) {
787 if (patch_cpus_equivalent(p, new_patch, true)) {
788 ret = patch_newer(p, new_patch);
789 if (ret < 0)
790 continue;
791 else if (!ret) {
792 /* we already have the latest patch */
793 kfree(new_patch->data);
794 kfree(new_patch);
795 return;
796 }
797
798 list_replace(&p->plist, &new_patch->plist);
799 kfree(p->data);
800 kfree(p);
801 return;
802 }
803 }
804 /* no patch found, add it */
805 list_add_tail(&new_patch->plist, µcode_cache);
806 }
807
free_cache(void)808 static void free_cache(void)
809 {
810 struct ucode_patch *p, *tmp;
811
812 list_for_each_entry_safe(p, tmp, µcode_cache, plist) {
813 __list_del(p->plist.prev, p->plist.next);
814 kfree(p->data);
815 kfree(p);
816 }
817 }
818
find_patch(unsigned int cpu)819 static struct ucode_patch *find_patch(unsigned int cpu)
820 {
821 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
822 u16 equiv_id = 0;
823
824 uci->cpu_sig.rev = get_patch_level();
825
826 if (x86_family(bsp_cpuid_1_eax) < 0x17) {
827 equiv_id = find_equiv_id(&equiv_table, uci->cpu_sig.sig);
828 if (!equiv_id)
829 return NULL;
830 }
831
832 return cache_find_patch(uci, equiv_id);
833 }
834
reload_ucode_amd(unsigned int cpu)835 void reload_ucode_amd(unsigned int cpu)
836 {
837 u32 rev, dummy __always_unused;
838 struct microcode_amd *mc;
839 struct ucode_patch *p;
840
841 p = find_patch(cpu);
842 if (!p)
843 return;
844
845 mc = p->data;
846
847 rev = get_patch_level();
848 if (rev < mc->hdr.patch_id) {
849 if (__apply_microcode_amd(mc, &rev, p->size))
850 pr_info_once("reload revision: 0x%08x\n", rev);
851 }
852 }
853
collect_cpu_info_amd(int cpu,struct cpu_signature * csig)854 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
855 {
856 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
857 struct ucode_patch *p;
858
859 csig->sig = cpuid_eax(0x00000001);
860 csig->rev = get_patch_level();
861
862 /*
863 * a patch could have been loaded early, set uci->mc so that
864 * mc_bp_resume() can call apply_microcode()
865 */
866 p = find_patch(cpu);
867 if (p && (p->patch_id == csig->rev))
868 uci->mc = p->data;
869
870 return 0;
871 }
872
apply_microcode_amd(int cpu)873 static enum ucode_state apply_microcode_amd(int cpu)
874 {
875 struct cpuinfo_x86 *c = &cpu_data(cpu);
876 struct microcode_amd *mc_amd;
877 struct ucode_cpu_info *uci;
878 struct ucode_patch *p;
879 enum ucode_state ret;
880 u32 rev;
881
882 BUG_ON(raw_smp_processor_id() != cpu);
883
884 uci = ucode_cpu_info + cpu;
885
886 p = find_patch(cpu);
887 if (!p)
888 return UCODE_NFOUND;
889
890 rev = uci->cpu_sig.rev;
891
892 mc_amd = p->data;
893 uci->mc = p->data;
894
895 /* need to apply patch? */
896 if (rev > mc_amd->hdr.patch_id) {
897 ret = UCODE_OK;
898 goto out;
899 }
900
901 if (!__apply_microcode_amd(mc_amd, &rev, p->size)) {
902 pr_err("CPU%d: update failed for patch_level=0x%08x\n",
903 cpu, mc_amd->hdr.patch_id);
904 return UCODE_ERROR;
905 }
906
907 rev = mc_amd->hdr.patch_id;
908 ret = UCODE_UPDATED;
909
910 out:
911 uci->cpu_sig.rev = rev;
912 c->microcode = rev;
913
914 /* Update boot_cpu_data's revision too, if we're on the BSP: */
915 if (c->cpu_index == boot_cpu_data.cpu_index)
916 boot_cpu_data.microcode = rev;
917
918 return ret;
919 }
920
load_ucode_amd_ap(unsigned int cpuid_1_eax)921 void load_ucode_amd_ap(unsigned int cpuid_1_eax)
922 {
923 unsigned int cpu = smp_processor_id();
924
925 ucode_cpu_info[cpu].cpu_sig.sig = cpuid_1_eax;
926 apply_microcode_amd(cpu);
927 }
928
install_equiv_cpu_table(const u8 * buf,size_t buf_size)929 static size_t install_equiv_cpu_table(const u8 *buf, size_t buf_size)
930 {
931 u32 equiv_tbl_len;
932 const u32 *hdr;
933
934 if (!verify_equivalence_table(buf, buf_size))
935 return 0;
936
937 hdr = (const u32 *)buf;
938 equiv_tbl_len = hdr[2];
939
940 /* Zen and newer do not need an equivalence table. */
941 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
942 goto out;
943
944 equiv_table.entry = vmalloc(equiv_tbl_len);
945 if (!equiv_table.entry) {
946 pr_err("failed to allocate equivalent CPU table\n");
947 return 0;
948 }
949
950 memcpy(equiv_table.entry, buf + CONTAINER_HDR_SZ, equiv_tbl_len);
951 equiv_table.num_entries = equiv_tbl_len / sizeof(struct equiv_cpu_entry);
952
953 out:
954 /* add header length */
955 return equiv_tbl_len + CONTAINER_HDR_SZ;
956 }
957
free_equiv_cpu_table(void)958 static void free_equiv_cpu_table(void)
959 {
960 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
961 return;
962
963 vfree(equiv_table.entry);
964 memset(&equiv_table, 0, sizeof(equiv_table));
965 }
966
cleanup(void)967 static void cleanup(void)
968 {
969 free_equiv_cpu_table();
970 free_cache();
971 }
972
973 /*
974 * Return a non-negative value even if some of the checks failed so that
975 * we can skip over the next patch. If we return a negative value, we
976 * signal a grave error like a memory allocation has failed and the
977 * driver cannot continue functioning normally. In such cases, we tear
978 * down everything we've used up so far and exit.
979 */
verify_and_add_patch(u8 family,u8 * fw,unsigned int leftover,unsigned int * patch_size)980 static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
981 unsigned int *patch_size)
982 {
983 struct microcode_header_amd *mc_hdr;
984 struct ucode_patch *patch;
985 u16 proc_id;
986 int ret;
987
988 ret = verify_patch(fw, leftover, patch_size);
989 if (ret)
990 return ret;
991
992 patch = kzalloc(sizeof(*patch), GFP_KERNEL);
993 if (!patch) {
994 pr_err("Patch allocation failure.\n");
995 return -EINVAL;
996 }
997
998 patch->data = kmemdup(fw + SECTION_HDR_SIZE, *patch_size, GFP_KERNEL);
999 if (!patch->data) {
1000 pr_err("Patch data allocation failure.\n");
1001 kfree(patch);
1002 return -EINVAL;
1003 }
1004 patch->size = *patch_size;
1005
1006 mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE);
1007 proc_id = mc_hdr->processor_rev_id;
1008
1009 INIT_LIST_HEAD(&patch->plist);
1010 patch->patch_id = mc_hdr->patch_id;
1011 patch->equiv_cpu = proc_id;
1012
1013 pr_debug("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
1014 __func__, patch->patch_id, proc_id);
1015
1016 /* ... and add to cache. */
1017 update_cache(patch);
1018
1019 return 0;
1020 }
1021
1022 /* Scan the blob in @data and add microcode patches to the cache. */
__load_microcode_amd(u8 family,const u8 * data,size_t size)1023 static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, size_t size)
1024 {
1025 u8 *fw = (u8 *)data;
1026 size_t offset;
1027
1028 offset = install_equiv_cpu_table(data, size);
1029 if (!offset)
1030 return UCODE_ERROR;
1031
1032 fw += offset;
1033 size -= offset;
1034
1035 if (*(u32 *)fw != UCODE_UCODE_TYPE) {
1036 pr_err("invalid type field in container file section header\n");
1037 free_equiv_cpu_table();
1038 return UCODE_ERROR;
1039 }
1040
1041 while (size > 0) {
1042 unsigned int crnt_size = 0;
1043 int ret;
1044
1045 ret = verify_and_add_patch(family, fw, size, &crnt_size);
1046 if (ret < 0)
1047 return UCODE_ERROR;
1048
1049 fw += crnt_size + SECTION_HDR_SIZE;
1050 size -= (crnt_size + SECTION_HDR_SIZE);
1051 }
1052
1053 return UCODE_OK;
1054 }
1055
_load_microcode_amd(u8 family,const u8 * data,size_t size)1056 static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t size)
1057 {
1058 enum ucode_state ret;
1059
1060 /* free old equiv table */
1061 free_equiv_cpu_table();
1062
1063 ret = __load_microcode_amd(family, data, size);
1064 if (ret != UCODE_OK)
1065 cleanup();
1066
1067 return ret;
1068 }
1069
load_microcode_amd(u8 family,const u8 * data,size_t size)1070 static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size)
1071 {
1072 struct cpuinfo_x86 *c;
1073 unsigned int nid, cpu;
1074 struct ucode_patch *p;
1075 enum ucode_state ret;
1076
1077 ret = _load_microcode_amd(family, data, size);
1078 if (ret != UCODE_OK)
1079 return ret;
1080
1081 for_each_node(nid) {
1082 cpu = cpumask_first(cpumask_of_node(nid));
1083 c = &cpu_data(cpu);
1084
1085 p = find_patch(cpu);
1086 if (!p)
1087 continue;
1088
1089 if (c->microcode >= p->patch_id)
1090 continue;
1091
1092 ret = UCODE_NEW;
1093 }
1094
1095 return ret;
1096 }
1097
save_microcode_in_initrd(void)1098 static int __init save_microcode_in_initrd(void)
1099 {
1100 unsigned int cpuid_1_eax = native_cpuid_eax(1);
1101 struct cpuinfo_x86 *c = &boot_cpu_data;
1102 struct cont_desc desc = { 0 };
1103 enum ucode_state ret;
1104 struct cpio_data cp;
1105
1106 if (dis_ucode_ldr || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10)
1107 return 0;
1108
1109 if (!find_blobs_in_containers(&cp))
1110 return -EINVAL;
1111
1112 scan_containers(cp.data, cp.size, &desc);
1113 if (!desc.mc)
1114 return -EINVAL;
1115
1116 ret = _load_microcode_amd(x86_family(cpuid_1_eax), desc.data, desc.size);
1117 if (ret > UCODE_UPDATED)
1118 return -EINVAL;
1119
1120 return 0;
1121 }
1122 early_initcall(save_microcode_in_initrd);
1123
1124 /*
1125 * AMD microcode firmware naming convention, up to family 15h they are in
1126 * the legacy file:
1127 *
1128 * amd-ucode/microcode_amd.bin
1129 *
1130 * This legacy file is always smaller than 2K in size.
1131 *
1132 * Beginning with family 15h, they are in family-specific firmware files:
1133 *
1134 * amd-ucode/microcode_amd_fam15h.bin
1135 * amd-ucode/microcode_amd_fam16h.bin
1136 * ...
1137 *
1138 * These might be larger than 2K.
1139 */
request_microcode_amd(int cpu,struct device * device)1140 static enum ucode_state request_microcode_amd(int cpu, struct device *device)
1141 {
1142 char fw_name[36] = "amd-ucode/microcode_amd.bin";
1143 struct cpuinfo_x86 *c = &cpu_data(cpu);
1144 enum ucode_state ret = UCODE_NFOUND;
1145 const struct firmware *fw;
1146
1147 if (force_minrev)
1148 return UCODE_NFOUND;
1149
1150 if (c->x86 >= 0x15)
1151 snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
1152
1153 if (request_firmware_direct(&fw, (const char *)fw_name, device)) {
1154 pr_debug("failed to load file %s\n", fw_name);
1155 goto out;
1156 }
1157
1158 ret = UCODE_ERROR;
1159 if (!verify_container(fw->data, fw->size))
1160 goto fw_release;
1161
1162 ret = load_microcode_amd(c->x86, fw->data, fw->size);
1163
1164 fw_release:
1165 release_firmware(fw);
1166
1167 out:
1168 return ret;
1169 }
1170
microcode_fini_cpu_amd(int cpu)1171 static void microcode_fini_cpu_amd(int cpu)
1172 {
1173 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
1174
1175 uci->mc = NULL;
1176 }
1177
1178 static struct microcode_ops microcode_amd_ops = {
1179 .request_microcode_fw = request_microcode_amd,
1180 .collect_cpu_info = collect_cpu_info_amd,
1181 .apply_microcode = apply_microcode_amd,
1182 .microcode_fini_cpu = microcode_fini_cpu_amd,
1183 .nmi_safe = true,
1184 };
1185
init_amd_microcode(void)1186 struct microcode_ops * __init init_amd_microcode(void)
1187 {
1188 struct cpuinfo_x86 *c = &boot_cpu_data;
1189
1190 if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) {
1191 pr_warn("AMD CPU family 0x%x not supported\n", c->x86);
1192 return NULL;
1193 }
1194 return µcode_amd_ops;
1195 }
1196
exit_amd_microcode(void)1197 void __exit exit_amd_microcode(void)
1198 {
1199 cleanup();
1200 }
1201