xref: /openbmc/linux/arch/x86/kernel/cpu/microcode/core.c (revision c496daeb863093a046e0bb8db7265bf45d91775a)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * CPU Microcode Update Driver for Linux
4  *
5  * Copyright (C) 2000-2006 Tigran Aivazian <aivazian.tigran@gmail.com>
6  *	      2006	Shaohua Li <shaohua.li@intel.com>
7  *	      2013-2016	Borislav Petkov <bp@alien8.de>
8  *
9  * X86 CPU microcode early update for Linux:
10  *
11  *	Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com>
12  *			   H Peter Anvin" <hpa@zytor.com>
13  *		  (C) 2015 Borislav Petkov <bp@alien8.de>
14  *
15  * This driver allows to upgrade microcode on x86 processors.
16  */
17 
18 #define pr_fmt(fmt) "microcode: " fmt
19 
20 #include <linux/platform_device.h>
21 #include <linux/stop_machine.h>
22 #include <linux/syscore_ops.h>
23 #include <linux/miscdevice.h>
24 #include <linux/capability.h>
25 #include <linux/firmware.h>
26 #include <linux/kernel.h>
27 #include <linux/delay.h>
28 #include <linux/mutex.h>
29 #include <linux/cpu.h>
30 #include <linux/nmi.h>
31 #include <linux/fs.h>
32 #include <linux/mm.h>
33 
34 #include <asm/microcode_intel.h>
35 #include <asm/cpu_device_id.h>
36 #include <asm/microcode_amd.h>
37 #include <asm/perf_event.h>
38 #include <asm/microcode.h>
39 #include <asm/processor.h>
40 #include <asm/cmdline.h>
41 #include <asm/setup.h>
42 
43 #define DRIVER_VERSION	"2.2"
44 
45 static struct microcode_ops	*microcode_ops;
46 static bool dis_ucode_ldr = true;
47 
48 bool initrd_gone;
49 
50 LIST_HEAD(microcode_cache);
51 
52 /*
53  * Synchronization.
54  *
55  * All non cpu-hotplug-callback call sites use:
56  *
57  * - microcode_mutex to synchronize with each other;
58  * - cpus_read_lock/unlock() to synchronize with
59  *   the cpu-hotplug-callback call sites.
60  *
61  * We guarantee that only a single cpu is being
62  * updated at any particular moment of time.
63  */
64 static DEFINE_MUTEX(microcode_mutex);
65 
66 struct ucode_cpu_info		ucode_cpu_info[NR_CPUS];
67 
68 struct cpu_info_ctx {
69 	struct cpu_signature	*cpu_sig;
70 	int			err;
71 };
72 
73 /*
74  * Those patch levels cannot be updated to newer ones and thus should be final.
75  */
76 static u32 final_levels[] = {
77 	0x01000098,
78 	0x0100009f,
79 	0x010000af,
80 	0, /* T-101 terminator */
81 };
82 
83 /*
84  * Check the current patch level on this CPU.
85  *
86  * Returns:
87  *  - true: if update should stop
88  *  - false: otherwise
89  */
90 static bool amd_check_current_patch_level(void)
91 {
92 	u32 lvl, dummy, i;
93 	u32 *levels;
94 
95 	native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
96 
97 	if (IS_ENABLED(CONFIG_X86_32))
98 		levels = (u32 *)__pa_nodebug(&final_levels);
99 	else
100 		levels = final_levels;
101 
102 	for (i = 0; levels[i]; i++) {
103 		if (lvl == levels[i])
104 			return true;
105 	}
106 	return false;
107 }
108 
109 static bool __init check_loader_disabled_bsp(void)
110 {
111 	static const char *__dis_opt_str = "dis_ucode_ldr";
112 
113 #ifdef CONFIG_X86_32
114 	const char *cmdline = (const char *)__pa_nodebug(boot_command_line);
115 	const char *option  = (const char *)__pa_nodebug(__dis_opt_str);
116 	bool *res = (bool *)__pa_nodebug(&dis_ucode_ldr);
117 
118 #else /* CONFIG_X86_64 */
119 	const char *cmdline = boot_command_line;
120 	const char *option  = __dis_opt_str;
121 	bool *res = &dis_ucode_ldr;
122 #endif
123 
124 	/*
125 	 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not
126 	 * completely accurate as xen pv guests don't see that CPUID bit set but
127 	 * that's good enough as they don't land on the BSP path anyway.
128 	 */
129 	if (native_cpuid_ecx(1) & BIT(31))
130 		return *res;
131 
132 	if (x86_cpuid_vendor() == X86_VENDOR_AMD) {
133 		if (amd_check_current_patch_level())
134 			return *res;
135 	}
136 
137 	if (cmdline_find_option_bool(cmdline, option) <= 0)
138 		*res = false;
139 
140 	return *res;
141 }
142 
143 void __init load_ucode_bsp(void)
144 {
145 	unsigned int cpuid_1_eax;
146 	bool intel = true;
147 
148 	if (!have_cpuid_p())
149 		return;
150 
151 	cpuid_1_eax = native_cpuid_eax(1);
152 
153 	switch (x86_cpuid_vendor()) {
154 	case X86_VENDOR_INTEL:
155 		if (x86_family(cpuid_1_eax) < 6)
156 			return;
157 		break;
158 
159 	case X86_VENDOR_AMD:
160 		if (x86_family(cpuid_1_eax) < 0x10)
161 			return;
162 		intel = false;
163 		break;
164 
165 	default:
166 		return;
167 	}
168 
169 	if (check_loader_disabled_bsp())
170 		return;
171 
172 	if (intel)
173 		load_ucode_intel_bsp();
174 	else
175 		load_ucode_amd_bsp(cpuid_1_eax);
176 }
177 
178 static bool check_loader_disabled_ap(void)
179 {
180 #ifdef CONFIG_X86_32
181 	return *((bool *)__pa_nodebug(&dis_ucode_ldr));
182 #else
183 	return dis_ucode_ldr;
184 #endif
185 }
186 
187 void load_ucode_ap(void)
188 {
189 	unsigned int cpuid_1_eax;
190 
191 	if (check_loader_disabled_ap())
192 		return;
193 
194 	cpuid_1_eax = native_cpuid_eax(1);
195 
196 	switch (x86_cpuid_vendor()) {
197 	case X86_VENDOR_INTEL:
198 		if (x86_family(cpuid_1_eax) >= 6)
199 			load_ucode_intel_ap();
200 		break;
201 	case X86_VENDOR_AMD:
202 		if (x86_family(cpuid_1_eax) >= 0x10)
203 			load_ucode_amd_ap(cpuid_1_eax);
204 		break;
205 	default:
206 		break;
207 	}
208 }
209 
210 static int __init save_microcode_in_initrd(void)
211 {
212 	struct cpuinfo_x86 *c = &boot_cpu_data;
213 	int ret = -EINVAL;
214 
215 	switch (c->x86_vendor) {
216 	case X86_VENDOR_INTEL:
217 		if (c->x86 >= 6)
218 			ret = save_microcode_in_initrd_intel();
219 		break;
220 	case X86_VENDOR_AMD:
221 		if (c->x86 >= 0x10)
222 			ret = save_microcode_in_initrd_amd(cpuid_eax(1));
223 		break;
224 	default:
225 		break;
226 	}
227 
228 	initrd_gone = true;
229 
230 	return ret;
231 }
232 
233 struct cpio_data find_microcode_in_initrd(const char *path, bool use_pa)
234 {
235 #ifdef CONFIG_BLK_DEV_INITRD
236 	unsigned long start = 0;
237 	size_t size;
238 
239 #ifdef CONFIG_X86_32
240 	struct boot_params *params;
241 
242 	if (use_pa)
243 		params = (struct boot_params *)__pa_nodebug(&boot_params);
244 	else
245 		params = &boot_params;
246 
247 	size = params->hdr.ramdisk_size;
248 
249 	/*
250 	 * Set start only if we have an initrd image. We cannot use initrd_start
251 	 * because it is not set that early yet.
252 	 */
253 	if (size)
254 		start = params->hdr.ramdisk_image;
255 
256 # else /* CONFIG_X86_64 */
257 	size  = (unsigned long)boot_params.ext_ramdisk_size << 32;
258 	size |= boot_params.hdr.ramdisk_size;
259 
260 	if (size) {
261 		start  = (unsigned long)boot_params.ext_ramdisk_image << 32;
262 		start |= boot_params.hdr.ramdisk_image;
263 
264 		start += PAGE_OFFSET;
265 	}
266 # endif
267 
268 	/*
269 	 * Fixup the start address: after reserve_initrd() runs, initrd_start
270 	 * has the virtual address of the beginning of the initrd. It also
271 	 * possibly relocates the ramdisk. In either case, initrd_start contains
272 	 * the updated address so use that instead.
273 	 *
274 	 * initrd_gone is for the hotplug case where we've thrown out initrd
275 	 * already.
276 	 */
277 	if (!use_pa) {
278 		if (initrd_gone)
279 			return (struct cpio_data){ NULL, 0, "" };
280 		if (initrd_start)
281 			start = initrd_start;
282 	} else {
283 		/*
284 		 * The picture with physical addresses is a bit different: we
285 		 * need to get the *physical* address to which the ramdisk was
286 		 * relocated, i.e., relocated_ramdisk (not initrd_start) and
287 		 * since we're running from physical addresses, we need to access
288 		 * relocated_ramdisk through its *physical* address too.
289 		 */
290 		u64 *rr = (u64 *)__pa_nodebug(&relocated_ramdisk);
291 		if (*rr)
292 			start = *rr;
293 	}
294 
295 	return find_cpio_data(path, (void *)start, size, NULL);
296 #else /* !CONFIG_BLK_DEV_INITRD */
297 	return (struct cpio_data){ NULL, 0, "" };
298 #endif
299 }
300 
301 void reload_early_microcode(unsigned int cpu)
302 {
303 	int vendor, family;
304 
305 	vendor = x86_cpuid_vendor();
306 	family = x86_cpuid_family();
307 
308 	switch (vendor) {
309 	case X86_VENDOR_INTEL:
310 		if (family >= 6)
311 			reload_ucode_intel();
312 		break;
313 	case X86_VENDOR_AMD:
314 		if (family >= 0x10)
315 			reload_ucode_amd(cpu);
316 		break;
317 	default:
318 		break;
319 	}
320 }
321 
322 /* fake device for request_firmware */
323 static struct platform_device	*microcode_pdev;
324 
325 #ifdef CONFIG_MICROCODE_LATE_LOADING
326 /*
327  * Late loading dance. Why the heavy-handed stomp_machine effort?
328  *
329  * - HT siblings must be idle and not execute other code while the other sibling
330  *   is loading microcode in order to avoid any negative interactions caused by
331  *   the loading.
332  *
333  * - In addition, microcode update on the cores must be serialized until this
334  *   requirement can be relaxed in the future. Right now, this is conservative
335  *   and good.
336  */
337 #define SPINUNIT 100 /* 100 nsec */
338 
339 static int check_online_cpus(void)
340 {
341 	unsigned int cpu;
342 
343 	/*
344 	 * Make sure all CPUs are online.  It's fine for SMT to be disabled if
345 	 * all the primary threads are still online.
346 	 */
347 	for_each_present_cpu(cpu) {
348 		if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) {
349 			pr_err("Not all CPUs online, aborting microcode update.\n");
350 			return -EINVAL;
351 		}
352 	}
353 
354 	return 0;
355 }
356 
357 static atomic_t late_cpus_in;
358 static atomic_t late_cpus_out;
359 
360 static int __wait_for_cpus(atomic_t *t, long long timeout)
361 {
362 	int all_cpus = num_online_cpus();
363 
364 	atomic_inc(t);
365 
366 	while (atomic_read(t) < all_cpus) {
367 		if (timeout < SPINUNIT) {
368 			pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n",
369 				all_cpus - atomic_read(t));
370 			return 1;
371 		}
372 
373 		ndelay(SPINUNIT);
374 		timeout -= SPINUNIT;
375 
376 		touch_nmi_watchdog();
377 	}
378 	return 0;
379 }
380 
381 /*
382  * Returns:
383  * < 0 - on error
384  *   0 - success (no update done or microcode was updated)
385  */
386 static int __reload_late(void *info)
387 {
388 	int cpu = smp_processor_id();
389 	enum ucode_state err;
390 	int ret = 0;
391 
392 	/*
393 	 * Wait for all CPUs to arrive. A load will not be attempted unless all
394 	 * CPUs show up.
395 	 * */
396 	if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC))
397 		return -1;
398 
399 	/*
400 	 * On an SMT system, it suffices to load the microcode on one sibling of
401 	 * the core because the microcode engine is shared between the threads.
402 	 * Synchronization still needs to take place so that no concurrent
403 	 * loading attempts happen on multiple threads of an SMT core. See
404 	 * below.
405 	 */
406 	if (cpumask_first(topology_sibling_cpumask(cpu)) == cpu)
407 		err = microcode_ops->apply_microcode(cpu);
408 	else
409 		goto wait_for_siblings;
410 
411 	if (err >= UCODE_NFOUND) {
412 		if (err == UCODE_ERROR) {
413 			pr_warn("Error reloading microcode on CPU %d\n", cpu);
414 			ret = -1;
415 		}
416 	}
417 
418 wait_for_siblings:
419 	if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC))
420 		panic("Timeout during microcode update!\n");
421 
422 	/*
423 	 * At least one thread has completed update on each core.
424 	 * For others, simply call the update to make sure the
425 	 * per-cpu cpuinfo can be updated with right microcode
426 	 * revision.
427 	 */
428 	if (cpumask_first(topology_sibling_cpumask(cpu)) != cpu)
429 		err = microcode_ops->apply_microcode(cpu);
430 
431 	return ret;
432 }
433 
434 /*
435  * Reload microcode late on all CPUs. Wait for a sec until they
436  * all gather together.
437  */
438 static int microcode_reload_late(void)
439 {
440 	int old = boot_cpu_data.microcode, ret;
441 	struct cpuinfo_x86 prev_info;
442 
443 	pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n");
444 	pr_err("You should switch to early loading, if possible.\n");
445 
446 	atomic_set(&late_cpus_in,  0);
447 	atomic_set(&late_cpus_out, 0);
448 
449 	/*
450 	 * Take a snapshot before the microcode update in order to compare and
451 	 * check whether any bits changed after an update.
452 	 */
453 	store_cpu_caps(&prev_info);
454 
455 	ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask);
456 	if (!ret) {
457 		pr_info("Reload succeeded, microcode revision: 0x%x -> 0x%x\n",
458 			old, boot_cpu_data.microcode);
459 		microcode_check(&prev_info);
460 	} else {
461 		pr_info("Reload failed, current microcode revision: 0x%x\n",
462 			boot_cpu_data.microcode);
463 	}
464 
465 	return ret;
466 }
467 
468 static ssize_t reload_store(struct device *dev,
469 			    struct device_attribute *attr,
470 			    const char *buf, size_t size)
471 {
472 	enum ucode_state tmp_ret = UCODE_OK;
473 	int bsp = boot_cpu_data.cpu_index;
474 	unsigned long val;
475 	ssize_t ret = 0;
476 
477 	ret = kstrtoul(buf, 0, &val);
478 	if (ret || val != 1)
479 		return -EINVAL;
480 
481 	cpus_read_lock();
482 
483 	ret = check_online_cpus();
484 	if (ret)
485 		goto put;
486 
487 	tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev);
488 	if (tmp_ret != UCODE_NEW)
489 		goto put;
490 
491 	mutex_lock(&microcode_mutex);
492 	ret = microcode_reload_late();
493 	mutex_unlock(&microcode_mutex);
494 
495 put:
496 	cpus_read_unlock();
497 
498 	if (ret == 0)
499 		ret = size;
500 
501 	add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
502 
503 	return ret;
504 }
505 
506 static DEVICE_ATTR_WO(reload);
507 #endif
508 
509 static ssize_t version_show(struct device *dev,
510 			struct device_attribute *attr, char *buf)
511 {
512 	struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
513 
514 	return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
515 }
516 
517 static ssize_t processor_flags_show(struct device *dev,
518 			struct device_attribute *attr, char *buf)
519 {
520 	struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
521 
522 	return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
523 }
524 
525 static DEVICE_ATTR_RO(version);
526 static DEVICE_ATTR_RO(processor_flags);
527 
528 static struct attribute *mc_default_attrs[] = {
529 	&dev_attr_version.attr,
530 	&dev_attr_processor_flags.attr,
531 	NULL
532 };
533 
534 static const struct attribute_group mc_attr_group = {
535 	.attrs			= mc_default_attrs,
536 	.name			= "microcode",
537 };
538 
539 static void microcode_fini_cpu(int cpu)
540 {
541 	if (microcode_ops->microcode_fini_cpu)
542 		microcode_ops->microcode_fini_cpu(cpu);
543 }
544 
545 static enum ucode_state microcode_init_cpu(int cpu)
546 {
547 	struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
548 
549 	memset(uci, 0, sizeof(*uci));
550 
551 	microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig);
552 
553 	return microcode_ops->apply_microcode(cpu);
554 }
555 
556 /**
557  * microcode_bsp_resume - Update boot CPU microcode during resume.
558  */
559 void microcode_bsp_resume(void)
560 {
561 	int cpu = smp_processor_id();
562 	struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
563 
564 	if (uci->mc)
565 		microcode_ops->apply_microcode(cpu);
566 	else
567 		reload_early_microcode(cpu);
568 }
569 
570 static struct syscore_ops mc_syscore_ops = {
571 	.resume	= microcode_bsp_resume,
572 };
573 
574 static int mc_cpu_starting(unsigned int cpu)
575 {
576 	enum ucode_state err = microcode_ops->apply_microcode(cpu);
577 
578 	pr_debug("%s: CPU%d, err: %d\n", __func__, cpu, err);
579 
580 	return err == UCODE_ERROR;
581 }
582 
583 static int mc_cpu_online(unsigned int cpu)
584 {
585 	struct device *dev = get_cpu_device(cpu);
586 
587 	if (sysfs_create_group(&dev->kobj, &mc_attr_group))
588 		pr_err("Failed to create group for CPU%d\n", cpu);
589 	return 0;
590 }
591 
592 static int mc_cpu_down_prep(unsigned int cpu)
593 {
594 	struct device *dev;
595 
596 	dev = get_cpu_device(cpu);
597 
598 	microcode_fini_cpu(cpu);
599 
600 	/* Suspend is in progress, only remove the interface */
601 	sysfs_remove_group(&dev->kobj, &mc_attr_group);
602 	pr_debug("%s: CPU%d\n", __func__, cpu);
603 
604 	return 0;
605 }
606 
607 static void setup_online_cpu(struct work_struct *work)
608 {
609 	int cpu = smp_processor_id();
610 	enum ucode_state err;
611 
612 	err = microcode_init_cpu(cpu);
613 	if (err == UCODE_ERROR) {
614 		pr_err("Error applying microcode on CPU%d\n", cpu);
615 		return;
616 	}
617 
618 	mc_cpu_online(cpu);
619 }
620 
621 static struct attribute *cpu_root_microcode_attrs[] = {
622 #ifdef CONFIG_MICROCODE_LATE_LOADING
623 	&dev_attr_reload.attr,
624 #endif
625 	NULL
626 };
627 
628 static const struct attribute_group cpu_root_microcode_group = {
629 	.name  = "microcode",
630 	.attrs = cpu_root_microcode_attrs,
631 };
632 
633 static int __init microcode_init(void)
634 {
635 	struct device *dev_root;
636 	struct cpuinfo_x86 *c = &boot_cpu_data;
637 	int error;
638 
639 	if (dis_ucode_ldr)
640 		return -EINVAL;
641 
642 	if (c->x86_vendor == X86_VENDOR_INTEL)
643 		microcode_ops = init_intel_microcode();
644 	else if (c->x86_vendor == X86_VENDOR_AMD)
645 		microcode_ops = init_amd_microcode();
646 	else
647 		pr_err("no support for this CPU vendor\n");
648 
649 	if (!microcode_ops)
650 		return -ENODEV;
651 
652 	microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0);
653 	if (IS_ERR(microcode_pdev))
654 		return PTR_ERR(microcode_pdev);
655 
656 	dev_root = bus_get_dev_root(&cpu_subsys);
657 	if (dev_root) {
658 		error = sysfs_create_group(&dev_root->kobj, &cpu_root_microcode_group);
659 		put_device(dev_root);
660 		if (error) {
661 			pr_err("Error creating microcode group!\n");
662 			goto out_pdev;
663 		}
664 	}
665 
666 	/* Do per-CPU setup */
667 	schedule_on_each_cpu(setup_online_cpu);
668 
669 	register_syscore_ops(&mc_syscore_ops);
670 	cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting",
671 				  mc_cpu_starting, NULL);
672 	cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
673 				  mc_cpu_online, mc_cpu_down_prep);
674 
675 	pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION);
676 
677 	return 0;
678 
679  out_pdev:
680 	platform_device_unregister(microcode_pdev);
681 	return error;
682 
683 }
684 fs_initcall(save_microcode_in_initrd);
685 late_initcall(microcode_init);
686