1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * CPU Microcode Update Driver for Linux 4 * 5 * Copyright (C) 2000-2006 Tigran Aivazian <aivazian.tigran@gmail.com> 6 * 2006 Shaohua Li <shaohua.li@intel.com> 7 * 2013-2016 Borislav Petkov <bp@alien8.de> 8 * 9 * X86 CPU microcode early update for Linux: 10 * 11 * Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com> 12 * H Peter Anvin" <hpa@zytor.com> 13 * (C) 2015 Borislav Petkov <bp@alien8.de> 14 * 15 * This driver allows to upgrade microcode on x86 processors. 16 */ 17 18 #define pr_fmt(fmt) "microcode: " fmt 19 20 #include <linux/platform_device.h> 21 #include <linux/stop_machine.h> 22 #include <linux/syscore_ops.h> 23 #include <linux/miscdevice.h> 24 #include <linux/capability.h> 25 #include <linux/firmware.h> 26 #include <linux/kernel.h> 27 #include <linux/delay.h> 28 #include <linux/mutex.h> 29 #include <linux/cpu.h> 30 #include <linux/nmi.h> 31 #include <linux/fs.h> 32 #include <linux/mm.h> 33 34 #include <asm/microcode_intel.h> 35 #include <asm/cpu_device_id.h> 36 #include <asm/microcode_amd.h> 37 #include <asm/perf_event.h> 38 #include <asm/microcode.h> 39 #include <asm/processor.h> 40 #include <asm/cmdline.h> 41 #include <asm/setup.h> 42 43 #define DRIVER_VERSION "2.2" 44 45 static struct microcode_ops *microcode_ops; 46 static bool dis_ucode_ldr = true; 47 48 bool initrd_gone; 49 50 LIST_HEAD(microcode_cache); 51 52 /* 53 * Synchronization. 54 * 55 * All non cpu-hotplug-callback call sites use: 56 * 57 * - microcode_mutex to synchronize with each other; 58 * - cpus_read_lock/unlock() to synchronize with 59 * the cpu-hotplug-callback call sites. 60 * 61 * We guarantee that only a single cpu is being 62 * updated at any particular moment of time. 63 */ 64 static DEFINE_MUTEX(microcode_mutex); 65 66 struct ucode_cpu_info ucode_cpu_info[NR_CPUS]; 67 68 struct cpu_info_ctx { 69 struct cpu_signature *cpu_sig; 70 int err; 71 }; 72 73 /* 74 * Those patch levels cannot be updated to newer ones and thus should be final. 75 */ 76 static u32 final_levels[] = { 77 0x01000098, 78 0x0100009f, 79 0x010000af, 80 0, /* T-101 terminator */ 81 }; 82 83 /* 84 * Check the current patch level on this CPU. 85 * 86 * Returns: 87 * - true: if update should stop 88 * - false: otherwise 89 */ 90 static bool amd_check_current_patch_level(void) 91 { 92 u32 lvl, dummy, i; 93 u32 *levels; 94 95 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy); 96 97 if (IS_ENABLED(CONFIG_X86_32)) 98 levels = (u32 *)__pa_nodebug(&final_levels); 99 else 100 levels = final_levels; 101 102 for (i = 0; levels[i]; i++) { 103 if (lvl == levels[i]) 104 return true; 105 } 106 return false; 107 } 108 109 static bool __init check_loader_disabled_bsp(void) 110 { 111 static const char *__dis_opt_str = "dis_ucode_ldr"; 112 113 #ifdef CONFIG_X86_32 114 const char *cmdline = (const char *)__pa_nodebug(boot_command_line); 115 const char *option = (const char *)__pa_nodebug(__dis_opt_str); 116 bool *res = (bool *)__pa_nodebug(&dis_ucode_ldr); 117 118 #else /* CONFIG_X86_64 */ 119 const char *cmdline = boot_command_line; 120 const char *option = __dis_opt_str; 121 bool *res = &dis_ucode_ldr; 122 #endif 123 124 /* 125 * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not 126 * completely accurate as xen pv guests don't see that CPUID bit set but 127 * that's good enough as they don't land on the BSP path anyway. 128 */ 129 if (native_cpuid_ecx(1) & BIT(31)) 130 return *res; 131 132 if (x86_cpuid_vendor() == X86_VENDOR_AMD) { 133 if (amd_check_current_patch_level()) 134 return *res; 135 } 136 137 if (cmdline_find_option_bool(cmdline, option) <= 0) 138 *res = false; 139 140 return *res; 141 } 142 143 void __init load_ucode_bsp(void) 144 { 145 unsigned int cpuid_1_eax; 146 bool intel = true; 147 148 if (!have_cpuid_p()) 149 return; 150 151 cpuid_1_eax = native_cpuid_eax(1); 152 153 switch (x86_cpuid_vendor()) { 154 case X86_VENDOR_INTEL: 155 if (x86_family(cpuid_1_eax) < 6) 156 return; 157 break; 158 159 case X86_VENDOR_AMD: 160 if (x86_family(cpuid_1_eax) < 0x10) 161 return; 162 intel = false; 163 break; 164 165 default: 166 return; 167 } 168 169 if (check_loader_disabled_bsp()) 170 return; 171 172 if (intel) 173 load_ucode_intel_bsp(); 174 else 175 load_ucode_amd_bsp(cpuid_1_eax); 176 } 177 178 static bool check_loader_disabled_ap(void) 179 { 180 #ifdef CONFIG_X86_32 181 return *((bool *)__pa_nodebug(&dis_ucode_ldr)); 182 #else 183 return dis_ucode_ldr; 184 #endif 185 } 186 187 void load_ucode_ap(void) 188 { 189 unsigned int cpuid_1_eax; 190 191 if (check_loader_disabled_ap()) 192 return; 193 194 cpuid_1_eax = native_cpuid_eax(1); 195 196 switch (x86_cpuid_vendor()) { 197 case X86_VENDOR_INTEL: 198 if (x86_family(cpuid_1_eax) >= 6) 199 load_ucode_intel_ap(); 200 break; 201 case X86_VENDOR_AMD: 202 if (x86_family(cpuid_1_eax) >= 0x10) 203 load_ucode_amd_ap(cpuid_1_eax); 204 break; 205 default: 206 break; 207 } 208 } 209 210 static int __init save_microcode_in_initrd(void) 211 { 212 struct cpuinfo_x86 *c = &boot_cpu_data; 213 int ret = -EINVAL; 214 215 switch (c->x86_vendor) { 216 case X86_VENDOR_INTEL: 217 if (c->x86 >= 6) 218 ret = save_microcode_in_initrd_intel(); 219 break; 220 case X86_VENDOR_AMD: 221 if (c->x86 >= 0x10) 222 ret = save_microcode_in_initrd_amd(cpuid_eax(1)); 223 break; 224 default: 225 break; 226 } 227 228 initrd_gone = true; 229 230 return ret; 231 } 232 233 struct cpio_data find_microcode_in_initrd(const char *path, bool use_pa) 234 { 235 #ifdef CONFIG_BLK_DEV_INITRD 236 unsigned long start = 0; 237 size_t size; 238 239 #ifdef CONFIG_X86_32 240 struct boot_params *params; 241 242 if (use_pa) 243 params = (struct boot_params *)__pa_nodebug(&boot_params); 244 else 245 params = &boot_params; 246 247 size = params->hdr.ramdisk_size; 248 249 /* 250 * Set start only if we have an initrd image. We cannot use initrd_start 251 * because it is not set that early yet. 252 */ 253 if (size) 254 start = params->hdr.ramdisk_image; 255 256 # else /* CONFIG_X86_64 */ 257 size = (unsigned long)boot_params.ext_ramdisk_size << 32; 258 size |= boot_params.hdr.ramdisk_size; 259 260 if (size) { 261 start = (unsigned long)boot_params.ext_ramdisk_image << 32; 262 start |= boot_params.hdr.ramdisk_image; 263 264 start += PAGE_OFFSET; 265 } 266 # endif 267 268 /* 269 * Fixup the start address: after reserve_initrd() runs, initrd_start 270 * has the virtual address of the beginning of the initrd. It also 271 * possibly relocates the ramdisk. In either case, initrd_start contains 272 * the updated address so use that instead. 273 * 274 * initrd_gone is for the hotplug case where we've thrown out initrd 275 * already. 276 */ 277 if (!use_pa) { 278 if (initrd_gone) 279 return (struct cpio_data){ NULL, 0, "" }; 280 if (initrd_start) 281 start = initrd_start; 282 } else { 283 /* 284 * The picture with physical addresses is a bit different: we 285 * need to get the *physical* address to which the ramdisk was 286 * relocated, i.e., relocated_ramdisk (not initrd_start) and 287 * since we're running from physical addresses, we need to access 288 * relocated_ramdisk through its *physical* address too. 289 */ 290 u64 *rr = (u64 *)__pa_nodebug(&relocated_ramdisk); 291 if (*rr) 292 start = *rr; 293 } 294 295 return find_cpio_data(path, (void *)start, size, NULL); 296 #else /* !CONFIG_BLK_DEV_INITRD */ 297 return (struct cpio_data){ NULL, 0, "" }; 298 #endif 299 } 300 301 void reload_early_microcode(void) 302 { 303 int vendor, family; 304 305 vendor = x86_cpuid_vendor(); 306 family = x86_cpuid_family(); 307 308 switch (vendor) { 309 case X86_VENDOR_INTEL: 310 if (family >= 6) 311 reload_ucode_intel(); 312 break; 313 case X86_VENDOR_AMD: 314 if (family >= 0x10) 315 reload_ucode_amd(); 316 break; 317 default: 318 break; 319 } 320 } 321 322 static void collect_cpu_info_local(void *arg) 323 { 324 struct cpu_info_ctx *ctx = arg; 325 326 ctx->err = microcode_ops->collect_cpu_info(smp_processor_id(), 327 ctx->cpu_sig); 328 } 329 330 static int collect_cpu_info_on_target(int cpu, struct cpu_signature *cpu_sig) 331 { 332 struct cpu_info_ctx ctx = { .cpu_sig = cpu_sig, .err = 0 }; 333 int ret; 334 335 ret = smp_call_function_single(cpu, collect_cpu_info_local, &ctx, 1); 336 if (!ret) 337 ret = ctx.err; 338 339 return ret; 340 } 341 342 static int collect_cpu_info(int cpu) 343 { 344 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 345 int ret; 346 347 memset(uci, 0, sizeof(*uci)); 348 349 ret = collect_cpu_info_on_target(cpu, &uci->cpu_sig); 350 if (!ret) 351 uci->valid = 1; 352 353 return ret; 354 } 355 356 static void apply_microcode_local(void *arg) 357 { 358 enum ucode_state *err = arg; 359 360 *err = microcode_ops->apply_microcode(smp_processor_id()); 361 } 362 363 static int apply_microcode_on_target(int cpu) 364 { 365 enum ucode_state err; 366 int ret; 367 368 ret = smp_call_function_single(cpu, apply_microcode_local, &err, 1); 369 if (!ret) { 370 if (err == UCODE_ERROR) 371 ret = 1; 372 } 373 return ret; 374 } 375 376 /* fake device for request_firmware */ 377 static struct platform_device *microcode_pdev; 378 379 #ifdef CONFIG_MICROCODE_LATE_LOADING 380 /* 381 * Late loading dance. Why the heavy-handed stomp_machine effort? 382 * 383 * - HT siblings must be idle and not execute other code while the other sibling 384 * is loading microcode in order to avoid any negative interactions caused by 385 * the loading. 386 * 387 * - In addition, microcode update on the cores must be serialized until this 388 * requirement can be relaxed in the future. Right now, this is conservative 389 * and good. 390 */ 391 #define SPINUNIT 100 /* 100 nsec */ 392 393 static int check_online_cpus(void) 394 { 395 unsigned int cpu; 396 397 /* 398 * Make sure all CPUs are online. It's fine for SMT to be disabled if 399 * all the primary threads are still online. 400 */ 401 for_each_present_cpu(cpu) { 402 if (topology_is_primary_thread(cpu) && !cpu_online(cpu)) { 403 pr_err("Not all CPUs online, aborting microcode update.\n"); 404 return -EINVAL; 405 } 406 } 407 408 return 0; 409 } 410 411 static atomic_t late_cpus_in; 412 static atomic_t late_cpus_out; 413 414 static int __wait_for_cpus(atomic_t *t, long long timeout) 415 { 416 int all_cpus = num_online_cpus(); 417 418 atomic_inc(t); 419 420 while (atomic_read(t) < all_cpus) { 421 if (timeout < SPINUNIT) { 422 pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", 423 all_cpus - atomic_read(t)); 424 return 1; 425 } 426 427 ndelay(SPINUNIT); 428 timeout -= SPINUNIT; 429 430 touch_nmi_watchdog(); 431 } 432 return 0; 433 } 434 435 /* 436 * Returns: 437 * < 0 - on error 438 * 0 - success (no update done or microcode was updated) 439 */ 440 static int __reload_late(void *info) 441 { 442 int cpu = smp_processor_id(); 443 enum ucode_state err; 444 int ret = 0; 445 446 /* 447 * Wait for all CPUs to arrive. A load will not be attempted unless all 448 * CPUs show up. 449 * */ 450 if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) 451 return -1; 452 453 /* 454 * On an SMT system, it suffices to load the microcode on one sibling of 455 * the core because the microcode engine is shared between the threads. 456 * Synchronization still needs to take place so that no concurrent 457 * loading attempts happen on multiple threads of an SMT core. See 458 * below. 459 */ 460 if (cpumask_first(topology_sibling_cpumask(cpu)) == cpu) 461 apply_microcode_local(&err); 462 else 463 goto wait_for_siblings; 464 465 if (err >= UCODE_NFOUND) { 466 if (err == UCODE_ERROR) 467 pr_warn("Error reloading microcode on CPU %d\n", cpu); 468 469 ret = -1; 470 } 471 472 wait_for_siblings: 473 if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC)) 474 panic("Timeout during microcode update!\n"); 475 476 /* 477 * At least one thread has completed update on each core. 478 * For others, simply call the update to make sure the 479 * per-cpu cpuinfo can be updated with right microcode 480 * revision. 481 */ 482 if (cpumask_first(topology_sibling_cpumask(cpu)) != cpu) 483 apply_microcode_local(&err); 484 485 return ret; 486 } 487 488 /* 489 * Reload microcode late on all CPUs. Wait for a sec until they 490 * all gather together. 491 */ 492 static int microcode_reload_late(void) 493 { 494 int old = boot_cpu_data.microcode, ret; 495 496 pr_err("Attempting late microcode loading - it is dangerous and taints the kernel.\n"); 497 pr_err("You should switch to early loading, if possible.\n"); 498 499 atomic_set(&late_cpus_in, 0); 500 atomic_set(&late_cpus_out, 0); 501 502 ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); 503 if (ret == 0) 504 microcode_check(); 505 506 pr_info("Reload completed, microcode revision: 0x%x -> 0x%x\n", 507 old, boot_cpu_data.microcode); 508 509 return ret; 510 } 511 512 static ssize_t reload_store(struct device *dev, 513 struct device_attribute *attr, 514 const char *buf, size_t size) 515 { 516 enum ucode_state tmp_ret = UCODE_OK; 517 int bsp = boot_cpu_data.cpu_index; 518 unsigned long val; 519 ssize_t ret = 0; 520 521 ret = kstrtoul(buf, 0, &val); 522 if (ret) 523 return ret; 524 525 if (val != 1) 526 return size; 527 528 cpus_read_lock(); 529 530 ret = check_online_cpus(); 531 if (ret) 532 goto put; 533 534 tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true); 535 if (tmp_ret != UCODE_NEW) 536 goto put; 537 538 mutex_lock(µcode_mutex); 539 ret = microcode_reload_late(); 540 mutex_unlock(µcode_mutex); 541 542 put: 543 cpus_read_unlock(); 544 545 if (ret == 0) 546 ret = size; 547 548 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 549 550 return ret; 551 } 552 553 static DEVICE_ATTR_WO(reload); 554 #endif 555 556 static ssize_t version_show(struct device *dev, 557 struct device_attribute *attr, char *buf) 558 { 559 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id; 560 561 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev); 562 } 563 564 static ssize_t pf_show(struct device *dev, 565 struct device_attribute *attr, char *buf) 566 { 567 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id; 568 569 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf); 570 } 571 572 static DEVICE_ATTR(version, 0444, version_show, NULL); 573 static DEVICE_ATTR(processor_flags, 0444, pf_show, NULL); 574 575 static struct attribute *mc_default_attrs[] = { 576 &dev_attr_version.attr, 577 &dev_attr_processor_flags.attr, 578 NULL 579 }; 580 581 static const struct attribute_group mc_attr_group = { 582 .attrs = mc_default_attrs, 583 .name = "microcode", 584 }; 585 586 static void microcode_fini_cpu(int cpu) 587 { 588 if (microcode_ops->microcode_fini_cpu) 589 microcode_ops->microcode_fini_cpu(cpu); 590 } 591 592 static enum ucode_state microcode_resume_cpu(int cpu) 593 { 594 if (apply_microcode_on_target(cpu)) 595 return UCODE_ERROR; 596 597 pr_debug("CPU%d updated upon resume\n", cpu); 598 599 return UCODE_OK; 600 } 601 602 static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw) 603 { 604 enum ucode_state ustate; 605 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 606 607 if (uci->valid) 608 return UCODE_OK; 609 610 if (collect_cpu_info(cpu)) 611 return UCODE_ERROR; 612 613 /* --dimm. Trigger a delayed update? */ 614 if (system_state != SYSTEM_RUNNING) 615 return UCODE_NFOUND; 616 617 ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, refresh_fw); 618 if (ustate == UCODE_NEW) { 619 pr_debug("CPU%d updated upon init\n", cpu); 620 apply_microcode_on_target(cpu); 621 } 622 623 return ustate; 624 } 625 626 static enum ucode_state microcode_update_cpu(int cpu) 627 { 628 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 629 630 /* Refresh CPU microcode revision after resume. */ 631 collect_cpu_info(cpu); 632 633 if (uci->valid) 634 return microcode_resume_cpu(cpu); 635 636 return microcode_init_cpu(cpu, false); 637 } 638 639 static int mc_device_add(struct device *dev, struct subsys_interface *sif) 640 { 641 int err, cpu = dev->id; 642 643 if (!cpu_online(cpu)) 644 return 0; 645 646 pr_debug("CPU%d added\n", cpu); 647 648 err = sysfs_create_group(&dev->kobj, &mc_attr_group); 649 if (err) 650 return err; 651 652 if (microcode_init_cpu(cpu, true) == UCODE_ERROR) 653 return -EINVAL; 654 655 return err; 656 } 657 658 static void mc_device_remove(struct device *dev, struct subsys_interface *sif) 659 { 660 int cpu = dev->id; 661 662 if (!cpu_online(cpu)) 663 return; 664 665 pr_debug("CPU%d removed\n", cpu); 666 microcode_fini_cpu(cpu); 667 sysfs_remove_group(&dev->kobj, &mc_attr_group); 668 } 669 670 static struct subsys_interface mc_cpu_interface = { 671 .name = "microcode", 672 .subsys = &cpu_subsys, 673 .add_dev = mc_device_add, 674 .remove_dev = mc_device_remove, 675 }; 676 677 /** 678 * microcode_bsp_resume - Update boot CPU microcode during resume. 679 */ 680 void microcode_bsp_resume(void) 681 { 682 int cpu = smp_processor_id(); 683 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 684 685 if (uci->valid && uci->mc) 686 microcode_ops->apply_microcode(cpu); 687 else if (!uci->mc) 688 reload_early_microcode(); 689 } 690 691 static struct syscore_ops mc_syscore_ops = { 692 .resume = microcode_bsp_resume, 693 }; 694 695 static int mc_cpu_starting(unsigned int cpu) 696 { 697 microcode_update_cpu(cpu); 698 pr_debug("CPU%d added\n", cpu); 699 return 0; 700 } 701 702 static int mc_cpu_online(unsigned int cpu) 703 { 704 struct device *dev = get_cpu_device(cpu); 705 706 if (sysfs_create_group(&dev->kobj, &mc_attr_group)) 707 pr_err("Failed to create group for CPU%d\n", cpu); 708 return 0; 709 } 710 711 static int mc_cpu_down_prep(unsigned int cpu) 712 { 713 struct device *dev; 714 715 dev = get_cpu_device(cpu); 716 /* Suspend is in progress, only remove the interface */ 717 sysfs_remove_group(&dev->kobj, &mc_attr_group); 718 pr_debug("CPU%d removed\n", cpu); 719 720 return 0; 721 } 722 723 static struct attribute *cpu_root_microcode_attrs[] = { 724 #ifdef CONFIG_MICROCODE_LATE_LOADING 725 &dev_attr_reload.attr, 726 #endif 727 NULL 728 }; 729 730 static const struct attribute_group cpu_root_microcode_group = { 731 .name = "microcode", 732 .attrs = cpu_root_microcode_attrs, 733 }; 734 735 static int __init microcode_init(void) 736 { 737 struct cpuinfo_x86 *c = &boot_cpu_data; 738 int error; 739 740 if (dis_ucode_ldr) 741 return -EINVAL; 742 743 if (c->x86_vendor == X86_VENDOR_INTEL) 744 microcode_ops = init_intel_microcode(); 745 else if (c->x86_vendor == X86_VENDOR_AMD) 746 microcode_ops = init_amd_microcode(); 747 else 748 pr_err("no support for this CPU vendor\n"); 749 750 if (!microcode_ops) 751 return -ENODEV; 752 753 microcode_pdev = platform_device_register_simple("microcode", -1, 754 NULL, 0); 755 if (IS_ERR(microcode_pdev)) 756 return PTR_ERR(microcode_pdev); 757 758 cpus_read_lock(); 759 mutex_lock(µcode_mutex); 760 error = subsys_interface_register(&mc_cpu_interface); 761 mutex_unlock(µcode_mutex); 762 cpus_read_unlock(); 763 764 if (error) 765 goto out_pdev; 766 767 error = sysfs_create_group(&cpu_subsys.dev_root->kobj, 768 &cpu_root_microcode_group); 769 770 if (error) { 771 pr_err("Error creating microcode group!\n"); 772 goto out_driver; 773 } 774 775 register_syscore_ops(&mc_syscore_ops); 776 cpuhp_setup_state_nocalls(CPUHP_AP_MICROCODE_LOADER, "x86/microcode:starting", 777 mc_cpu_starting, NULL); 778 cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "x86/microcode:online", 779 mc_cpu_online, mc_cpu_down_prep); 780 781 pr_info("Microcode Update Driver: v%s.", DRIVER_VERSION); 782 783 return 0; 784 785 out_driver: 786 cpus_read_lock(); 787 mutex_lock(µcode_mutex); 788 789 subsys_interface_unregister(&mc_cpu_interface); 790 791 mutex_unlock(µcode_mutex); 792 cpus_read_unlock(); 793 794 out_pdev: 795 platform_device_unregister(microcode_pdev); 796 return error; 797 798 } 799 fs_initcall(save_microcode_in_initrd); 800 late_initcall(microcode_init); 801