1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * CPU Microcode Update Driver for Linux
4 *
5 * Copyright (C) 2000-2006 Tigran Aivazian <aivazian.tigran@gmail.com>
6 * 2006 Shaohua Li <shaohua.li@intel.com>
7 * 2013-2016 Borislav Petkov <bp@alien8.de>
8 *
9 * X86 CPU microcode early update for Linux:
10 *
11 * Copyright (C) 2012 Fenghua Yu <fenghua.yu@intel.com>
12 * H Peter Anvin" <hpa@zytor.com>
13 * (C) 2015 Borislav Petkov <bp@alien8.de>
14 *
15 * This driver allows to upgrade microcode on x86 processors.
16 */
17
18 #define pr_fmt(fmt) "microcode: " fmt
19
20 #include <linux/platform_device.h>
21 #include <linux/stop_machine.h>
22 #include <linux/syscore_ops.h>
23 #include <linux/miscdevice.h>
24 #include <linux/capability.h>
25 #include <linux/firmware.h>
26 #include <linux/cpumask.h>
27 #include <linux/kernel.h>
28 #include <linux/delay.h>
29 #include <linux/mutex.h>
30 #include <linux/cpu.h>
31 #include <linux/nmi.h>
32 #include <linux/fs.h>
33 #include <linux/mm.h>
34
35 #include <asm/apic.h>
36 #include <asm/cpu_device_id.h>
37 #include <asm/perf_event.h>
38 #include <asm/processor.h>
39 #include <asm/cmdline.h>
40 #include <asm/setup.h>
41
42 #include "internal.h"
43
44 static struct microcode_ops *microcode_ops;
45 static bool dis_ucode_ldr = false;
46
47 bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
48 module_param(force_minrev, bool, S_IRUSR | S_IWUSR);
49
50 /*
51 * Synchronization.
52 *
53 * All non cpu-hotplug-callback call sites use:
54 *
55 * - cpus_read_lock/unlock() to synchronize with
56 * the cpu-hotplug-callback call sites.
57 *
58 * We guarantee that only a single cpu is being
59 * updated at any particular moment of time.
60 */
61 struct ucode_cpu_info ucode_cpu_info[NR_CPUS];
62
63 /*
64 * Those patch levels cannot be updated to newer ones and thus should be final.
65 */
66 static u32 final_levels[] = {
67 0x01000098,
68 0x0100009f,
69 0x010000af,
70 0, /* T-101 terminator */
71 };
72
73 struct early_load_data early_data;
74
75 /*
76 * Check the current patch level on this CPU.
77 *
78 * Returns:
79 * - true: if update should stop
80 * - false: otherwise
81 */
amd_check_current_patch_level(void)82 static bool amd_check_current_patch_level(void)
83 {
84 u32 lvl, dummy, i;
85 u32 *levels;
86
87 if (x86_cpuid_vendor() != X86_VENDOR_AMD)
88 return false;
89
90 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy);
91
92 levels = final_levels;
93
94 for (i = 0; levels[i]; i++) {
95 if (lvl == levels[i])
96 return true;
97 }
98 return false;
99 }
100
microcode_loader_disabled(void)101 bool __init microcode_loader_disabled(void)
102 {
103 if (dis_ucode_ldr)
104 return true;
105
106 /*
107 * Disable when:
108 *
109 * 1) The CPU does not support CPUID.
110 *
111 * 2) Bit 31 in CPUID[1]:ECX is clear
112 * The bit is reserved for hypervisor use. This is still not
113 * completely accurate as XEN PV guests don't see that CPUID bit
114 * set, but that's good enough as they don't land on the BSP
115 * path anyway.
116 *
117 * 3) Certain AMD patch levels are not allowed to be
118 * overwritten.
119 */
120 if (!have_cpuid_p() ||
121 native_cpuid_ecx(1) & BIT(31) ||
122 amd_check_current_patch_level())
123 dis_ucode_ldr = true;
124
125 return dis_ucode_ldr;
126 }
127
load_ucode_bsp(void)128 void __init load_ucode_bsp(void)
129 {
130 unsigned int cpuid_1_eax;
131 bool intel = true;
132
133 if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
134 dis_ucode_ldr = true;
135
136 if (microcode_loader_disabled())
137 return;
138
139 cpuid_1_eax = native_cpuid_eax(1);
140
141 switch (x86_cpuid_vendor()) {
142 case X86_VENDOR_INTEL:
143 if (x86_family(cpuid_1_eax) < 6)
144 return;
145 break;
146
147 case X86_VENDOR_AMD:
148 if (x86_family(cpuid_1_eax) < 0x10)
149 return;
150 intel = false;
151 break;
152
153 default:
154 return;
155 }
156
157 if (intel)
158 load_ucode_intel_bsp(&early_data);
159 else
160 load_ucode_amd_bsp(&early_data, cpuid_1_eax);
161 }
162
load_ucode_ap(void)163 void load_ucode_ap(void)
164 {
165 unsigned int cpuid_1_eax;
166
167 /*
168 * Can't use microcode_loader_disabled() here - .init section
169 * hell. It doesn't have to either - the BSP variant must've
170 * parsed cmdline already anyway.
171 */
172 if (dis_ucode_ldr)
173 return;
174
175 cpuid_1_eax = native_cpuid_eax(1);
176
177 switch (x86_cpuid_vendor()) {
178 case X86_VENDOR_INTEL:
179 if (x86_family(cpuid_1_eax) >= 6)
180 load_ucode_intel_ap();
181 break;
182 case X86_VENDOR_AMD:
183 if (x86_family(cpuid_1_eax) >= 0x10)
184 load_ucode_amd_ap(cpuid_1_eax);
185 break;
186 default:
187 break;
188 }
189 }
190
find_microcode_in_initrd(const char * path)191 struct cpio_data __init find_microcode_in_initrd(const char *path)
192 {
193 #ifdef CONFIG_BLK_DEV_INITRD
194 unsigned long start = 0;
195 size_t size;
196
197 #ifdef CONFIG_X86_32
198 size = boot_params.hdr.ramdisk_size;
199 /* Early load on BSP has a temporary mapping. */
200 if (size)
201 start = initrd_start_early;
202
203 #else /* CONFIG_X86_64 */
204 size = (unsigned long)boot_params.ext_ramdisk_size << 32;
205 size |= boot_params.hdr.ramdisk_size;
206
207 if (size) {
208 start = (unsigned long)boot_params.ext_ramdisk_image << 32;
209 start |= boot_params.hdr.ramdisk_image;
210 start += PAGE_OFFSET;
211 }
212 #endif
213
214 /*
215 * Fixup the start address: after reserve_initrd() runs, initrd_start
216 * has the virtual address of the beginning of the initrd. It also
217 * possibly relocates the ramdisk. In either case, initrd_start contains
218 * the updated address so use that instead.
219 */
220 if (initrd_start)
221 start = initrd_start;
222
223 return find_cpio_data(path, (void *)start, size, NULL);
224 #else /* !CONFIG_BLK_DEV_INITRD */
225 return (struct cpio_data){ NULL, 0, "" };
226 #endif
227 }
228
reload_early_microcode(unsigned int cpu)229 static void reload_early_microcode(unsigned int cpu)
230 {
231 int vendor, family;
232
233 vendor = x86_cpuid_vendor();
234 family = x86_cpuid_family();
235
236 switch (vendor) {
237 case X86_VENDOR_INTEL:
238 if (family >= 6)
239 reload_ucode_intel();
240 break;
241 case X86_VENDOR_AMD:
242 if (family >= 0x10)
243 reload_ucode_amd(cpu);
244 break;
245 default:
246 break;
247 }
248 }
249
250 /* fake device for request_firmware */
251 static struct platform_device *microcode_pdev;
252
253 #ifdef CONFIG_MICROCODE_LATE_LOADING
254 /*
255 * Late loading dance. Why the heavy-handed stomp_machine effort?
256 *
257 * - HT siblings must be idle and not execute other code while the other sibling
258 * is loading microcode in order to avoid any negative interactions caused by
259 * the loading.
260 *
261 * - In addition, microcode update on the cores must be serialized until this
262 * requirement can be relaxed in the future. Right now, this is conservative
263 * and good.
264 */
265 enum sibling_ctrl {
266 /* Spinwait with timeout */
267 SCTRL_WAIT,
268 /* Invoke the microcode_apply() callback */
269 SCTRL_APPLY,
270 /* Proceed without invoking the microcode_apply() callback */
271 SCTRL_DONE,
272 };
273
274 struct microcode_ctrl {
275 enum sibling_ctrl ctrl;
276 enum ucode_state result;
277 unsigned int ctrl_cpu;
278 bool nmi_enabled;
279 };
280
281 DEFINE_STATIC_KEY_FALSE(microcode_nmi_handler_enable);
282 static DEFINE_PER_CPU(struct microcode_ctrl, ucode_ctrl);
283 static atomic_t late_cpus_in, offline_in_nmi;
284 static unsigned int loops_per_usec;
285 static cpumask_t cpu_offline_mask;
286
wait_for_cpus(atomic_t * cnt)287 static noinstr bool wait_for_cpus(atomic_t *cnt)
288 {
289 unsigned int timeout, loops;
290
291 WARN_ON_ONCE(raw_atomic_dec_return(cnt) < 0);
292
293 for (timeout = 0; timeout < USEC_PER_SEC; timeout++) {
294 if (!raw_atomic_read(cnt))
295 return true;
296
297 for (loops = 0; loops < loops_per_usec; loops++)
298 cpu_relax();
299
300 /* If invoked directly, tickle the NMI watchdog */
301 if (!microcode_ops->use_nmi && !(timeout % USEC_PER_MSEC)) {
302 instrumentation_begin();
303 touch_nmi_watchdog();
304 instrumentation_end();
305 }
306 }
307 /* Prevent the late comers from making progress and let them time out */
308 raw_atomic_inc(cnt);
309 return false;
310 }
311
wait_for_ctrl(void)312 static noinstr bool wait_for_ctrl(void)
313 {
314 unsigned int timeout, loops;
315
316 for (timeout = 0; timeout < USEC_PER_SEC; timeout++) {
317 if (raw_cpu_read(ucode_ctrl.ctrl) != SCTRL_WAIT)
318 return true;
319
320 for (loops = 0; loops < loops_per_usec; loops++)
321 cpu_relax();
322
323 /* If invoked directly, tickle the NMI watchdog */
324 if (!microcode_ops->use_nmi && !(timeout % USEC_PER_MSEC)) {
325 instrumentation_begin();
326 touch_nmi_watchdog();
327 instrumentation_end();
328 }
329 }
330 return false;
331 }
332
333 /*
334 * Protected against instrumentation up to the point where the primary
335 * thread completed the update. See microcode_nmi_handler() for details.
336 */
load_secondary_wait(unsigned int ctrl_cpu)337 static noinstr bool load_secondary_wait(unsigned int ctrl_cpu)
338 {
339 /* Initial rendezvous to ensure that all CPUs have arrived */
340 if (!wait_for_cpus(&late_cpus_in)) {
341 raw_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT);
342 return false;
343 }
344
345 /*
346 * Wait for primary threads to complete. If one of them hangs due
347 * to the update, there is no way out. This is non-recoverable
348 * because the CPU might hold locks or resources and confuse the
349 * scheduler, watchdogs etc. There is no way to safely evacuate the
350 * machine.
351 */
352 if (wait_for_ctrl())
353 return true;
354
355 instrumentation_begin();
356 panic("Microcode load: Primary CPU %d timed out\n", ctrl_cpu);
357 instrumentation_end();
358 }
359
360 /*
361 * Protected against instrumentation up to the point where the primary
362 * thread completed the update. See microcode_nmi_handler() for details.
363 */
load_secondary(unsigned int cpu)364 static noinstr void load_secondary(unsigned int cpu)
365 {
366 unsigned int ctrl_cpu = raw_cpu_read(ucode_ctrl.ctrl_cpu);
367 enum ucode_state ret;
368
369 if (!load_secondary_wait(ctrl_cpu)) {
370 instrumentation_begin();
371 pr_err_once("load: %d CPUs timed out\n",
372 atomic_read(&late_cpus_in) - 1);
373 instrumentation_end();
374 return;
375 }
376
377 /* Primary thread completed. Allow to invoke instrumentable code */
378 instrumentation_begin();
379 /*
380 * If the primary succeeded then invoke the apply() callback,
381 * otherwise copy the state from the primary thread.
382 */
383 if (this_cpu_read(ucode_ctrl.ctrl) == SCTRL_APPLY)
384 ret = microcode_ops->apply_microcode(cpu);
385 else
386 ret = per_cpu(ucode_ctrl.result, ctrl_cpu);
387
388 this_cpu_write(ucode_ctrl.result, ret);
389 this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE);
390 instrumentation_end();
391 }
392
__load_primary(unsigned int cpu)393 static void __load_primary(unsigned int cpu)
394 {
395 struct cpumask *secondaries = topology_sibling_cpumask(cpu);
396 enum sibling_ctrl ctrl;
397 enum ucode_state ret;
398 unsigned int sibling;
399
400 /* Initial rendezvous to ensure that all CPUs have arrived */
401 if (!wait_for_cpus(&late_cpus_in)) {
402 this_cpu_write(ucode_ctrl.result, UCODE_TIMEOUT);
403 pr_err_once("load: %d CPUs timed out\n", atomic_read(&late_cpus_in) - 1);
404 return;
405 }
406
407 ret = microcode_ops->apply_microcode(cpu);
408 this_cpu_write(ucode_ctrl.result, ret);
409 this_cpu_write(ucode_ctrl.ctrl, SCTRL_DONE);
410
411 /*
412 * If the update was successful, let the siblings run the apply()
413 * callback. If not, tell them it's done. This also covers the
414 * case where the CPU has uniform loading at package or system
415 * scope implemented but does not advertise it.
416 */
417 if (ret == UCODE_UPDATED || ret == UCODE_OK)
418 ctrl = SCTRL_APPLY;
419 else
420 ctrl = SCTRL_DONE;
421
422 for_each_cpu(sibling, secondaries) {
423 if (sibling != cpu)
424 per_cpu(ucode_ctrl.ctrl, sibling) = ctrl;
425 }
426 }
427
kick_offline_cpus(unsigned int nr_offl)428 static bool kick_offline_cpus(unsigned int nr_offl)
429 {
430 unsigned int cpu, timeout;
431
432 for_each_cpu(cpu, &cpu_offline_mask) {
433 /* Enable the rendezvous handler and send NMI */
434 per_cpu(ucode_ctrl.nmi_enabled, cpu) = true;
435 apic_send_nmi_to_offline_cpu(cpu);
436 }
437
438 /* Wait for them to arrive */
439 for (timeout = 0; timeout < (USEC_PER_SEC / 2); timeout++) {
440 if (atomic_read(&offline_in_nmi) == nr_offl)
441 return true;
442 udelay(1);
443 }
444 /* Let the others time out */
445 return false;
446 }
447
release_offline_cpus(void)448 static void release_offline_cpus(void)
449 {
450 unsigned int cpu;
451
452 for_each_cpu(cpu, &cpu_offline_mask)
453 per_cpu(ucode_ctrl.ctrl, cpu) = SCTRL_DONE;
454 }
455
load_primary(unsigned int cpu)456 static void load_primary(unsigned int cpu)
457 {
458 unsigned int nr_offl = cpumask_weight(&cpu_offline_mask);
459 bool proceed = true;
460
461 /* Kick soft-offlined SMT siblings if required */
462 if (!cpu && nr_offl)
463 proceed = kick_offline_cpus(nr_offl);
464
465 /* If the soft-offlined CPUs did not respond, abort */
466 if (proceed)
467 __load_primary(cpu);
468
469 /* Unconditionally release soft-offlined SMT siblings if required */
470 if (!cpu && nr_offl)
471 release_offline_cpus();
472 }
473
474 /*
475 * Minimal stub rendezvous handler for soft-offlined CPUs which participate
476 * in the NMI rendezvous to protect against a concurrent NMI on affected
477 * CPUs.
478 */
microcode_offline_nmi_handler(void)479 void noinstr microcode_offline_nmi_handler(void)
480 {
481 if (!raw_cpu_read(ucode_ctrl.nmi_enabled))
482 return;
483 raw_cpu_write(ucode_ctrl.nmi_enabled, false);
484 raw_cpu_write(ucode_ctrl.result, UCODE_OFFLINE);
485 raw_atomic_inc(&offline_in_nmi);
486 wait_for_ctrl();
487 }
488
microcode_update_handler(void)489 static noinstr bool microcode_update_handler(void)
490 {
491 unsigned int cpu = raw_smp_processor_id();
492
493 if (raw_cpu_read(ucode_ctrl.ctrl_cpu) == cpu) {
494 instrumentation_begin();
495 load_primary(cpu);
496 instrumentation_end();
497 } else {
498 load_secondary(cpu);
499 }
500
501 instrumentation_begin();
502 touch_nmi_watchdog();
503 instrumentation_end();
504
505 return true;
506 }
507
508 /*
509 * Protection against instrumentation is required for CPUs which are not
510 * safe against an NMI which is delivered to the secondary SMT sibling
511 * while the primary thread updates the microcode. Instrumentation can end
512 * up in #INT3, #DB and #PF. The IRET from those exceptions reenables NMI
513 * which is the opposite of what the NMI rendezvous is trying to achieve.
514 *
515 * The primary thread is safe versus instrumentation as the actual
516 * microcode update handles this correctly. It's only the sibling code
517 * path which must be NMI safe until the primary thread completed the
518 * update.
519 */
microcode_nmi_handler(void)520 bool noinstr microcode_nmi_handler(void)
521 {
522 if (!raw_cpu_read(ucode_ctrl.nmi_enabled))
523 return false;
524
525 raw_cpu_write(ucode_ctrl.nmi_enabled, false);
526 return microcode_update_handler();
527 }
528
load_cpus_stopped(void * unused)529 static int load_cpus_stopped(void *unused)
530 {
531 if (microcode_ops->use_nmi) {
532 /* Enable the NMI handler and raise NMI */
533 this_cpu_write(ucode_ctrl.nmi_enabled, true);
534 apic->send_IPI(smp_processor_id(), NMI_VECTOR);
535 } else {
536 /* Just invoke the handler directly */
537 microcode_update_handler();
538 }
539 return 0;
540 }
541
load_late_stop_cpus(bool is_safe)542 static int load_late_stop_cpus(bool is_safe)
543 {
544 unsigned int cpu, updated = 0, failed = 0, timedout = 0, siblings = 0;
545 unsigned int nr_offl, offline = 0;
546 int old_rev = boot_cpu_data.microcode;
547 struct cpuinfo_x86 prev_info;
548
549 if (!is_safe) {
550 pr_err("Late microcode loading without minimal revision check.\n");
551 pr_err("You should switch to early loading, if possible.\n");
552 }
553
554 atomic_set(&late_cpus_in, num_online_cpus());
555 atomic_set(&offline_in_nmi, 0);
556 loops_per_usec = loops_per_jiffy / (TICK_NSEC / 1000);
557
558 /*
559 * Take a snapshot before the microcode update in order to compare and
560 * check whether any bits changed after an update.
561 */
562 store_cpu_caps(&prev_info);
563
564 if (microcode_ops->use_nmi)
565 static_branch_enable_cpuslocked(µcode_nmi_handler_enable);
566
567 stop_machine_cpuslocked(load_cpus_stopped, NULL, cpu_online_mask);
568
569 if (microcode_ops->use_nmi)
570 static_branch_disable_cpuslocked(µcode_nmi_handler_enable);
571
572 /* Analyze the results */
573 for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) {
574 switch (per_cpu(ucode_ctrl.result, cpu)) {
575 case UCODE_UPDATED: updated++; break;
576 case UCODE_TIMEOUT: timedout++; break;
577 case UCODE_OK: siblings++; break;
578 case UCODE_OFFLINE: offline++; break;
579 default: failed++; break;
580 }
581 }
582
583 if (microcode_ops->finalize_late_load)
584 microcode_ops->finalize_late_load(!updated);
585
586 if (!updated) {
587 /* Nothing changed. */
588 if (!failed && !timedout)
589 return 0;
590
591 nr_offl = cpumask_weight(&cpu_offline_mask);
592 if (offline < nr_offl) {
593 pr_warn("%u offline siblings did not respond.\n",
594 nr_offl - atomic_read(&offline_in_nmi));
595 return -EIO;
596 }
597 pr_err("update failed: %u CPUs failed %u CPUs timed out\n",
598 failed, timedout);
599 return -EIO;
600 }
601
602 if (!is_safe || failed || timedout)
603 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
604
605 pr_info("load: updated on %u primary CPUs with %u siblings\n", updated, siblings);
606 if (failed || timedout) {
607 pr_err("load incomplete. %u CPUs timed out or failed\n",
608 num_online_cpus() - (updated + siblings));
609 }
610 pr_info("revision: 0x%x -> 0x%x\n", old_rev, boot_cpu_data.microcode);
611 microcode_check(&prev_info);
612
613 return updated + siblings == num_online_cpus() ? 0 : -EIO;
614 }
615
616 /*
617 * This function does two things:
618 *
619 * 1) Ensure that all required CPUs which are present and have been booted
620 * once are online.
621 *
622 * To pass this check, all primary threads must be online.
623 *
624 * If the microcode load is not safe against NMI then all SMT threads
625 * must be online as well because they still react to NMIs when they are
626 * soft-offlined and parked in one of the play_dead() variants. So if a
627 * NMI hits while the primary thread updates the microcode the resulting
628 * behaviour is undefined. The default play_dead() implementation on
629 * modern CPUs uses MWAIT, which is also not guaranteed to be safe
630 * against a microcode update which affects MWAIT.
631 *
632 * As soft-offlined CPUs still react on NMIs, the SMT sibling
633 * restriction can be lifted when the vendor driver signals to use NMI
634 * for rendezvous and the APIC provides a mechanism to send an NMI to a
635 * soft-offlined CPU. The soft-offlined CPUs are then able to
636 * participate in the rendezvous in a trivial stub handler.
637 *
638 * 2) Initialize the per CPU control structure and create a cpumask
639 * which contains "offline"; secondary threads, so they can be handled
640 * correctly by a control CPU.
641 */
setup_cpus(void)642 static bool setup_cpus(void)
643 {
644 struct microcode_ctrl ctrl = { .ctrl = SCTRL_WAIT, .result = -1, };
645 bool allow_smt_offline;
646 unsigned int cpu;
647
648 allow_smt_offline = microcode_ops->nmi_safe ||
649 (microcode_ops->use_nmi && apic->nmi_to_offline_cpu);
650
651 cpumask_clear(&cpu_offline_mask);
652
653 for_each_cpu_and(cpu, cpu_present_mask, &cpus_booted_once_mask) {
654 /*
655 * Offline CPUs sit in one of the play_dead() functions
656 * with interrupts disabled, but they still react on NMIs
657 * and execute arbitrary code. Also MWAIT being updated
658 * while the offline CPU sits there is not necessarily safe
659 * on all CPU variants.
660 *
661 * Mark them in the offline_cpus mask which will be handled
662 * by CPU0 later in the update process.
663 *
664 * Ensure that the primary thread is online so that it is
665 * guaranteed that all cores are updated.
666 */
667 if (!cpu_online(cpu)) {
668 if (topology_is_primary_thread(cpu) || !allow_smt_offline) {
669 pr_err("CPU %u not online, loading aborted\n", cpu);
670 return false;
671 }
672 cpumask_set_cpu(cpu, &cpu_offline_mask);
673 per_cpu(ucode_ctrl, cpu) = ctrl;
674 continue;
675 }
676
677 /*
678 * Initialize the per CPU state. This is core scope for now,
679 * but prepared to take package or system scope into account.
680 */
681 ctrl.ctrl_cpu = cpumask_first(topology_sibling_cpumask(cpu));
682 per_cpu(ucode_ctrl, cpu) = ctrl;
683 }
684 return true;
685 }
686
load_late_locked(void)687 static int load_late_locked(void)
688 {
689 if (!setup_cpus())
690 return -EBUSY;
691
692 switch (microcode_ops->request_microcode_fw(0, µcode_pdev->dev)) {
693 case UCODE_NEW:
694 return load_late_stop_cpus(false);
695 case UCODE_NEW_SAFE:
696 return load_late_stop_cpus(true);
697 case UCODE_NFOUND:
698 return -ENOENT;
699 default:
700 return -EBADFD;
701 }
702 }
703
reload_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t size)704 static ssize_t reload_store(struct device *dev,
705 struct device_attribute *attr,
706 const char *buf, size_t size)
707 {
708 unsigned long val;
709 ssize_t ret;
710
711 ret = kstrtoul(buf, 0, &val);
712 if (ret || val != 1)
713 return -EINVAL;
714
715 cpus_read_lock();
716 ret = load_late_locked();
717 cpus_read_unlock();
718
719 return ret ? : size;
720 }
721
722 static DEVICE_ATTR_WO(reload);
723 #endif
724
version_show(struct device * dev,struct device_attribute * attr,char * buf)725 static ssize_t version_show(struct device *dev,
726 struct device_attribute *attr, char *buf)
727 {
728 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
729
730 return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
731 }
732
processor_flags_show(struct device * dev,struct device_attribute * attr,char * buf)733 static ssize_t processor_flags_show(struct device *dev,
734 struct device_attribute *attr, char *buf)
735 {
736 struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
737
738 return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
739 }
740
741 static DEVICE_ATTR_RO(version);
742 static DEVICE_ATTR_RO(processor_flags);
743
744 static struct attribute *mc_default_attrs[] = {
745 &dev_attr_version.attr,
746 &dev_attr_processor_flags.attr,
747 NULL
748 };
749
750 static const struct attribute_group mc_attr_group = {
751 .attrs = mc_default_attrs,
752 .name = "microcode",
753 };
754
microcode_fini_cpu(int cpu)755 static void microcode_fini_cpu(int cpu)
756 {
757 if (microcode_ops->microcode_fini_cpu)
758 microcode_ops->microcode_fini_cpu(cpu);
759 }
760
761 /**
762 * microcode_bsp_resume - Update boot CPU microcode during resume.
763 */
microcode_bsp_resume(void)764 void microcode_bsp_resume(void)
765 {
766 int cpu = smp_processor_id();
767 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
768
769 if (uci->mc)
770 microcode_ops->apply_microcode(cpu);
771 else
772 reload_early_microcode(cpu);
773 }
774
775 static struct syscore_ops mc_syscore_ops = {
776 .resume = microcode_bsp_resume,
777 };
778
mc_cpu_online(unsigned int cpu)779 static int mc_cpu_online(unsigned int cpu)
780 {
781 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
782 struct device *dev = get_cpu_device(cpu);
783
784 memset(uci, 0, sizeof(*uci));
785
786 microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig);
787 cpu_data(cpu).microcode = uci->cpu_sig.rev;
788 if (!cpu)
789 boot_cpu_data.microcode = uci->cpu_sig.rev;
790
791 if (sysfs_create_group(&dev->kobj, &mc_attr_group))
792 pr_err("Failed to create group for CPU%d\n", cpu);
793 return 0;
794 }
795
mc_cpu_down_prep(unsigned int cpu)796 static int mc_cpu_down_prep(unsigned int cpu)
797 {
798 struct device *dev = get_cpu_device(cpu);
799
800 microcode_fini_cpu(cpu);
801 sysfs_remove_group(&dev->kobj, &mc_attr_group);
802 return 0;
803 }
804
805 static struct attribute *cpu_root_microcode_attrs[] = {
806 #ifdef CONFIG_MICROCODE_LATE_LOADING
807 &dev_attr_reload.attr,
808 #endif
809 NULL
810 };
811
812 static const struct attribute_group cpu_root_microcode_group = {
813 .name = "microcode",
814 .attrs = cpu_root_microcode_attrs,
815 };
816
microcode_init(void)817 static int __init microcode_init(void)
818 {
819 struct device *dev_root;
820 struct cpuinfo_x86 *c = &boot_cpu_data;
821 int error;
822
823 if (microcode_loader_disabled())
824 return -EINVAL;
825
826 if (c->x86_vendor == X86_VENDOR_INTEL)
827 microcode_ops = init_intel_microcode();
828 else if (c->x86_vendor == X86_VENDOR_AMD)
829 microcode_ops = init_amd_microcode();
830 else
831 pr_err("no support for this CPU vendor\n");
832
833 if (!microcode_ops)
834 return -ENODEV;
835
836 pr_info_once("Current revision: 0x%08x\n", (early_data.new_rev ?: early_data.old_rev));
837
838 if (early_data.new_rev)
839 pr_info_once("Updated early from: 0x%08x\n", early_data.old_rev);
840
841 microcode_pdev = platform_device_register_simple("microcode", -1, NULL, 0);
842 if (IS_ERR(microcode_pdev))
843 return PTR_ERR(microcode_pdev);
844
845 dev_root = bus_get_dev_root(&cpu_subsys);
846 if (dev_root) {
847 error = sysfs_create_group(&dev_root->kobj, &cpu_root_microcode_group);
848 put_device(dev_root);
849 if (error) {
850 pr_err("Error creating microcode group!\n");
851 goto out_pdev;
852 }
853 }
854
855 register_syscore_ops(&mc_syscore_ops);
856 cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, "x86/microcode:online",
857 mc_cpu_online, mc_cpu_down_prep);
858
859 return 0;
860
861 out_pdev:
862 platform_device_unregister(microcode_pdev);
863 return error;
864
865 }
866 late_initcall(microcode_init);
867