[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V2] x86, amd_ucode: Safeguard against #GP

On 06/02/2014 03:31 AM, Jan Beulich wrote:
On 30.05.14 at 18:21, <andrew.cooper3@xxxxxxxxxx> wrote:
The unhandled #GP fault certainly should be wrapped with wrmsr_safe(),
and an error/warning presented to the user.  In the case that a bad
ucode is discovered, it should be discarded and the server allowed to
boot.  It is substantially more useful for the server to come up and say
"I couldn't load that bit of microcode you wanted me to", than to sit in
a reboot loop because you made a typo in the bootloader config, and have
to get someone in the datacenter to poke the physical server.
But this isn't due to a typo somewhere, but due to a corrupted
microcode blob.

Right, but the argument that we don't want to be stuck in the reboot loop still holds.

Besides that no matter which BKDG I look at, I can't seem to find any
indication of there being room for a #GP here if the MSR itself is
implemented. While I don't question its presence in reality, I'd prefer
if this was documented properly for a patch to recover from it to go

Unfortunately the whole microcode patching procedure is, to put it mildly, not well documented, particularly the #GP part. We had an email exchange with an AMD HW architect and he confirmed that corrupted patch results in #GP.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.