Re: [Xen-devel] [PATCH V2] x86, amd_ucode: Safeguard against #GP

[Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>]

On 06/02/2014 03:31 AM, Jan Beulich wrote:
> > > > On 30.05.14 at 18:21, <andrew.cooper3@xxxxxxxxxx> wrote:
> > The unhandled #GP fault certainly should be wrapped with wrmsr_safe(),
> > and an error/warning presented to the user.  In the case that a bad
> > ucode is discovered, it should be discarded and the server allowed to
> > boot.  It is substantially more useful for the server to come up and say
> > "I couldn't load that bit of microcode you wanted me to", than to sit in
> > a reboot loop because you made a typo in the bootloader config, and have
> > to get someone in the datacenter to poke the physical server.
> But this isn't due to a typo somewhere, but due to a corrupted
> microcode blob.
Right, but the argument that we don't want to be stuck in the reboot 
loop still holds.
> Besides that no matter which BKDG I look at, I can't seem to find any
> indication of there being room for a #GP here if the MSR itself is
> implemented. While I don't question its presence in reality, I'd prefer
> if this was documented properly for a patch to recover from it to go
> in.
Unfortunately the whole microcode patching procedure is, to put it 
mildly, not well documented, particularly the #GP part. We had an email 
exchange with an AMD HW architect and he confirmed that corrupted patch 
results in #GP.
-boris


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel