[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] misc/xenmicrocode: Upload /lib/firmware/<some blob> to the hypervisor

On Thu, Jan 29, 2015 at 09:36:49AM -0200, Henrique de Moraes Holschuh wrote:
> But the fact that you cannot trust a system with mismatched microcode to
> be stable is the hard truth: neither AMD nor Intel are really enforcing
> that late microcode updates will be always safe in all conditions.

How do you know? Have you talked to anyone?

Can you imagine that someone might have done that and asked exactly that
question and got an assurance that CPU vendors actually do try to make
microcode updates self-contained?

So let me stop you right there with that "hard truth" drama. Just stick
to the facts. If you don't have any facts, don't create them out of thin
air. Ok?

The HSW TSX stuff had to be done that way and I'm sure Intel had their
good reasons. And I'm sure they bought the pain of the late update

And software should support even the use case of late updates. And that
use case is very simple - if a microcode patch is self-contained, then
it should get applied. If not - and here we rely on the CPU vendors to
let us know; if they don't, we learn it the hard way anyway - we warn
the user and disallow the update. This is a very simple thing to solve.

> What we can do about it in the Linux kernel late microcode driver is to
> shorten that window as much as possible, and try to quiesce the system
> as much as possible during the microcode update until all cores have
> been updated.
> It still looks like Xen should *never* trigger a late microcode update,
> unless it freezes all VMs first.

Now this is better.

> For example, on Intel you must *never* have two CPUs attempt to update
> the same "microcode store" at the same time, which requires that you

Interesting - this is the first time I hear about such restriction.

> actually know how the microcode is partitioned relative to
> packages/cores/threads (so far, this is easy: HT siblings share
> microcode, nothing else does.  But what about future processors?).

What about it? Software gets adjusted like for anything else.

> ... so they're actually quite fine with the idea of a reboot being
> required to update processor microcode.

And then there's the other group who can't afford to reboot long running
machines for whatever reason. As long as we can support both, we should
support both.


ECO tip #101: Trim your mails when you reply.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.