[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 11/11] x86/ucode/amd: Rework parsing logic in cpu_request_microcode()


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 31 Mar 2020 16:55:47 +0100
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Tue, 31 Mar 2020 15:55:54 +0000
  • Ironport-sdr: rudUzV25gWkqoLF3akodjYfFhvrC0VQER3J/yjyUb0cnZEjoWHoiobq9SsxnrzdSlgjnjOJP1n YwyJGYHfLQNpYqh5wbzVm+sA939GYnk+lik6DRqnIUK9nQg6cL+rXK56tCOOL2+yLsytVJV0xX TLD1tQZrq+qNYlMC4sVyQvDkLboBU1cp2LO9wa8yTgsyi5peb+ZdHV0kNRQTJqGQQJ6XxgcMBO qD0jXcu1ByJK0wyoTA3A31Jr0lgpL97mIVEIk6iorkdqiOZuR2iZZKHAtIY0cE/iFKD6UJplon g5A=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 31/03/2020 16:27, Jan Beulich wrote:
> On 31.03.2020 17:19, Andrew Cooper wrote:
>> On 31/03/2020 16:07, Jan Beulich wrote:
>>> On 31.03.2020 12:05, Andrew Cooper wrote:
>>>> @@ -269,55 +265,25 @@ static int apply_microcode(const struct 
>>>> microcode_patch *patch)
>>>>      return 0;
>>>>  }
>>>>  
>>>> -static int scan_equiv_cpu_table(
>>>> -    const void *data,
>>>> -    size_t size_left,
>>>> -    size_t *offset)
>>>> +static int scan_equiv_cpu_table(const struct container_equiv_table *et)
>>>>  {
>>>>      const struct cpu_signature *sig = &this_cpu(cpu_sig);
>>>> -    const struct mpbhdr *mpbuf;
>>>> -    const struct equiv_cpu_entry *eq;
>>>> -    unsigned int i, nr;
>>>> -
>>>> -    if ( size_left < (sizeof(*mpbuf) + 4) ||
>>>> -         (mpbuf = data + *offset + 4,
>>>> -          size_left - sizeof(*mpbuf) - 4 < mpbuf->len) )
>>>> -    {
>>>> -        printk(XENLOG_WARNING "microcode: No space for equivalent cpu 
>>>> table\n");
>>>> -        return -EINVAL;
>>>> -    }
>>>> -
>>>> -    *offset += mpbuf->len + CONT_HDR_SIZE;        /* add header length */
>>>> -
>>>> -    if ( mpbuf->type != UCODE_EQUIV_CPU_TABLE_TYPE )
>>>> -    {
>>>> -        printk(KERN_ERR "microcode: Wrong microcode equivalent cpu table 
>>>> type field\n");
>>>> -        return -EINVAL;
>>>> -    }
>>>> -
>>>> -    if ( mpbuf->len == 0 || mpbuf->len % sizeof(*eq) ||
>>>> -         (eq = (const void *)mpbuf->data,
>>>> -          nr = mpbuf->len / sizeof(*eq),
>>>> -          eq[nr - 1].installed_cpu) )
>>> Did this last check get lost? I can't seem to be able to identify
>>> any possible replacement.
>> Given the lack of a spec, I'm unsure whether to keep it or not.
>>
>> It is necessary in the backport of patch 1, because find_equiv_cpu_id()
>> doesn't have mpbuf->len to hand, and relies on the sentinel to find the
>> end of the table.
>>
>> OTOH, the new logic will cope perfectly well without a sentinel.
> Okay.
>
>>>>  static struct microcode_patch *cpu_request_microcode(const void *buf, 
>>>> size_t size)
>>>>  {
>>>>      const struct microcode_patch *saved = NULL;
>>>>      struct microcode_patch *patch = NULL;
>>>> -    size_t offset = 0, saved_size = 0;
>>>> +    size_t saved_size = 0;
>>>>      int error = 0;
>>>> -    unsigned int cpu = smp_processor_id();
>>>> -    const struct cpu_signature *sig = &per_cpu(cpu_sig, cpu);
>>>>  
>>>> -    if ( size < 4 ||
>>>> -         *(const uint32_t *)buf != UCODE_MAGIC )
>>>> +    while ( size )
>>>>      {
>>>> -        printk(KERN_ERR "microcode: Wrong microcode patch file magic\n");
>>>> -        error = -EINVAL;
>>>> -        goto out;
>>>> -    }
>>>> -
>>>> -    /*
>>>> -     * Multiple container file support:
>>>> -     * 1. check if this container file has equiv_cpu_id match
>>>> -     * 2. If not, fast-fwd to next container file
>>>> -     */
>>>> -    while ( offset < size )
>>>> -    {
>>>> -        error = scan_equiv_cpu_table(buf, size - offset, &offset);
>>>> -
>>>> -        if ( !error || error != -ESRCH )
>>>> -            break;
>>>> +        const struct container_equiv_table *et;
>>>> +        bool skip_ucode;
>>>>  
>>>> -        error = container_fast_forward(buf, size - offset, &offset);
>>>> -        if ( error == -ENODATA )
>>>> +        if ( size < 4 || *(const uint32_t *)buf != UCODE_MAGIC )
>>>>          {
>>>> -            ASSERT(offset == size);
>>>> +            printk(XENLOG_ERR "microcode: Wrong microcode patch file 
>>>> magic\n");
>>>> +            error = -EINVAL;
>>>>              break;
>>>>          }
>>>> -        if ( error )
>>>> +
>>>> +        /* Move over UCODE_MAGIC. */
>>>> +        buf  += 4;
>>>> +        size -= 4;
>>>> +
>>>> +        if ( size < sizeof(*et) ||
>>>> +             (et = buf)->type != UCODE_EQUIV_CPU_TABLE_TYPE ||
>>>> +             size - sizeof(*et) < et->len ||
>>>> +             et->len % sizeof(et->eq[0]) )
>>>>          {
>>>> -            printk(KERN_ERR "microcode: CPU%d incorrect or corrupt 
>>>> container file\n"
>>>> -                   "microcode: Failed to update patch level. "
>>>> -                   "Current lvl:%#x\n", cpu, sig->rev);
>>>> +            printk(XENLOG_ERR "microcode: Bad equivalent cpu table\n");
>>>> +            error = -EINVAL;
>>>>              break;
>>>>          }
>>>> -    }
>>>>  
>>>> -    if ( error )
>>>> -    {
>>>> -        /*
>>>> -         * -ENODATA here means that the blob was parsed fine but no 
>>>> matching
>>>> -         * ucode was found. Don't return it to the caller.
>>>> -         */
>>>> -        if ( error == -ENODATA )
>>>> -            error = 0;
>>>> -
>>>> -        goto out;
>>>> -    }
>>>> +        /* Move over the Equiv table. */
>>>> +        buf  += sizeof(*et) + et->len;
>>>> +        size -= sizeof(*et) + et->len;
>>>> +
>>>> +        error = scan_equiv_cpu_table(et);
>>>> +        if ( error && error != -ESRCH )
>>>> +            break;
>>> With this the only non-zero value left for error is -ESRCH.
>>> Hence ...
>>>
>>>> +        /* -ESRCH means no applicable microcode in this container. */
>>>> +        skip_ucode = error == -ESRCH;
>>> ... perhaps omit the "== -ESRCH" here, moving the comment up
>>> ahead of the if()?
>> That doesn't work, because you've got to reset error to 0 somewhere (to
>> avoid it leaking out if you don't find suitable microcode), and it can't
>> be before checking for errors in general.  It can't easily become a
>> conditional because skip_ucode needs setting unconditionally.
> I don't follow - what's wrong with
>
>         /* -ESRCH means no applicable microcode in this container. */
>         if ( error && error != -ESRCH )
>            break;
>         skip_ucode = error;
>         error = 0;
>
> ?

Oh - I misinterpreted your suggestion.  That looks ok.

Are you happy overall with this change?

~Andrew



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.