Received: by 10.223.185.116 with SMTP id b49csp6221992wrg; Wed, 28 Feb 2018 06:03:17 -0800 (PST) X-Google-Smtp-Source: AH8x225fxkTkXsViVLCSyjD5iApr6/CZsRJ555Goh1RYZ2fiM/+xrqqMnBq5JAwE6b/IQwiggkUx X-Received: by 10.98.157.18 with SMTP id i18mr17900279pfd.62.1519826597726; Wed, 28 Feb 2018 06:03:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519826597; cv=none; d=google.com; s=arc-20160816; b=xHsFrQr/j2EXH1OqbR9Ti0gA3KgowECBUaalHixxBoKUMHvaC9pMqacymnxOnrTexx O6HadnNtohlGveitDhW5Hfc6XQH3u3KapSrkk9IO2jSp0gcAoOUA3l2kijyhiZUGKKwC i2rAfx+h2IBjiZWsA98t16GVHZmxTxcdZvCOCG/oh96sOJye27ymSAhZDlN5mdixPPhG niECN3lx2XQiLxPqzMZUjX2FBRaS752xxhg03+FRb8peqLNXaSrpMhkwm5XKyZAkgXik 3Uy4FX9FHoTSEjTpqA1AP8WrPviGK7sK0bf95c67k6+Qa/ehRWqemKGUczbjAz4kPJah LsLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature :arc-authentication-results; bh=k43f00h2C2amElqfb7DpX9cHiV4BrlJi+3I2DMY3ADs=; b=eLgeYaTwAEITMSYO0mgWidqpbHBpseRLjf4ksyzKse3vO2s7Ela/GMC9yrWb92JdUW mV11yfyrKcF4a30q7e0rt7vxrX26i6bF0Iix8Q7VisjY+NH5pPKYMFgJH2TIQ+YOD76K fQ07hLTVuBepfFi/vDIwXvkzrcP9ZS21gajQbmYPwkYBmdFw5t0lxBylkZpGZr6HvFeG JtJ3514TvEUiVXqgfLoTmKccxQemwPLhtY7Nso/kRb5Vt61iREh+Cqj6+teKYGTHLfrD 8DPoUaBIqee5Edes5A+W8ck+RpI0EMHl6rkQMXvxx7k2WAJxjQuvLAEccX35YaOER6Ue x45Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hmh.eng.br header.s=fm1 header.b=cxrvcKMC; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=IH+jJLF/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5-v6si1368795plo.104.2018.02.28.06.02.56; Wed, 28 Feb 2018 06:03:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@hmh.eng.br header.s=fm1 header.b=cxrvcKMC; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=IH+jJLF/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752627AbeB1N7l (ORCPT + 99 others); Wed, 28 Feb 2018 08:59:41 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:56985 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752488AbeB1N7j (ORCPT ); Wed, 28 Feb 2018 08:59:39 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 2F70921F4E; Wed, 28 Feb 2018 08:59:37 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Wed, 28 Feb 2018 08:59:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hmh.eng.br; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=k43f00h2C2amElqfb7DpX9cHiV4BrlJi+3I2DMY3ADs=; b=cxrvcKMC 8b7sqANIEBVXoxXfA0lIZrtSmlGkoD5pwKk0K5bEpSESDpF51xKbP7shGZ7cpwT1 RXm0sq4sTBByUppOaZQUjKsFI4aY4gCiLcis64kJHafImkp03WwzSPtoP2BBV7nz i6gfdNaJsfBTsazs8lVVrbd7RdhAf0rta/KWgcdscwe8mACSMYYpQpP0om59X5UT fT9Jgaykd6lHF1STp1eBZ/Lt0ROUWMSf7671j1BuOcsRVPoGCWlKixcisobca1Vc dqyg+84Wuo5hgLEtiKGhh7WDao6FT+aLhQ09k34tEHqywpWf071cceVMeziMGGyc ovVaOZrusXGOqQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=k43f00h2C2amElqfb7DpX9cHiV4Br lJi+3I2DMY3ADs=; b=IH+jJLF/RgEiijq2WSM0q93XcFrkuED6deYlAafxccckv aUaJK7/BYJjZnvHAB/1FTKEe6i0SqOZAe4h/+KDKqSR4A5ObJxsarUXMN/8VD270 jeRTmIxKvH2wcRI9ZXTd6mVHCTR4i/Q7+45key4Of92l1yivL6+QM/8HRnRz9kW3 9Rtt9lhjeUHk58+I0B4N0qL5qEV45cEH8PWTbZjWd2dHju4vDfaNMDIQ2kya0tnN 7HL6ipahLyDwDT7JqVBDAO8Xt9/OkIn89dDqY445u7NAtodLSbxqYrK5SgLA3e+y 32pVMAXqY7DDMg3+dWzzR0OQQ2cnV5FHtG42PYeug== X-ME-Sender: Received: from khazad-dum.debian.net (unknown [201.82.128.91]) by mail.messagingengine.com (Postfix) with ESMTPA id 9A0EB7E4EC; Wed, 28 Feb 2018 08:59:36 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by localhost.khazad-dum.debian.net (Postfix) with ESMTP id 2A5D83400411; Wed, 28 Feb 2018 10:59:32 -0300 (-03) X-Virus-Scanned: Debian amavisd-new at khazad-dum.debian.net Received: from khazad-dum.debian.net ([127.0.0.1]) by localhost (khazad-dum2.khazad-dum.debian.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id J4iFyM5S5sUq; Wed, 28 Feb 2018 10:59:31 -0300 (-03) Received: by khazad-dum.debian.net (Postfix, from userid 1000) id 60D4C340040A; Wed, 28 Feb 2018 10:59:31 -0300 (-03) Date: Wed, 28 Feb 2018 10:59:31 -0300 From: Henrique de Moraes Holschuh To: Borislav Petkov Cc: X86 ML , Arjan Van De Ven , Ashok Raj , Tom Lendacky , LKML Subject: Re: [PATCH 7/7] x86/microcode: Synchronize late microcode loading Message-ID: <20180228135931.uwveegfdv5afozxe@khazad-dum.debian.net> References: <20180228102846.13447-1-bp@alien8.de> <20180228102846.13447-8-bp@alien8.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180228102846.13447-8-bp@alien8.de> X-GPG-Fingerprint1: 4096R/0x0BD9E81139CB4807: C467 A717 507B BAFE D3C1 6092 0BD9 E811 39CB 4807 User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 28 Feb 2018, Borislav Petkov wrote: > + * Late loading dance. Why the heavy-handed stomp_machine effort? > + * > + * - HT siblings must be idle and not execute other code while the other sibling > + * is loading microcode in order to avoid any negative interactions caused by > + * the loading. > + * > + * - In addition, microcode update on the cores must be serialized until this > + * requirement can be relaxed in the future. Right now, this is conservative > + * and good. Eek! If I read that right, this effectively halts the entire box until every core is updated, with one core entering deep-coma at a time (the rest are left either spinning or cpu_relax()ing depending on whether they have already updated or not)? If this is correct, I shudder at what it would do on a server with dozens, or hundreds of cores... According to Ben Hawkes' paper, Intel's on-die microcode update loader takes linear time relative to the update size to do the crypto dance. On my single-xeon X5550 workstation, which should be relatively fast since its microcode update is small, the whole thing would take about 3,2 million cycles (circa 800k cycles per core, 4 cores, skipping hyperthreads) to do a sync late update. I don't believe this has changed much, but I *did not* test, e.g., a Skylake Xeon, or anything newer than that Xeon X5550. Anyway, maybe there is a safe way to do it in a more parallel fashion based on cpu topology? AFAIK, it is not like there is any way to make OS microcode updates (early or late) safe against SMIs and NMIs hitting the sibling hyperthread while updating the other, so we don't have to care about *that* nasty corner case simply because we can't avoid it in the first place. Hopefully AMD has none of those pitfalls, and could just trigger an update on half the cores at a time, easily bounding it to approximately twice the time it takes to update a single core :-( -- Henrique Holschuh