Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp4725891imm; Mon, 18 Jun 2018 21:50:57 -0700 (PDT) X-Google-Smtp-Source: ADUXVKL0kYGfruyXDBUpaxupg+And9rmT0f1gpEkvtGE9pgZFytZmeJCZQcG+/V8/dVDyMCgXS9i X-Received: by 2002:a65:6252:: with SMTP id q18-v6mr13687616pgv.106.1529383857000; Mon, 18 Jun 2018 21:50:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529383856; cv=none; d=google.com; s=arc-20160816; b=jaeiv3WytnHf7ddPGkOkoyfBL627X2ZxaVl9WHt8Ge5DmgylI+QDuqzQEy8wkj11W2 YnsTKlymGL2KPahr+Gi6/dqpAHsok1EwoFRcrFvINgeLJBmIj2rJo/xbyN4pI91M1xqV zbU6l81738JWz65FKs7fMaAImuE9f/kWqbArJKw4Gb6qmdCbLySv9s+3gzct/qy+Nbub AudQMD38ch5tOB1FWsmXEtnhd1T1ftLO4E8C+3khw5xycLwajYk6klukCEBV97F1EaKK eRqGskMPoHhdtNn8cmyxFsw3pvcLL+pUFAKsfzhH3ren9+RI4t49uxjIBroa4Q3xtoqv +/1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:organization:from :references:cc:to:subject:reply-to:dkim-signature :arc-authentication-results; bh=aOBt1BsLxxTABWk/oTuAl//vKfWtS0UknIVUNfyMOJs=; b=z7bgDyxUoH4SBkcD9oI1IbM09NWpiMAugtwkYKdvgqVjVWSEdouZ7G14taFnkQM8Ea lYA80u4LEmV+cIwp2MipptWz2DF6wNXD1bmrc6Y/AN/CAsLfnNtzvivzRaXaCWHkGOBV aOb/GIp+aLdALuTOlmgXiFbbLaLqQCiMtq+ssgns+mNsVTQ3BnCePyp5UOTPBz8dTta3 b1OTb+uDgnKgKGC7LLzEtk9HlXBGoyAIGCgF5rPEFg0AKyt1BPMyt371NCCrYsQjiRE6 XetJRs8sZTDok0u1qs/+eU4Rg6Qs8UnJ+1ymU6DxEorQy2tIlHi1e4ruLDSf7bAq3+9x DfYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=opk0dTu5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f5-v6si18392343pln.414.2018.06.18.21.50.42; Mon, 18 Jun 2018 21:50:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=opk0dTu5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964895AbeFSEuF (ORCPT + 99 others); Tue, 19 Jun 2018 00:50:05 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:38964 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750917AbeFSEuD (ORCPT ); Tue, 19 Jun 2018 00:50:03 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w5J4mnRl107598; Tue, 19 Jun 2018 04:49:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=reply-to : subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=aOBt1BsLxxTABWk/oTuAl//vKfWtS0UknIVUNfyMOJs=; b=opk0dTu5HMF2EsPz7v4Ru12Uh85X2RBdWEoR7Se0S0iMKuHXOoDl9s87IQlnr0Xm3NGM EAr363IqJmQrW6sK2aB7UyIFhNW/Iuw20RL/kl0ImFO2/Q+kZKJYHfvCzz4olXQCAFVM vz6HD/SUjjE/ZYr8f0AM9uJ314X+ZIu16l+jzNqsGvuFfBkFm7F2gSteNaM/XxyPL0qy 81YwZfp0Q/d8gkU215c00lcLzN0SOeF2Ml1qfItvGNvZ/89k+Bn0WTbNASPZW84+OQAu 9YIBqJ4KqQMz0yyGLybX7l5hbwCZwa+03W/EgdZIrdt02VpjE/MMCVLe0VpQCYJS166G Vw== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2130.oracle.com with ESMTP id 2jmt01eh59-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 19 Jun 2018 04:49:35 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w5J4nZAC027933 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 19 Jun 2018 04:49:35 GMT Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w5J4nYGF010140; Tue, 19 Jun 2018 04:49:34 GMT Received: from [10.191.10.231] (/10.191.10.231) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 18 Jun 2018 21:49:34 -0700 Reply-To: zhenzhong.duan@oracle.com Subject: Re: [PATCH] x86/microcode/intel: Ensure new microcode processor flags match with cpu's pf To: Borislav Petkov Cc: Linux-Kernel , mingo@redhat.com, tglx@linutronix.de, Srinivas REDDY Eeda , hpa@zytor.com References: <7d20be40-4c15-4e15-a4d0-cd2efda6d701@default> <20180618195619.GH24921@zn.tnic> From: Zhenzhong Duan Organization: Oracle Message-ID: Date: Tue, 19 Jun 2018 12:49:40 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180618195619.GH24921@zn.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8928 signatures=668702 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806190055 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/6/19 3:56, Borislav Petkov wrote: > On Mon, Jun 04, 2018 at 08:16:51AM +0000, Zhenzhong Duan wrote: >> Intel spec says: 'The processor flags in the 48-byte header and the >> processor flags field associated with the extended processor signature >> structures may have multiple bits set.' >> >> Make sure processor flags of the new microcode intersect with current >> cpu's. Comparing with old microcode's pf can't guarantee this. >> >> Signed-off-by: Zhenzhong Duan >> --- >> arch/x86/kernel/cpu/microcode/intel.c | 8 +++----- >> 1 files changed, 3 insertions(+), 5 deletions(-) >> >> diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c >> index 461e315..54f4014 100644 >> --- a/arch/x86/kernel/cpu/microcode/intel.c >> +++ b/arch/x86/kernel/cpu/microcode/intel.c >> @@ -371,12 +371,10 @@ static int microcode_sanity_check(void *mc, int print_err) >> goto next; >> >> } else { >> - struct microcode_header_intel *phdr = &patch->hdr; >> - >> if (!has_newer_microcode(data, >> - phdr->sig, >> - phdr->pf, >> - phdr->rev)) >> + uci->cpu_sig.sig, >> + uci->cpu_sig.pf, >> + patch->hdr.rev)) >> goto next; >> } >> >> -- > > So I'm scratching my head over this and have no clue what you're trying > to achieve. Is this a fix for a bug you're seeing or what? You'd need to > be a lot more verbose when explaining what this patch is trying to do... Imagine kernel already found a microcode blob A with extended sig/pf matching current cpu, then another microcode B is checked which doesn't match current cpu but matches the sig/pf of microcode A, then microcode B will replaced A, but it's not suitable for current cpu. I didn't see same issue in our system. When fixing another bug and reading upstream microcode code, I found this potential issue, feel free to correct me if it's never possible in reality. Thanks Zhenzhong