Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5486551ybe; Tue, 17 Sep 2019 08:41:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqwCJAjzC3W6ZC1E5dJPSsRhCs9ZMaolfUCzaVmZeJgWCBXSZcN2dzLEZDCWpy9/ssy5huK1 X-Received: by 2002:aa7:c559:: with SMTP id s25mr5417926edr.198.1568734914028; Tue, 17 Sep 2019 08:41:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568734914; cv=none; d=google.com; s=arc-20160816; b=qll9M+ONiKHujdlHQKYry+R6wp5a1nFSpIlfmlWF4T+l/RMUXg9ZpfeEssVuaYtzON XDqo0ysuYchJs7hTrf/Fbs9WOPKGK0p6OtKOeHxmT4/WJojZxag/Nf0FYSe4re4PYTPq HOlAwzqDBvtZEOtsOfp2PyKgvy64+ratW41Y4+4NLb0qgLnaJVGcv0a+DZQEXMsGaPml GzBiXeZKC/qnJ0pmUyR1eaM5qhXitn2ClBj43s2Cr1844LWLQr12KLXEIdWHlfgfd/HU 0af98g5vgWdjArBXAmxyL+Zvb5Q9ZtWh/0Te5g/nRKeBy4Q8DZ3vDLG1Eq6kvxjolZ1x AWPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=6j9ziGysulnPwp07r2+KDq0qWeLEdPQWL8EgxipDmWE=; b=QkloOxVrnqp36FinkIslw21N2lp9qSVQzAnig+FgnDSZVoQZVXBYvYlfC8ovK7d6ls u4bGGVJYlbgxD7TrZJovBccgD2Ac5Ox9IsRsX1Nq0CHqsrEy1m3wPItidcHuAj4pmgoz /SUvdHkcrq+UrxU9WyT0Wv+wGKAw6JGKBIyjWiSD6mWjE3ecJgtoL8ro+ZmtF/5R55dh b+/0WXmKBE2yoYpbd5VuzCEQvlFSM0yznviF7SMms1Tcr42Ed797/ye9G6GL9LUucBBj VfCf6zgjB6rCN1ntS0ciFTtzLs85wRBhOkNr/O4XcQWa4X3v/L9rHEK7k1FlbLTBfGtU b/fw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ha10si1276991ejb.300.2019.09.17.08.41.30; Tue, 17 Sep 2019 08:41:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404274AbfIQGho (ORCPT + 99 others); Tue, 17 Sep 2019 02:37:44 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:40723 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729094AbfIQGhn (ORCPT ); Tue, 17 Sep 2019 02:37:43 -0400 Received: from pd9ef19d4.dip0.t-ipconnect.de ([217.239.25.212] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iA770-00044V-0x; Tue, 17 Sep 2019 08:37:18 +0200 Date: Tue, 17 Sep 2019 08:37:10 +0200 (CEST) From: Thomas Gleixner To: "Raj, Ashok" cc: Johannes Erdfelt , Borislav Petkov , Boris Ostrovsky , Mihai Carabas , "H. Peter Anvin" , Ingo Molnar , Jon Grimm , kanth.ghatraju@oracle.com, konrad.wilk@oracle.com, patrick.colp@oracle.com, Tom Lendacky , x86-ml , linux-kernel@vger.kernel.org Subject: Re: [PATCH] x86/microcode: Add an option to reload microcode even if revision is unchanged In-Reply-To: <20190917003122.GA3005@otc-nc-03> Message-ID: References: <20190905072029.GB19246@zn.tnic> <20190905194044.GA3663@otc-nc-03> <20190905222706.GA4422@otc-nc-03> <20190906144039.GA29569@sventech.com> <20190907003338.GA14807@araj-mobl1.jf.intel.com> <20190917003122.GA3005@otc-nc-03> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Raj, On Mon, 16 Sep 2019, Raj, Ashok wrote: > On Mon, Sep 16, 2019 at 12:36:11PM +0200, Thomas Gleixner wrote: > > That said, there is also a distinct lack of information about micro code > > loading in a safe way in general. We absolutely do not know whether a micro > > code update affects any instruction which might be in use during the update > > on a sibling. Right now it's all load and pray and the SDM is not really > > helpful with that either. > > > > Guilty as charged :-). In general we do not expect microcode updates to > remove any cpuid bits (Not that it hasn't happened, but it slipped through > the cracks). > > microode updates should be of 3 types. > > - Only loadable from BIOS (Only via FIT tables) > - Suitable for early load (things that take cpuid bits for e.g.) > - Suitable for late-load. (Where no cpuid bits should change etc). > > Today the way we load after a stop_machine() all threads in the system are > held hostage until all the cores have done the update. The thread sibling > is also in the rendezvous loop. I know. See below. > Do you think we still have that risk with a sibling thread? > (Assuming future ucodes don't do weird things like what happened in > that case where a cpuid was removed via an update) Well, yes. The sibling executes a limited set of instructions in a loop, but it might be hit by an NMI or MCE which executes even more instructions. So what happens if the ucode update "fixes" one of the executed instructions on the fly? Is that guaranteed to be safe? There is nothing which says so. A decade ago I experimented with putting the spinning CPUs into MWAIT, which caused havoc. Did neither have time nor the stomach to dig into that further, but the ucode update _did_ fix an issue with MWAIT according to the version history. That's why I'm worried about instructions being "fixed" which are executed in parallel on the sibling. An authorative statement vs. that would be appreciated. Preferrably in form of an extension of the SDM, but an upfront statement in this thread would be a good start. Thanks, tglx