From c9fe53e716d7e7b8ad1ae87d6e8e15b7a3c78782 Mon Sep 17 00:00:00 2001 From: Packit Service Date: Dec 09 2020 22:03:17 +0000 Subject: microcode_ctl-20200609 base --- diff --git a/README.md b/README.md new file mode 100644 index 0000000..47e49c4 --- /dev/null +++ b/README.md @@ -0,0 +1,106 @@ +# Intel Processor Microcode Package for Linux + +## About + +The Intel Processor Microcode Update (MCU) Package provides a mechanism to release updates for security advisories and functional issues, including errata. In addition, MCUs are responsible for starting the SGX enclave (on processors that support the SGX feature), implementing complex behaviors (such as assists), and more. The preferred method to apply MCUs is using the system BIOS. For a subset of Intel's processors, the MCU can also be updated at runtime using the operating system. The Intel Microcode Package shared here contains updates for those processors that support OS loading of MCUs. + +## Why update the microcode? +Updating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues that could, for example, result in unpredictable system behavior such as hangs, crashes, unexpected reboots, data errors, etc. To learn more about applying MCUs to an Intel processor, see [Microcode Update Guidance](https://software.intel.com/security-software-guidance/insights/microcode-update-guidance). + +## Loading microcode updates + +This package is provided for Linux distributors for inclusion in their OS releases. Intel recommends obtaining the latest MCUs using the OS vendor update mechanism. A good starting point is [OS and Software Vendor](https://software.intel.com/security-software-guidance/insights/guidance-system-administrators-mitigate-transient-execution-side-channel-issues). Expert users can update their microcode directly outside the OS vendor mechanism. However, this method is complex and could result in errors if performed incorrectly. Such errors could include but are not limited to system freezes, inability to boot, performance impacts, logical processors loading different updates, and some updates not taking effect. As a result, this method should be attempted by expert users only. + +MCUs are best loaded from the BIOS. Certain MCUs must only be applied from the BIOS. Such MCUs are never packaged in this package since they are not appropriate for OS distribution. An OEM may receive microcode update packages that are a superset of what is contained in this package for inclusion in a BIOS. + +OS vendors may choose to provide an MCU that the kernel can consume for early loading. For example, Linux can apply an MCU very early in the kernel boot sequence. In situations where a BIOS update isn't available, early loading is the next best alternative to updating processor microcode. **Microcode states are reset on a power reset, hence its required that the MCU be loaded every time during boot process.** + +## Recommendation + +Using the initrd method to load an MCU is recommended as this method will load the MCU at the earliest time for the most coverage. Systems that cannot tolerate downtime may use the late-load method to update a running system without a reboot. + +## About Processor Signature, Family, Model, Stepping and Platform ID + +The Processor Signature is a number identifying the model and version of an Intel processor. It can be obtained using the *CPUID instruction*, via the command *lscpu*, or from the content of */proc/cpuinfo*. It's usually presented as 3 fields: Family, Model, and Stepping. + +For example, if a processor returns a value of "0x000906eb" from the *CPUID instruction*: + +| Reserved | Extended Family | Extended Model | Reserved | Processor Type | Family Code | Model Number | Stepping ID | +|:---------|:----------------|:---------------|:---------|:---------------|:------------|:-------------|:------------| +| 31:28 | 27:20 | 19:16 | 15:14 | 13:12 | 11:8 | 7:4 | 3:0 | +| xxxx | 00000000b | 1001b | xx | 00b | 0110b | 1110b | 1011b | + + +The corresponding Linux formatted file name will be "06-9e-0b", where: +- Extended Family + Family = 0x06 +- Extended Model + Model Number = 0x9e +- Stepping ID = 0xb + +A processor may be implemented for multiple platform types. Intel processors have a 3bit Platform ID field in MSR(17H) that specifies the platform type for up to 8 types. An MCU file for a specified processor model may support multiple platforms. The Platform ID(s) supported by an MCU is an 8bit mask where each set bit indicates a platform type that the MCU supports. The Platform ID of a processor can be read in Linux using rdmsr from [msr-tools](https://github.com/intel/msr-tools). + +## Microcode update instructions + +The [intel-ucode](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/master/intel-ucode) directory contains binary MCU files named in the `family-model-stepping` format. This file format is supported by most modern Linux distributions. It's generally located in the /lib/firmware directory and can be updated through the microcode reload interface following the late-load update instructions below. + +### Early-load update +To update early loading initrd, consult your Linux distribution on how to package MCU files for early loading. Some distributions use `update-initramfs` or `dracut`. Use the OS vendors recommended method to help ensure that the MCU file is updated for early loading before attempting the late-load procedure below. + +### Late-load update +To update the intel-ucode package to the system: +1. Ensure the existence of `/sys/devices/system/cpu/microcode/reload` +2. Download the latest microcode firmware
`$ git clone https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git` or
`$ wget https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/master.zip` +3. Copy `intel-ucode` directory to `/lib/firmware`, overwriting the files in /lib/firmware/intel-ucode/ +4. Write the reload interface to 1 to reload the microcode files, e.g.
+ `$ echo 1 > /sys/devices/system/cpu/microcode/reload`
+ Microcode updates will be applied automatically without rebooting the system. +5. Update an existing initramfs so that next time it gets loaded via kernel:
+`$ sudo update-initramfs -u`
+`$ sudo reboot` +6. Verify that the microcode was updated on boot or reloaded by echo command:
+`$ dmesg | grep microcode` or
+`$ cat /proc/cpuinfo | grep microcode | sort | uniq` + +If you are using the OS vendor method to apply an MCU, the above steps may have been done automatically during the update process. + +The [intel-ucode-with-caveats](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/master/intel-ucode-with-caveats) directory contains MCUs that need special handling. The BDX-ML MCU is provided in this directory because it requires special commits in the Linux kernel otherwise updating it might result in unexpected system behavior. OS vendors must ensure that the late loader patches (provided in [linux-kernel-patches](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/master/linux-kernel-patches)) are included in the distribution before packaging the BDX-ML MCU for late-loading. + +The [linux-kernel-patches](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/master/linux-kernel-patches) directory consists of kernel patches that address various issues related to applying MCUs. + +## Notes + +* You can only update to a higher MCU version (downgrade is not possible with the provided instructions) +* To calculate Family-Model-Stepping, use Linux command:
+`$ printf "%x\n" ` +* There are multiple ways to check the MCU version number BEFORE update. After cloning this Intel Microcode update repo , run the following: + - `$ iucode_tool -l intel-ucode | grep -wF sig` ([iucode_tool](https://gitlab.com/iucode-tool/iucode-tool/-/wikis/home) package is required) + - `$ od -t x4 ` will read the first 16 bytes of the microcode binary header specified in \. The third block is the microcode version. For example: +`$ od -t x4 06-55-04`
+`0000000 00000001 *02000065* 09052019 00050654` + +## License + +See the [license](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/master/license) file for details. + +## Security Policy + +See the [security.md](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/master/security.md) file for details. + +## Release Note + +See the [releasenote.md](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/master/releasenote.md) file for details. + +## Disclaimers + +Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at [www.intel.com](https://www.intel.com). + +No product or component can be absolutely secure. + +All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. + +The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request. + +Intel provides these materials as-is, with no express or implied warranties. + +© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. + +*Other names and brands may be claimed as the property of others. \ No newline at end of file diff --git a/intel-ucode-with-caveats/06-4f-01 b/intel-ucode-with-caveats/06-4f-01 new file mode 100644 index 0000000..b38c4a5 Binary files /dev/null and b/intel-ucode-with-caveats/06-4f-01 differ diff --git a/intel-ucode/06-03-02 b/intel-ucode/06-03-02 new file mode 100644 index 0000000..7543c59 Binary files /dev/null and b/intel-ucode/06-03-02 differ diff --git a/intel-ucode/06-05-00 b/intel-ucode/06-05-00 new file mode 100644 index 0000000..6f502e0 Binary files /dev/null and b/intel-ucode/06-05-00 differ diff --git a/intel-ucode/06-05-01 b/intel-ucode/06-05-01 new file mode 100644 index 0000000..de548de Binary files /dev/null and b/intel-ucode/06-05-01 differ diff --git a/intel-ucode/06-05-02 b/intel-ucode/06-05-02 new file mode 100644 index 0000000..3444aff Binary files /dev/null and b/intel-ucode/06-05-02 differ diff --git a/intel-ucode/06-05-03 b/intel-ucode/06-05-03 new file mode 100644 index 0000000..55878ae Binary files /dev/null and b/intel-ucode/06-05-03 differ diff --git a/intel-ucode/06-06-00 b/intel-ucode/06-06-00 new file mode 100644 index 0000000..fd9a8a7 Binary files /dev/null and b/intel-ucode/06-06-00 differ diff --git a/intel-ucode/06-06-05 b/intel-ucode/06-06-05 new file mode 100644 index 0000000..522c0db Binary files /dev/null and b/intel-ucode/06-06-05 differ diff --git a/intel-ucode/06-06-0a b/intel-ucode/06-06-0a new file mode 100644 index 0000000..d3aa9ce Binary files /dev/null and b/intel-ucode/06-06-0a differ diff --git a/intel-ucode/06-06-0d b/intel-ucode/06-06-0d new file mode 100644 index 0000000..6e38e60 Binary files /dev/null and b/intel-ucode/06-06-0d differ diff --git a/intel-ucode/06-07-01 b/intel-ucode/06-07-01 new file mode 100644 index 0000000..e030715 Binary files /dev/null and b/intel-ucode/06-07-01 differ diff --git a/intel-ucode/06-07-02 b/intel-ucode/06-07-02 new file mode 100644 index 0000000..d6c9bb7 Binary files /dev/null and b/intel-ucode/06-07-02 differ diff --git a/intel-ucode/06-07-03 b/intel-ucode/06-07-03 new file mode 100644 index 0000000..ad8bfe4 Binary files /dev/null and b/intel-ucode/06-07-03 differ diff --git a/intel-ucode/06-08-01 b/intel-ucode/06-08-01 new file mode 100644 index 0000000..b40b4c0 Binary files /dev/null and b/intel-ucode/06-08-01 differ diff --git a/intel-ucode/06-08-03 b/intel-ucode/06-08-03 new file mode 100644 index 0000000..659c72c Binary files /dev/null and b/intel-ucode/06-08-03 differ diff --git a/intel-ucode/06-08-06 b/intel-ucode/06-08-06 new file mode 100644 index 0000000..35096c0 Binary files /dev/null and b/intel-ucode/06-08-06 differ diff --git a/intel-ucode/06-08-0a b/intel-ucode/06-08-0a new file mode 100644 index 0000000..fd67bdd Binary files /dev/null and b/intel-ucode/06-08-0a differ diff --git a/intel-ucode/06-09-05 b/intel-ucode/06-09-05 new file mode 100644 index 0000000..e3d6342 Binary files /dev/null and b/intel-ucode/06-09-05 differ diff --git a/intel-ucode/06-0a-00 b/intel-ucode/06-0a-00 new file mode 100644 index 0000000..184c3f4 Binary files /dev/null and b/intel-ucode/06-0a-00 differ diff --git a/intel-ucode/06-0a-01 b/intel-ucode/06-0a-01 new file mode 100644 index 0000000..2fef7ce Binary files /dev/null and b/intel-ucode/06-0a-01 differ diff --git a/intel-ucode/06-0b-01 b/intel-ucode/06-0b-01 new file mode 100644 index 0000000..92fbf6a Binary files /dev/null and b/intel-ucode/06-0b-01 differ diff --git a/intel-ucode/06-0b-04 b/intel-ucode/06-0b-04 new file mode 100644 index 0000000..e08e73c Binary files /dev/null and b/intel-ucode/06-0b-04 differ diff --git a/intel-ucode/06-0d-06 b/intel-ucode/06-0d-06 new file mode 100644 index 0000000..d11772c Binary files /dev/null and b/intel-ucode/06-0d-06 differ diff --git a/intel-ucode/06-0e-08 b/intel-ucode/06-0e-08 new file mode 100644 index 0000000..d31fa24 Binary files /dev/null and b/intel-ucode/06-0e-08 differ diff --git a/intel-ucode/06-0e-0c b/intel-ucode/06-0e-0c new file mode 100644 index 0000000..e2b5a54 Binary files /dev/null and b/intel-ucode/06-0e-0c differ diff --git a/intel-ucode/06-0f-02 b/intel-ucode/06-0f-02 new file mode 100644 index 0000000..8f31db5 Binary files /dev/null and b/intel-ucode/06-0f-02 differ diff --git a/intel-ucode/06-0f-06 b/intel-ucode/06-0f-06 new file mode 100644 index 0000000..0efcffb Binary files /dev/null and b/intel-ucode/06-0f-06 differ diff --git a/intel-ucode/06-0f-07 b/intel-ucode/06-0f-07 new file mode 100644 index 0000000..5e75b6c Binary files /dev/null and b/intel-ucode/06-0f-07 differ diff --git a/intel-ucode/06-0f-0a b/intel-ucode/06-0f-0a new file mode 100644 index 0000000..436e607 Binary files /dev/null and b/intel-ucode/06-0f-0a differ diff --git a/intel-ucode/06-0f-0b b/intel-ucode/06-0f-0b new file mode 100644 index 0000000..1907ec6 Binary files /dev/null and b/intel-ucode/06-0f-0b differ diff --git a/intel-ucode/06-0f-0d b/intel-ucode/06-0f-0d new file mode 100644 index 0000000..d7e6227 Binary files /dev/null and b/intel-ucode/06-0f-0d differ diff --git a/intel-ucode/06-16-01 b/intel-ucode/06-16-01 new file mode 100644 index 0000000..4e81f95 Binary files /dev/null and b/intel-ucode/06-16-01 differ diff --git a/intel-ucode/06-17-06 b/intel-ucode/06-17-06 new file mode 100644 index 0000000..93a69eb Binary files /dev/null and b/intel-ucode/06-17-06 differ diff --git a/intel-ucode/06-17-07 b/intel-ucode/06-17-07 new file mode 100644 index 0000000..cc6bc81 Binary files /dev/null and b/intel-ucode/06-17-07 differ diff --git a/intel-ucode/06-17-0a b/intel-ucode/06-17-0a new file mode 100644 index 0000000..2275d65 Binary files /dev/null and b/intel-ucode/06-17-0a differ diff --git a/intel-ucode/06-1a-04 b/intel-ucode/06-1a-04 new file mode 100644 index 0000000..4604f50 Binary files /dev/null and b/intel-ucode/06-1a-04 differ diff --git a/intel-ucode/06-1a-05 b/intel-ucode/06-1a-05 new file mode 100644 index 0000000..154e08c Binary files /dev/null and b/intel-ucode/06-1a-05 differ diff --git a/intel-ucode/06-1c-02 b/intel-ucode/06-1c-02 new file mode 100644 index 0000000..db30b52 Binary files /dev/null and b/intel-ucode/06-1c-02 differ diff --git a/intel-ucode/06-1c-0a b/intel-ucode/06-1c-0a new file mode 100644 index 0000000..5dcbe9a Binary files /dev/null and b/intel-ucode/06-1c-0a differ diff --git a/intel-ucode/06-1d-01 b/intel-ucode/06-1d-01 new file mode 100644 index 0000000..fc9c5f4 Binary files /dev/null and b/intel-ucode/06-1d-01 differ diff --git a/intel-ucode/06-1e-05 b/intel-ucode/06-1e-05 new file mode 100644 index 0000000..b692f51 Binary files /dev/null and b/intel-ucode/06-1e-05 differ diff --git a/intel-ucode/06-25-02 b/intel-ucode/06-25-02 new file mode 100644 index 0000000..f63ee55 Binary files /dev/null and b/intel-ucode/06-25-02 differ diff --git a/intel-ucode/06-25-05 b/intel-ucode/06-25-05 new file mode 100644 index 0000000..06bbbc5 Binary files /dev/null and b/intel-ucode/06-25-05 differ diff --git a/intel-ucode/06-26-01 b/intel-ucode/06-26-01 new file mode 100644 index 0000000..355f374 Binary files /dev/null and b/intel-ucode/06-26-01 differ diff --git a/intel-ucode/06-2a-07 b/intel-ucode/06-2a-07 new file mode 100644 index 0000000..844fc1f Binary files /dev/null and b/intel-ucode/06-2a-07 differ diff --git a/intel-ucode/06-2c-02 b/intel-ucode/06-2c-02 new file mode 100644 index 0000000..2a78b4a Binary files /dev/null and b/intel-ucode/06-2c-02 differ diff --git a/intel-ucode/06-2d-06 b/intel-ucode/06-2d-06 new file mode 100644 index 0000000..29eb3e9 Binary files /dev/null and b/intel-ucode/06-2d-06 differ diff --git a/intel-ucode/06-2d-07 b/intel-ucode/06-2d-07 new file mode 100644 index 0000000..23926a0 Binary files /dev/null and b/intel-ucode/06-2d-07 differ diff --git a/intel-ucode/06-2e-06 b/intel-ucode/06-2e-06 new file mode 100644 index 0000000..1ec0402 Binary files /dev/null and b/intel-ucode/06-2e-06 differ diff --git a/intel-ucode/06-2f-02 b/intel-ucode/06-2f-02 new file mode 100644 index 0000000..8cebe97 Binary files /dev/null and b/intel-ucode/06-2f-02 differ diff --git a/intel-ucode/06-37-08 b/intel-ucode/06-37-08 new file mode 100644 index 0000000..513dc1a Binary files /dev/null and b/intel-ucode/06-37-08 differ diff --git a/intel-ucode/06-37-09 b/intel-ucode/06-37-09 new file mode 100644 index 0000000..410fa71 Binary files /dev/null and b/intel-ucode/06-37-09 differ diff --git a/intel-ucode/06-3a-09 b/intel-ucode/06-3a-09 new file mode 100644 index 0000000..896e410 Binary files /dev/null and b/intel-ucode/06-3a-09 differ diff --git a/intel-ucode/06-3c-03 b/intel-ucode/06-3c-03 new file mode 100644 index 0000000..275df73 Binary files /dev/null and b/intel-ucode/06-3c-03 differ diff --git a/intel-ucode/06-3d-04 b/intel-ucode/06-3d-04 new file mode 100644 index 0000000..a788b3c Binary files /dev/null and b/intel-ucode/06-3d-04 differ diff --git a/intel-ucode/06-3e-04 b/intel-ucode/06-3e-04 new file mode 100644 index 0000000..b60f219 Binary files /dev/null and b/intel-ucode/06-3e-04 differ diff --git a/intel-ucode/06-3e-06 b/intel-ucode/06-3e-06 new file mode 100644 index 0000000..41b2d07 Binary files /dev/null and b/intel-ucode/06-3e-06 differ diff --git a/intel-ucode/06-3e-07 b/intel-ucode/06-3e-07 new file mode 100644 index 0000000..21a97de Binary files /dev/null and b/intel-ucode/06-3e-07 differ diff --git a/intel-ucode/06-3f-02 b/intel-ucode/06-3f-02 new file mode 100644 index 0000000..8c9f14b Binary files /dev/null and b/intel-ucode/06-3f-02 differ diff --git a/intel-ucode/06-3f-04 b/intel-ucode/06-3f-04 new file mode 100644 index 0000000..2cdbb7c Binary files /dev/null and b/intel-ucode/06-3f-04 differ diff --git a/intel-ucode/06-45-01 b/intel-ucode/06-45-01 new file mode 100644 index 0000000..1fe82fd Binary files /dev/null and b/intel-ucode/06-45-01 differ diff --git a/intel-ucode/06-46-01 b/intel-ucode/06-46-01 new file mode 100644 index 0000000..36a651f Binary files /dev/null and b/intel-ucode/06-46-01 differ diff --git a/intel-ucode/06-47-01 b/intel-ucode/06-47-01 new file mode 100644 index 0000000..b8dbcb5 Binary files /dev/null and b/intel-ucode/06-47-01 differ diff --git a/intel-ucode/06-4c-03 b/intel-ucode/06-4c-03 new file mode 100644 index 0000000..f23284f Binary files /dev/null and b/intel-ucode/06-4c-03 differ diff --git a/intel-ucode/06-4c-04 b/intel-ucode/06-4c-04 new file mode 100644 index 0000000..b0b003b Binary files /dev/null and b/intel-ucode/06-4c-04 differ diff --git a/intel-ucode/06-4d-08 b/intel-ucode/06-4d-08 new file mode 100644 index 0000000..7c66bec Binary files /dev/null and b/intel-ucode/06-4d-08 differ diff --git a/intel-ucode/06-4e-03 b/intel-ucode/06-4e-03 new file mode 100644 index 0000000..31f9692 Binary files /dev/null and b/intel-ucode/06-4e-03 differ diff --git a/intel-ucode/06-55-03 b/intel-ucode/06-55-03 new file mode 100644 index 0000000..58a19b5 Binary files /dev/null and b/intel-ucode/06-55-03 differ diff --git a/intel-ucode/06-55-04 b/intel-ucode/06-55-04 new file mode 100644 index 0000000..3822870 Binary files /dev/null and b/intel-ucode/06-55-04 differ diff --git a/intel-ucode/06-55-06 b/intel-ucode/06-55-06 new file mode 100644 index 0000000..8370d64 Binary files /dev/null and b/intel-ucode/06-55-06 differ diff --git a/intel-ucode/06-55-07 b/intel-ucode/06-55-07 new file mode 100644 index 0000000..8b1f7e4 Binary files /dev/null and b/intel-ucode/06-55-07 differ diff --git a/intel-ucode/06-55-0b b/intel-ucode/06-55-0b new file mode 100644 index 0000000..999c0ad Binary files /dev/null and b/intel-ucode/06-55-0b differ diff --git a/intel-ucode/06-56-02 b/intel-ucode/06-56-02 new file mode 100644 index 0000000..2b4c64d Binary files /dev/null and b/intel-ucode/06-56-02 differ diff --git a/intel-ucode/06-56-03 b/intel-ucode/06-56-03 new file mode 100644 index 0000000..37f7333 Binary files /dev/null and b/intel-ucode/06-56-03 differ diff --git a/intel-ucode/06-56-04 b/intel-ucode/06-56-04 new file mode 100644 index 0000000..0e8fc2b Binary files /dev/null and b/intel-ucode/06-56-04 differ diff --git a/intel-ucode/06-56-05 b/intel-ucode/06-56-05 new file mode 100644 index 0000000..b2c17aa Binary files /dev/null and b/intel-ucode/06-56-05 differ diff --git a/intel-ucode/06-5c-02 b/intel-ucode/06-5c-02 new file mode 100644 index 0000000..387e1e2 Binary files /dev/null and b/intel-ucode/06-5c-02 differ diff --git a/intel-ucode/06-5c-09 b/intel-ucode/06-5c-09 new file mode 100644 index 0000000..40a5a92 Binary files /dev/null and b/intel-ucode/06-5c-09 differ diff --git a/intel-ucode/06-5c-0a b/intel-ucode/06-5c-0a new file mode 100644 index 0000000..e106f98 Binary files /dev/null and b/intel-ucode/06-5c-0a differ diff --git a/intel-ucode/06-5e-03 b/intel-ucode/06-5e-03 new file mode 100644 index 0000000..35b10f7 Binary files /dev/null and b/intel-ucode/06-5e-03 differ diff --git a/intel-ucode/06-5f-01 b/intel-ucode/06-5f-01 new file mode 100644 index 0000000..a1e3d41 Binary files /dev/null and b/intel-ucode/06-5f-01 differ diff --git a/intel-ucode/06-66-03 b/intel-ucode/06-66-03 new file mode 100644 index 0000000..22e36d2 Binary files /dev/null and b/intel-ucode/06-66-03 differ diff --git a/intel-ucode/06-7a-01 b/intel-ucode/06-7a-01 new file mode 100644 index 0000000..c9fcc07 Binary files /dev/null and b/intel-ucode/06-7a-01 differ diff --git a/intel-ucode/06-7a-08 b/intel-ucode/06-7a-08 new file mode 100644 index 0000000..7401dfc Binary files /dev/null and b/intel-ucode/06-7a-08 differ diff --git a/intel-ucode/06-7e-05 b/intel-ucode/06-7e-05 new file mode 100644 index 0000000..9cc6c0b Binary files /dev/null and b/intel-ucode/06-7e-05 differ diff --git a/intel-ucode/06-8c-01 b/intel-ucode/06-8c-01 new file mode 100644 index 0000000..ae60673 Binary files /dev/null and b/intel-ucode/06-8c-01 differ diff --git a/intel-ucode/06-8e-09 b/intel-ucode/06-8e-09 new file mode 100644 index 0000000..5d3d5ba Binary files /dev/null and b/intel-ucode/06-8e-09 differ diff --git a/intel-ucode/06-8e-0a b/intel-ucode/06-8e-0a new file mode 100644 index 0000000..7132da9 Binary files /dev/null and b/intel-ucode/06-8e-0a differ diff --git a/intel-ucode/06-8e-0b b/intel-ucode/06-8e-0b new file mode 100644 index 0000000..f315331 Binary files /dev/null and b/intel-ucode/06-8e-0b differ diff --git a/intel-ucode/06-8e-0c b/intel-ucode/06-8e-0c new file mode 100644 index 0000000..f899df1 Binary files /dev/null and b/intel-ucode/06-8e-0c differ diff --git a/intel-ucode/06-9e-09 b/intel-ucode/06-9e-09 new file mode 100644 index 0000000..6f22886 Binary files /dev/null and b/intel-ucode/06-9e-09 differ diff --git a/intel-ucode/06-9e-0a b/intel-ucode/06-9e-0a new file mode 100644 index 0000000..d251c40 Binary files /dev/null and b/intel-ucode/06-9e-0a differ diff --git a/intel-ucode/06-9e-0b b/intel-ucode/06-9e-0b new file mode 100644 index 0000000..c8ee8e2 Binary files /dev/null and b/intel-ucode/06-9e-0b differ diff --git a/intel-ucode/06-9e-0c b/intel-ucode/06-9e-0c new file mode 100644 index 0000000..958bce4 Binary files /dev/null and b/intel-ucode/06-9e-0c differ diff --git a/intel-ucode/06-9e-0d b/intel-ucode/06-9e-0d new file mode 100644 index 0000000..c55b75e Binary files /dev/null and b/intel-ucode/06-9e-0d differ diff --git a/intel-ucode/06-a5-02 b/intel-ucode/06-a5-02 new file mode 100644 index 0000000..9a67b26 Binary files /dev/null and b/intel-ucode/06-a5-02 differ diff --git a/intel-ucode/06-a5-03 b/intel-ucode/06-a5-03 new file mode 100644 index 0000000..5007693 Binary files /dev/null and b/intel-ucode/06-a5-03 differ diff --git a/intel-ucode/06-a5-05 b/intel-ucode/06-a5-05 new file mode 100644 index 0000000..5910266 Binary files /dev/null and b/intel-ucode/06-a5-05 differ diff --git a/intel-ucode/06-a6-00 b/intel-ucode/06-a6-00 new file mode 100644 index 0000000..62f6195 Binary files /dev/null and b/intel-ucode/06-a6-00 differ diff --git a/intel-ucode/06-a6-01 b/intel-ucode/06-a6-01 new file mode 100644 index 0000000..370c93e Binary files /dev/null and b/intel-ucode/06-a6-01 differ diff --git a/intel-ucode/0f-00-07 b/intel-ucode/0f-00-07 new file mode 100644 index 0000000..ba616bb Binary files /dev/null and b/intel-ucode/0f-00-07 differ diff --git a/intel-ucode/0f-00-0a b/intel-ucode/0f-00-0a new file mode 100644 index 0000000..62bd0de Binary files /dev/null and b/intel-ucode/0f-00-0a differ diff --git a/intel-ucode/0f-01-02 b/intel-ucode/0f-01-02 new file mode 100644 index 0000000..a789e0d Binary files /dev/null and b/intel-ucode/0f-01-02 differ diff --git a/intel-ucode/0f-02-04 b/intel-ucode/0f-02-04 new file mode 100644 index 0000000..0240ed7 Binary files /dev/null and b/intel-ucode/0f-02-04 differ diff --git a/intel-ucode/0f-02-05 b/intel-ucode/0f-02-05 new file mode 100644 index 0000000..592851b Binary files /dev/null and b/intel-ucode/0f-02-05 differ diff --git a/intel-ucode/0f-02-06 b/intel-ucode/0f-02-06 new file mode 100644 index 0000000..1fe95c1 Binary files /dev/null and b/intel-ucode/0f-02-06 differ diff --git a/intel-ucode/0f-02-07 b/intel-ucode/0f-02-07 new file mode 100644 index 0000000..c382e13 Binary files /dev/null and b/intel-ucode/0f-02-07 differ diff --git a/intel-ucode/0f-02-09 b/intel-ucode/0f-02-09 new file mode 100644 index 0000000..6fd5a07 Binary files /dev/null and b/intel-ucode/0f-02-09 differ diff --git a/intel-ucode/0f-03-02 b/intel-ucode/0f-03-02 new file mode 100644 index 0000000..00271ee Binary files /dev/null and b/intel-ucode/0f-03-02 differ diff --git a/intel-ucode/0f-03-03 b/intel-ucode/0f-03-03 new file mode 100644 index 0000000..10300a2 Binary files /dev/null and b/intel-ucode/0f-03-03 differ diff --git a/intel-ucode/0f-03-04 b/intel-ucode/0f-03-04 new file mode 100644 index 0000000..27f2b9b Binary files /dev/null and b/intel-ucode/0f-03-04 differ diff --git a/intel-ucode/0f-04-01 b/intel-ucode/0f-04-01 new file mode 100644 index 0000000..6ddf104 Binary files /dev/null and b/intel-ucode/0f-04-01 differ diff --git a/intel-ucode/0f-04-03 b/intel-ucode/0f-04-03 new file mode 100644 index 0000000..0ed7e18 Binary files /dev/null and b/intel-ucode/0f-04-03 differ diff --git a/intel-ucode/0f-04-04 b/intel-ucode/0f-04-04 new file mode 100644 index 0000000..669f659 Binary files /dev/null and b/intel-ucode/0f-04-04 differ diff --git a/intel-ucode/0f-04-07 b/intel-ucode/0f-04-07 new file mode 100644 index 0000000..0d2190c Binary files /dev/null and b/intel-ucode/0f-04-07 differ diff --git a/intel-ucode/0f-04-08 b/intel-ucode/0f-04-08 new file mode 100644 index 0000000..bd87498 Binary files /dev/null and b/intel-ucode/0f-04-08 differ diff --git a/intel-ucode/0f-04-09 b/intel-ucode/0f-04-09 new file mode 100644 index 0000000..3307178 Binary files /dev/null and b/intel-ucode/0f-04-09 differ diff --git a/intel-ucode/0f-04-0a b/intel-ucode/0f-04-0a new file mode 100644 index 0000000..c64296f Binary files /dev/null and b/intel-ucode/0f-04-0a differ diff --git a/intel-ucode/0f-06-02 b/intel-ucode/0f-06-02 new file mode 100644 index 0000000..dbf381c Binary files /dev/null and b/intel-ucode/0f-06-02 differ diff --git a/intel-ucode/0f-06-04 b/intel-ucode/0f-06-04 new file mode 100644 index 0000000..9572727 Binary files /dev/null and b/intel-ucode/0f-06-04 differ diff --git a/intel-ucode/0f-06-05 b/intel-ucode/0f-06-05 new file mode 100644 index 0000000..d02b9dc Binary files /dev/null and b/intel-ucode/0f-06-05 differ diff --git a/intel-ucode/0f-06-08 b/intel-ucode/0f-06-08 new file mode 100644 index 0000000..bdc81f4 Binary files /dev/null and b/intel-ucode/0f-06-08 differ diff --git a/license b/license new file mode 100644 index 0000000..8fbad3d --- /dev/null +++ b/license @@ -0,0 +1,37 @@ +Copyright (c) 2018-2020 Intel Corporation. +All rights reserved. + +Redistribution. + +Redistribution and use in binary form, without modification, are permitted, +provided that the following conditions are met: + +1. Redistributions must reproduce the above copyright notice and the + following disclaimer in the documentation and/or other materials provided + with the distribution. + +2. Neither the name of Intel Corporation nor the names of its suppliers may + be used to endorse or promote products derived from this software without + specific prior written permission. + +3. No reverse engineering, decompilation, or disassembly of this software + is permitted. + + +"Binary form" includes any format that is commonly used for electronic +conveyance that is a reversible, bit-exact translation of binary +representation to ASCII or ISO text, for example "uuencode". + +DISCLAIMER. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/linux-kernel-patches/01-3f1f576a195aa266813cbd4ca70291deb61e0129.patch b/linux-kernel-patches/01-3f1f576a195aa266813cbd4ca70291deb61e0129.patch new file mode 100644 index 0000000..fb895a4 --- /dev/null +++ b/linux-kernel-patches/01-3f1f576a195aa266813cbd4ca70291deb61e0129.patch @@ -0,0 +1,234 @@ +From 3f1f576a195aa266813cbd4ca70291deb61e0129 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 16 Feb 2018 12:26:38 +0100 +Subject: x86/microcode: Propagate return value from updating functions + +... so that callers can know when microcode was updated and act +accordingly. + +Tested-by: Ashok Raj +Signed-off-by: Borislav Petkov +Reviewed-by: Ashok Raj +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20180216112640.11554-2-bp@alien8.de +Signed-off-by: Ingo Molnar +--- + arch/x86/include/asm/microcode.h | 9 +++++++-- + arch/x86/kernel/cpu/microcode/amd.c | 10 +++++----- + arch/x86/kernel/cpu/microcode/core.c | 33 +++++++++++++++++---------------- + arch/x86/kernel/cpu/microcode/intel.c | 10 +++++----- + 4 files changed, 34 insertions(+), 28 deletions(-) + +diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h +index 55520cec..7fb1047 100644 +--- a/arch/x86/include/asm/microcode.h ++++ b/arch/x86/include/asm/microcode.h +@@ -37,7 +37,12 @@ struct cpu_signature { + + struct device; + +-enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND }; ++enum ucode_state { ++ UCODE_OK = 0, ++ UCODE_UPDATED, ++ UCODE_NFOUND, ++ UCODE_ERROR, ++}; + + struct microcode_ops { + enum ucode_state (*request_microcode_user) (int cpu, +@@ -54,7 +59,7 @@ struct microcode_ops { + * are being called. + * See also the "Synchronization" section in microcode_core.c. + */ +- int (*apply_microcode) (int cpu); ++ enum ucode_state (*apply_microcode) (int cpu); + int (*collect_cpu_info) (int cpu, struct cpu_signature *csig); + }; + +diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c +index 330b846..a998e1a 100644 +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -498,7 +498,7 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size, + return patch_size; + } + +-static int apply_microcode_amd(int cpu) ++static enum ucode_state apply_microcode_amd(int cpu) + { + struct cpuinfo_x86 *c = &cpu_data(cpu); + struct microcode_amd *mc_amd; +@@ -512,7 +512,7 @@ static int apply_microcode_amd(int cpu) + + p = find_patch(cpu); + if (!p) +- return 0; ++ return UCODE_NFOUND; + + mc_amd = p->data; + uci->mc = p->data; +@@ -523,13 +523,13 @@ static int apply_microcode_amd(int cpu) + if (rev >= mc_amd->hdr.patch_id) { + c->microcode = rev; + uci->cpu_sig.rev = rev; +- return 0; ++ return UCODE_OK; + } + + if (__apply_microcode_amd(mc_amd)) { + pr_err("CPU%d: update failed for patch_level=0x%08x\n", + cpu, mc_amd->hdr.patch_id); +- return -1; ++ return UCODE_ERROR; + } + pr_info("CPU%d: new patch_level=0x%08x\n", cpu, + mc_amd->hdr.patch_id); +@@ -537,7 +537,7 @@ static int apply_microcode_amd(int cpu) + uci->cpu_sig.rev = mc_amd->hdr.patch_id; + c->microcode = mc_amd->hdr.patch_id; + +- return 0; ++ return UCODE_UPDATED; + } + + static int install_equiv_cpu_table(const u8 *buf) +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 319dd65..6fdaf7c 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -374,7 +374,7 @@ static int collect_cpu_info(int cpu) + } + + struct apply_microcode_ctx { +- int err; ++ enum ucode_state err; + }; + + static void apply_microcode_local(void *arg) +@@ -489,31 +489,29 @@ static void __exit microcode_dev_exit(void) + /* fake device for request_firmware */ + static struct platform_device *microcode_pdev; + +-static int reload_for_cpu(int cpu) ++static enum ucode_state reload_for_cpu(int cpu) + { + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + enum ucode_state ustate; +- int err = 0; + + if (!uci->valid) +- return err; ++ return UCODE_OK; + + ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, true); +- if (ustate == UCODE_OK) +- apply_microcode_on_target(cpu); +- else +- if (ustate == UCODE_ERROR) +- err = -EINVAL; +- return err; ++ if (ustate != UCODE_OK) ++ return ustate; ++ ++ return apply_microcode_on_target(cpu); + } + + static ssize_t reload_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) + { ++ enum ucode_state tmp_ret = UCODE_OK; + unsigned long val; ++ ssize_t ret = 0; + int cpu; +- ssize_t ret = 0, tmp_ret; + + ret = kstrtoul(buf, 0, &val); + if (ret) +@@ -526,15 +524,18 @@ static ssize_t reload_store(struct device *dev, + mutex_lock(µcode_mutex); + for_each_online_cpu(cpu) { + tmp_ret = reload_for_cpu(cpu); +- if (tmp_ret != 0) ++ if (tmp_ret > UCODE_NFOUND) { + pr_warn("Error reloading microcode on CPU %d\n", cpu); + +- /* save retval of the first encountered reload error */ +- if (!ret) +- ret = tmp_ret; ++ /* set retval for the first encountered reload error */ ++ if (!ret) ++ ret = -EINVAL; ++ } + } +- if (!ret) ++ ++ if (!ret && tmp_ret == UCODE_UPDATED) + perf_check_microcode(); ++ + mutex_unlock(µcode_mutex); + put_online_cpus(); + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index a15db2b..923054a 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -772,7 +772,7 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) + return 0; + } + +-static int apply_microcode_intel(int cpu) ++static enum ucode_state apply_microcode_intel(int cpu) + { + struct microcode_intel *mc; + struct ucode_cpu_info *uci; +@@ -782,7 +782,7 @@ static int apply_microcode_intel(int cpu) + + /* We should bind the task to the CPU */ + if (WARN_ON(raw_smp_processor_id() != cpu)) +- return -1; ++ return UCODE_ERROR; + + uci = ucode_cpu_info + cpu; + mc = uci->mc; +@@ -790,7 +790,7 @@ static int apply_microcode_intel(int cpu) + /* Look for a newer patch in our cache: */ + mc = find_patch(uci); + if (!mc) +- return 0; ++ return UCODE_NFOUND; + } + + /* write microcode via MSR 0x79 */ +@@ -801,7 +801,7 @@ static int apply_microcode_intel(int cpu) + if (rev != mc->hdr.rev) { + pr_err("CPU%d update to revision 0x%x failed\n", + cpu, mc->hdr.rev); +- return -1; ++ return UCODE_ERROR; + } + + if (rev != prev_rev) { +@@ -818,7 +818,7 @@ static int apply_microcode_intel(int cpu) + uci->cpu_sig.rev = rev; + c->microcode = rev; + +- return 0; ++ return UCODE_UPDATED; + } + + static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, +-- +cgit v1.1 + diff --git a/linux-kernel-patches/02-1008c52c09dcb23d93f8e0ea83a6246265d2cce0.patch b/linux-kernel-patches/02-1008c52c09dcb23d93f8e0ea83a6246265d2cce0.patch new file mode 100644 index 0000000..df8b5d3 --- /dev/null +++ b/linux-kernel-patches/02-1008c52c09dcb23d93f8e0ea83a6246265d2cce0.patch @@ -0,0 +1,90 @@ +From 1008c52c09dcb23d93f8e0ea83a6246265d2cce0 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 16 Feb 2018 12:26:39 +0100 +Subject: x86/CPU: Add a microcode loader callback + +Add a callback function which the microcode loader calls when microcode +has been updated to a newer revision. Do the callback only when no error +was encountered during loading. + +Tested-by: Ashok Raj +Signed-off-by: Borislav Petkov +Reviewed-by: Ashok Raj +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20180216112640.11554-3-bp@alien8.de +Signed-off-by: Ingo Molnar +--- + arch/x86/include/asm/processor.h | 1 + + arch/x86/kernel/cpu/common.c | 10 ++++++++++ + arch/x86/kernel/cpu/microcode/core.c | 8 ++++++-- + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h +index 1bd9ed8..b0ccd48 100644 +--- a/arch/x86/include/asm/processor.h ++++ b/arch/x86/include/asm/processor.h +@@ -977,4 +977,5 @@ bool xen_set_default_idle(void); + + void stop_this_cpu(void *dummy); + void df_debug(struct pt_regs *regs, long error_code); ++void microcode_check(void); + #endif /* _ASM_X86_PROCESSOR_H */ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 824aee0..84f1cd8 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1749,3 +1749,13 @@ static int __init init_cpu_syscore(void) + return 0; + } + core_initcall(init_cpu_syscore); ++ ++/* ++ * The microcode loader calls this upon late microcode load to recheck features, ++ * only when microcode has been updated. Caller holds microcode_mutex and CPU ++ * hotplug lock. ++ */ ++void microcode_check(void) ++{ ++ perf_check_microcode(); ++} +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 6fdaf7c..aa1b9a4 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -509,6 +509,7 @@ static ssize_t reload_store(struct device *dev, + const char *buf, size_t size) + { + enum ucode_state tmp_ret = UCODE_OK; ++ bool do_callback = false; + unsigned long val; + ssize_t ret = 0; + int cpu; +@@ -531,10 +532,13 @@ static ssize_t reload_store(struct device *dev, + if (!ret) + ret = -EINVAL; + } ++ ++ if (tmp_ret == UCODE_UPDATED) ++ do_callback = true; + } + +- if (!ret && tmp_ret == UCODE_UPDATED) +- perf_check_microcode(); ++ if (!ret && do_callback) ++ microcode_check(); + + mutex_unlock(µcode_mutex); + put_online_cpus(); +-- +cgit v1.1 + diff --git a/linux-kernel-patches/03-42ca8082e260dcfd8afa2afa6ec1940b9d41724c.patch b/linux-kernel-patches/03-42ca8082e260dcfd8afa2afa6ec1940b9d41724c.patch new file mode 100644 index 0000000..b4a17ca --- /dev/null +++ b/linux-kernel-patches/03-42ca8082e260dcfd8afa2afa6ec1940b9d41724c.patch @@ -0,0 +1,64 @@ +From 42ca8082e260dcfd8afa2afa6ec1940b9d41724c Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 16 Feb 2018 12:26:40 +0100 +Subject: x86/CPU: Check CPU feature bits after microcode upgrade + +With some microcode upgrades, new CPUID features can become visible on +the CPU. Check what the kernel has mirrored now and issue a warning +hinting at possible things the user/admin can do to make use of the +newly visible features. + +Originally-by: Ashok Raj +Tested-by: Ashok Raj +Signed-off-by: Borislav Petkov +Reviewed-by: Ashok Raj +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20180216112640.11554-4-bp@alien8.de +Signed-off-by: Ingo Molnar +--- + arch/x86/kernel/cpu/common.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 84f1cd8..348cf48 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1757,5 +1757,25 @@ core_initcall(init_cpu_syscore); + */ + void microcode_check(void) + { ++ struct cpuinfo_x86 info; ++ + perf_check_microcode(); ++ ++ /* Reload CPUID max function as it might've changed. */ ++ info.cpuid_level = cpuid_eax(0); ++ ++ /* ++ * Copy all capability leafs to pick up the synthetic ones so that ++ * memcmp() below doesn't fail on that. The ones coming from CPUID will ++ * get overwritten in get_cpu_cap(). ++ */ ++ memcpy(&info.x86_capability, &boot_cpu_data.x86_capability, sizeof(info.x86_capability)); ++ ++ get_cpu_cap(&info); ++ ++ if (!memcmp(&info.x86_capability, &boot_cpu_data.x86_capability, sizeof(info.x86_capability))) ++ return; ++ ++ pr_warn("x86/CPU: CPU features have changed after loading microcode, but might not take effect.\n"); ++ pr_warn("x86/CPU: Please consider either early loading through initrd/built-in or a potential BIOS update.\n"); + } +-- +cgit v1.1 + diff --git a/linux-kernel-patches/04-854857f5944c59a881ff607b37ed9ed41d031a3b.patch b/linux-kernel-patches/04-854857f5944c59a881ff607b37ed9ed41d031a3b.patch new file mode 100644 index 0000000..e618885 --- /dev/null +++ b/linux-kernel-patches/04-854857f5944c59a881ff607b37ed9ed41d031a3b.patch @@ -0,0 +1,62 @@ +From 854857f5944c59a881ff607b37ed9ed41d031a3b Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 28 Feb 2018 11:28:40 +0100 +Subject: x86/microcode: Get rid of struct apply_microcode_ctx + +It is a useless remnant from earlier times. Use the ucode_state enum +directly. + +No functional change. + +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-2-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index aa1b9a4..6337065 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -373,26 +373,23 @@ static int collect_cpu_info(int cpu) + return ret; + } + +-struct apply_microcode_ctx { +- enum ucode_state err; +-}; +- + static void apply_microcode_local(void *arg) + { +- struct apply_microcode_ctx *ctx = arg; ++ enum ucode_state *err = arg; + +- ctx->err = microcode_ops->apply_microcode(smp_processor_id()); ++ *err = microcode_ops->apply_microcode(smp_processor_id()); + } + + static int apply_microcode_on_target(int cpu) + { +- struct apply_microcode_ctx ctx = { .err = 0 }; ++ enum ucode_state err; + int ret; + +- ret = smp_call_function_single(cpu, apply_microcode_local, &ctx, 1); +- if (!ret) +- ret = ctx.err; +- ++ ret = smp_call_function_single(cpu, apply_microcode_local, &err, 1); ++ if (!ret) { ++ if (err == UCODE_ERROR) ++ ret = 1; ++ } + return ret; + } + +-- +cgit v1.1 + diff --git a/linux-kernel-patches/05-c182d2b7d0ca48e0d6ff16f7d883161238c447ed.patch b/linux-kernel-patches/05-c182d2b7d0ca48e0d6ff16f7d883161238c447ed.patch new file mode 100644 index 0000000..0f868bf --- /dev/null +++ b/linux-kernel-patches/05-c182d2b7d0ca48e0d6ff16f7d883161238c447ed.patch @@ -0,0 +1,90 @@ +From c182d2b7d0ca48e0d6ff16f7d883161238c447ed Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:41 +0100 +Subject: x86/microcode/intel: Check microcode revision before updating sibling + threads + +After updating microcode on one of the threads of a core, the other +thread sibling automatically gets the update since the microcode +resources on a hyperthreaded core are shared between the two threads. + +Check the microcode revision on the CPU before performing a microcode +update and thus save us the WRMSR 0x79 because it is a particularly +expensive operation. + +[ Borislav: Massage changelog and coding style. ] + +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: http://lkml.kernel.org/r/1519352533-15992-2-git-send-email-ashok.raj@intel.com +Link: https://lkml.kernel.org/r/20180228102846.13447-3-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 27 ++++++++++++++++++++++++--- + 1 file changed, 24 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 923054a..87bd6dc 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -589,6 +589,17 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) + if (!mc) + return 0; + ++ /* ++ * Save us the MSR write below - which is a particular expensive ++ * operation - when the other hyperthread has updated the microcode ++ * already. ++ */ ++ rev = intel_get_microcode_revision(); ++ if (rev >= mc->hdr.rev) { ++ uci->cpu_sig.rev = rev; ++ return UCODE_OK; ++ } ++ + /* write microcode via MSR 0x79 */ + native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +@@ -776,7 +787,7 @@ static enum ucode_state apply_microcode_intel(int cpu) + { + struct microcode_intel *mc; + struct ucode_cpu_info *uci; +- struct cpuinfo_x86 *c; ++ struct cpuinfo_x86 *c = &cpu_data(cpu); + static int prev_rev; + u32 rev; + +@@ -793,6 +804,18 @@ static enum ucode_state apply_microcode_intel(int cpu) + return UCODE_NFOUND; + } + ++ /* ++ * Save us the MSR write below - which is a particular expensive ++ * operation - when the other hyperthread has updated the microcode ++ * already. ++ */ ++ rev = intel_get_microcode_revision(); ++ if (rev >= mc->hdr.rev) { ++ uci->cpu_sig.rev = rev; ++ c->microcode = rev; ++ return UCODE_OK; ++ } ++ + /* write microcode via MSR 0x79 */ + wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +@@ -813,8 +836,6 @@ static enum ucode_state apply_microcode_intel(int cpu) + prev_rev = rev; + } + +- c = &cpu_data(cpu); +- + uci->cpu_sig.rev = rev; + c->microcode = rev; + +-- +cgit v1.1 + diff --git a/linux-kernel-patches/06-91df9fdf51492aec9fed6b4cbd33160886740f47.patch b/linux-kernel-patches/06-91df9fdf51492aec9fed6b4cbd33160886740f47.patch new file mode 100644 index 0000000..ab9c49e --- /dev/null +++ b/linux-kernel-patches/06-91df9fdf51492aec9fed6b4cbd33160886740f47.patch @@ -0,0 +1,58 @@ +From 91df9fdf51492aec9fed6b4cbd33160886740f47 Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:42 +0100 +Subject: x86/microcode/intel: Writeback and invalidate caches before updating + microcode + +Updating microcode is less error prone when caches have been flushed and +depending on what exactly the microcode is updating. For example, some +of the issues around certain Broadwell parts can be addressed by doing a +full cache flush. + +[ Borislav: Massage it and use native_wbinvd() in both cases. ] + +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: http://lkml.kernel.org/r/1519352533-15992-3-git-send-email-ashok.raj@intel.com +Link: https://lkml.kernel.org/r/20180228102846.13447-4-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 87bd6dc..e2864bc 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -600,6 +600,12 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) + return UCODE_OK; + } + ++ /* ++ * Writeback and invalidate caches before updating microcode to avoid ++ * internal issues depending on what the microcode is updating. ++ */ ++ native_wbinvd(); ++ + /* write microcode via MSR 0x79 */ + native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +@@ -816,6 +822,12 @@ static enum ucode_state apply_microcode_intel(int cpu) + return UCODE_OK; + } + ++ /* ++ * Writeback and invalidate caches before updating microcode to avoid ++ * internal issues depending on what the microcode is updating. ++ */ ++ native_wbinvd(); ++ + /* write microcode via MSR 0x79 */ + wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +-- +cgit v1.1 + diff --git a/linux-kernel-patches/07-30ec26da9967d0d785abc24073129a34c3211777.patch b/linux-kernel-patches/07-30ec26da9967d0d785abc24073129a34c3211777.patch new file mode 100644 index 0000000..d785ad2 --- /dev/null +++ b/linux-kernel-patches/07-30ec26da9967d0d785abc24073129a34c3211777.patch @@ -0,0 +1,71 @@ +From 30ec26da9967d0d785abc24073129a34c3211777 Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:43 +0100 +Subject: x86/microcode: Do not upload microcode if CPUs are offline + +Avoid loading microcode if any of the CPUs are offline, and issue a +warning. Having different microcode revisions on the system at any time +is outright dangerous. + +[ Borislav: Massage changelog. ] + +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Reviewed-by: Tom Lendacky +Cc: Arjan Van De Ven +Link: http://lkml.kernel.org/r/1519352533-15992-4-git-send-email-ashok.raj@intel.com +Link: https://lkml.kernel.org/r/20180228102846.13447-5-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 6337065..fa32cb3 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -486,6 +486,16 @@ static void __exit microcode_dev_exit(void) + /* fake device for request_firmware */ + static struct platform_device *microcode_pdev; + ++static int check_online_cpus(void) ++{ ++ if (num_online_cpus() == num_present_cpus()) ++ return 0; ++ ++ pr_err("Not all CPUs online, aborting microcode update.\n"); ++ ++ return -EINVAL; ++} ++ + static enum ucode_state reload_for_cpu(int cpu) + { + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; +@@ -519,7 +529,13 @@ static ssize_t reload_store(struct device *dev, + return size; + + get_online_cpus(); ++ ++ ret = check_online_cpus(); ++ if (ret) ++ goto put; ++ + mutex_lock(µcode_mutex); ++ + for_each_online_cpu(cpu) { + tmp_ret = reload_for_cpu(cpu); + if (tmp_ret > UCODE_NFOUND) { +@@ -538,6 +554,8 @@ static ssize_t reload_store(struct device *dev, + microcode_check(); + + mutex_unlock(µcode_mutex); ++ ++put: + put_online_cpus(); + + if (!ret) +-- +cgit v1.1 + diff --git a/linux-kernel-patches/08-d8c3b52c00a05036e0a6b315b4b17921a7b67997.patch b/linux-kernel-patches/08-d8c3b52c00a05036e0a6b315b4b17921a7b67997.patch new file mode 100644 index 0000000..66699ff --- /dev/null +++ b/linux-kernel-patches/08-d8c3b52c00a05036e0a6b315b4b17921a7b67997.patch @@ -0,0 +1,54 @@ +From d8c3b52c00a05036e0a6b315b4b17921a7b67997 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 28 Feb 2018 11:28:44 +0100 +Subject: x86/microcode/intel: Look into the patch cache first + +The cache might contain a newer patch - look in there first. + +A follow-on change will make sure newest patches are loaded into the +cache of microcode patches. + +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-6-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index e2864bc..2aded9d 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -791,9 +791,9 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) + + static enum ucode_state apply_microcode_intel(int cpu) + { +- struct microcode_intel *mc; +- struct ucode_cpu_info *uci; ++ struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + struct cpuinfo_x86 *c = &cpu_data(cpu); ++ struct microcode_intel *mc; + static int prev_rev; + u32 rev; + +@@ -801,11 +801,10 @@ static enum ucode_state apply_microcode_intel(int cpu) + if (WARN_ON(raw_smp_processor_id() != cpu)) + return UCODE_ERROR; + +- uci = ucode_cpu_info + cpu; +- mc = uci->mc; ++ /* Look for a newer patch in our cache: */ ++ mc = find_patch(uci); + if (!mc) { +- /* Look for a newer patch in our cache: */ +- mc = find_patch(uci); ++ mc = uci->mc; + if (!mc) + return UCODE_NFOUND; + } +-- +cgit v1.1 + diff --git a/linux-kernel-patches/09-cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117.patch b/linux-kernel-patches/09-cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117.patch new file mode 100644 index 0000000..0541a2b --- /dev/null +++ b/linux-kernel-patches/09-cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117.patch @@ -0,0 +1,67 @@ +From cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 28 Feb 2018 11:28:45 +0100 +Subject: x86/microcode: Request microcode on the BSP + +... so that any newer version can land in the cache and can later be +fished out by the application functions. Do that before grabbing the +hotplug lock. + +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Reviewed-by: Tom Lendacky +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-7-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index fa32cb3..5dd157d 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -499,15 +499,10 @@ static int check_online_cpus(void) + static enum ucode_state reload_for_cpu(int cpu) + { + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; +- enum ucode_state ustate; + + if (!uci->valid) + return UCODE_OK; + +- ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, true); +- if (ustate != UCODE_OK) +- return ustate; +- + return apply_microcode_on_target(cpu); + } + +@@ -515,11 +510,11 @@ static ssize_t reload_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) + { ++ int cpu, bsp = boot_cpu_data.cpu_index; + enum ucode_state tmp_ret = UCODE_OK; + bool do_callback = false; + unsigned long val; + ssize_t ret = 0; +- int cpu; + + ret = kstrtoul(buf, 0, &val); + if (ret) +@@ -528,6 +523,10 @@ static ssize_t reload_store(struct device *dev, + if (val != 1) + return size; + ++ tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true); ++ if (tmp_ret != UCODE_OK) ++ return size; ++ + get_online_cpus(); + + ret = check_online_cpus(); +-- +cgit v1.1 + diff --git a/linux-kernel-patches/10-a5321aec6412b20b5ad15db2d6b916c05349dbff.patch b/linux-kernel-patches/10-a5321aec6412b20b5ad15db2d6b916c05349dbff.patch new file mode 100644 index 0000000..793d62e --- /dev/null +++ b/linux-kernel-patches/10-a5321aec6412b20b5ad15db2d6b916c05349dbff.patch @@ -0,0 +1,213 @@ +From a5321aec6412b20b5ad15db2d6b916c05349dbff Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:46 +0100 +Subject: x86/microcode: Synchronize late microcode loading + +Original idea by Ashok, completely rewritten by Borislav. + +Before you read any further: the early loading method is still the +preferred one and you should always do that. The following patch is +improving the late loading mechanism for long running jobs and cloud use +cases. + +Gather all cores and serialize the microcode update on them by doing it +one-by-one to make the late update process as reliable as possible and +avoid potential issues caused by the microcode update. + +[ Borislav: Rewrite completely. ] + +Co-developed-by: Borislav Petkov +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Reviewed-by: Tom Lendacky +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-8-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 118 +++++++++++++++++++++++++++-------- + 1 file changed, 92 insertions(+), 26 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 5dd157d..70ecbc8 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -22,13 +22,16 @@ + #define pr_fmt(fmt) "microcode: " fmt + + #include ++#include + #include + #include + #include + #include + #include ++#include + #include + #include ++#include + #include + #include + +@@ -64,6 +67,11 @@ LIST_HEAD(microcode_cache); + */ + static DEFINE_MUTEX(microcode_mutex); + ++/* ++ * Serialize late loading so that CPUs get updated one-by-one. ++ */ ++static DEFINE_SPINLOCK(update_lock); ++ + struct ucode_cpu_info ucode_cpu_info[NR_CPUS]; + + struct cpu_info_ctx { +@@ -486,6 +494,19 @@ static void __exit microcode_dev_exit(void) + /* fake device for request_firmware */ + static struct platform_device *microcode_pdev; + ++/* ++ * Late loading dance. Why the heavy-handed stomp_machine effort? ++ * ++ * - HT siblings must be idle and not execute other code while the other sibling ++ * is loading microcode in order to avoid any negative interactions caused by ++ * the loading. ++ * ++ * - In addition, microcode update on the cores must be serialized until this ++ * requirement can be relaxed in the future. Right now, this is conservative ++ * and good. ++ */ ++#define SPINUNIT 100 /* 100 nsec */ ++ + static int check_online_cpus(void) + { + if (num_online_cpus() == num_present_cpus()) +@@ -496,23 +517,85 @@ static int check_online_cpus(void) + return -EINVAL; + } + +-static enum ucode_state reload_for_cpu(int cpu) ++static atomic_t late_cpus; ++ ++/* ++ * Returns: ++ * < 0 - on error ++ * 0 - no update done ++ * 1 - microcode was updated ++ */ ++static int __reload_late(void *info) + { +- struct ucode_cpu_info *uci = ucode_cpu_info + cpu; ++ unsigned int timeout = NSEC_PER_SEC; ++ int all_cpus = num_online_cpus(); ++ int cpu = smp_processor_id(); ++ enum ucode_state err; ++ int ret = 0; + +- if (!uci->valid) +- return UCODE_OK; ++ atomic_dec(&late_cpus); ++ ++ /* ++ * Wait for all CPUs to arrive. A load will not be attempted unless all ++ * CPUs show up. ++ * */ ++ while (atomic_read(&late_cpus)) { ++ if (timeout < SPINUNIT) { ++ pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", ++ atomic_read(&late_cpus)); ++ return -1; ++ } ++ ++ ndelay(SPINUNIT); ++ timeout -= SPINUNIT; ++ ++ touch_nmi_watchdog(); ++ } ++ ++ spin_lock(&update_lock); ++ apply_microcode_local(&err); ++ spin_unlock(&update_lock); ++ ++ if (err > UCODE_NFOUND) { ++ pr_warn("Error reloading microcode on CPU %d\n", cpu); ++ ret = -1; ++ } else if (err == UCODE_UPDATED) { ++ ret = 1; ++ } + +- return apply_microcode_on_target(cpu); ++ atomic_inc(&late_cpus); ++ ++ while (atomic_read(&late_cpus) != all_cpus) ++ cpu_relax(); ++ ++ return ret; ++} ++ ++/* ++ * Reload microcode late on all CPUs. Wait for a sec until they ++ * all gather together. ++ */ ++static int microcode_reload_late(void) ++{ ++ int ret; ++ ++ atomic_set(&late_cpus, num_online_cpus()); ++ ++ ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); ++ if (ret < 0) ++ return ret; ++ else if (ret > 0) ++ microcode_check(); ++ ++ return ret; + } + + static ssize_t reload_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) + { +- int cpu, bsp = boot_cpu_data.cpu_index; + enum ucode_state tmp_ret = UCODE_OK; +- bool do_callback = false; ++ int bsp = boot_cpu_data.cpu_index; + unsigned long val; + ssize_t ret = 0; + +@@ -534,30 +617,13 @@ static ssize_t reload_store(struct device *dev, + goto put; + + mutex_lock(µcode_mutex); +- +- for_each_online_cpu(cpu) { +- tmp_ret = reload_for_cpu(cpu); +- if (tmp_ret > UCODE_NFOUND) { +- pr_warn("Error reloading microcode on CPU %d\n", cpu); +- +- /* set retval for the first encountered reload error */ +- if (!ret) +- ret = -EINVAL; +- } +- +- if (tmp_ret == UCODE_UPDATED) +- do_callback = true; +- } +- +- if (!ret && do_callback) +- microcode_check(); +- ++ ret = microcode_reload_late(); + mutex_unlock(µcode_mutex); + + put: + put_online_cpus(); + +- if (!ret) ++ if (ret >= 0) + ret = size; + + return ret; +-- +cgit v1.1 + diff --git a/linux-kernel-patches/11-2613f36ed965d0e5a595a1d931fd3b480e82d6fd.patch b/linux-kernel-patches/11-2613f36ed965d0e5a595a1d931fd3b480e82d6fd.patch new file mode 100644 index 0000000..c9adfe2 --- /dev/null +++ b/linux-kernel-patches/11-2613f36ed965d0e5a595a1d931fd3b480e82d6fd.patch @@ -0,0 +1,154 @@ +From 2613f36ed965d0e5a595a1d931fd3b480e82d6fd Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 14 Mar 2018 19:36:14 +0100 +Subject: x86/microcode: Attempt late loading only when new microcode is + present + +Return UCODE_NEW from the scanning functions to denote that new microcode +was found and only then attempt the expensive synchronization dance. + +Reported-by: Emanuel Czirai +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Emanuel Czirai +Tested-by: Ashok Raj +Tested-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20180314183615.17629-1-bp@alien8.de +--- + arch/x86/include/asm/microcode.h | 1 + + arch/x86/kernel/cpu/microcode/amd.c | 34 +++++++++++++++++++++------------- + arch/x86/kernel/cpu/microcode/core.c | 8 +++----- + arch/x86/kernel/cpu/microcode/intel.c | 4 +++- + 4 files changed, 28 insertions(+), 19 deletions(-) + +diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h +index 7fb1047..6cf0e4c 100644 +--- a/arch/x86/include/asm/microcode.h ++++ b/arch/x86/include/asm/microcode.h +@@ -39,6 +39,7 @@ struct device; + + enum ucode_state { + UCODE_OK = 0, ++ UCODE_NEW, + UCODE_UPDATED, + UCODE_NFOUND, + UCODE_ERROR, +diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c +index a998e1a..4817992 100644 +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -339,7 +339,7 @@ int __init save_microcode_in_initrd_amd(unsigned int cpuid_1_eax) + return -EINVAL; + + ret = load_microcode_amd(true, x86_family(cpuid_1_eax), desc.data, desc.size); +- if (ret != UCODE_OK) ++ if (ret > UCODE_UPDATED) + return -EINVAL; + + return 0; +@@ -683,27 +683,35 @@ static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, + static enum ucode_state + load_microcode_amd(bool save, u8 family, const u8 *data, size_t size) + { ++ struct ucode_patch *p; + enum ucode_state ret; + + /* free old equiv table */ + free_equiv_cpu_table(); + + ret = __load_microcode_amd(family, data, size); +- +- if (ret != UCODE_OK) ++ if (ret != UCODE_OK) { + cleanup(); ++ return ret; ++ } + +-#ifdef CONFIG_X86_32 +- /* save BSP's matching patch for early load */ +- if (save) { +- struct ucode_patch *p = find_patch(0); +- if (p) { +- memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); +- memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), +- PATCH_MAX_SIZE)); +- } ++ p = find_patch(0); ++ if (!p) { ++ return ret; ++ } else { ++ if (boot_cpu_data.microcode == p->patch_id) ++ return ret; ++ ++ ret = UCODE_NEW; + } +-#endif ++ ++ /* save BSP's matching patch for early load */ ++ if (!save) ++ return ret; ++ ++ memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); ++ memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE)); ++ + return ret; + } + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 70ecbc8..9f0fe5b 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -607,7 +607,7 @@ static ssize_t reload_store(struct device *dev, + return size; + + tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true); +- if (tmp_ret != UCODE_OK) ++ if (tmp_ret != UCODE_NEW) + return size; + + get_online_cpus(); +@@ -691,10 +691,8 @@ static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw) + if (system_state != SYSTEM_RUNNING) + return UCODE_NFOUND; + +- ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, +- refresh_fw); +- +- if (ustate == UCODE_OK) { ++ ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, refresh_fw); ++ if (ustate == UCODE_NEW) { + pr_debug("CPU%d updated upon init\n", cpu); + apply_microcode_on_target(cpu); + } +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 2aded9d..32b8e57 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -862,6 +862,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + unsigned int leftover = size; + unsigned int curr_mc_size = 0, new_mc_size = 0; + unsigned int csig, cpf; ++ enum ucode_state ret = UCODE_OK; + + while (leftover) { + struct microcode_header_intel mc_header; +@@ -903,6 +904,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + new_mc = mc; + new_mc_size = mc_size; + mc = NULL; /* trigger new vmalloc */ ++ ret = UCODE_NEW; + } + + ucode_ptr += mc_size; +@@ -932,7 +934,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n", + cpu, new_rev, uci->cpu_sig.rev); + +- return UCODE_OK; ++ return ret; + } + + static int get_ucode_fw(void *to, const void *from, size_t n) +-- +cgit v1.1 + diff --git a/linux-kernel-patches/12-bb8c13d61a629276a162c1d2b1a20a815cbcfbb7.patch b/linux-kernel-patches/12-bb8c13d61a629276a162c1d2b1a20a815cbcfbb7.patch new file mode 100644 index 0000000..7baa44a --- /dev/null +++ b/linux-kernel-patches/12-bb8c13d61a629276a162c1d2b1a20a815cbcfbb7.patch @@ -0,0 +1,163 @@ +From bb8c13d61a629276a162c1d2b1a20a815cbcfbb7 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 14 Mar 2018 19:36:15 +0100 +Subject: x86/microcode: Fix CPU synchronization routine + +Emanuel reported an issue with a hang during microcode update because my +dumb idea to use one atomic synchronization variable for both rendezvous +- before and after update - was simply bollocks: + + microcode: microcode_reload_late: late_cpus: 4 + microcode: __reload_late: cpu 2 entered + microcode: __reload_late: cpu 1 entered + microcode: __reload_late: cpu 3 entered + microcode: __reload_late: cpu 0 entered + microcode: __reload_late: cpu 1 left + microcode: Timeout while waiting for CPUs rendezvous, remaining: 1 + +CPU1 above would finish, leave and the others will still spin waiting for +it to join. + +So do two synchronization atomics instead, which makes the code a lot more +straightforward. + +Also, since the update is serialized and it also takes quite some time per +microcode engine, increase the exit timeout by the number of CPUs on the +system. + +That's ok because the moment all CPUs are done, that timeout will be cut +short. + +Furthermore, panic when some of the CPUs timeout when returning from a +microcode update: we can't allow a system with not all cores updated. + +Also, as an optimization, do not do the exit sync if microcode wasn't +updated. + +Reported-by: Emanuel Czirai +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Emanuel Czirai +Tested-by: Ashok Raj +Tested-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20180314183615.17629-2-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 68 ++++++++++++++++++++++-------------- + 1 file changed, 41 insertions(+), 27 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 9f0fe5b..10c4fc2 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -517,7 +517,29 @@ static int check_online_cpus(void) + return -EINVAL; + } + +-static atomic_t late_cpus; ++static atomic_t late_cpus_in; ++static atomic_t late_cpus_out; ++ ++static int __wait_for_cpus(atomic_t *t, long long timeout) ++{ ++ int all_cpus = num_online_cpus(); ++ ++ atomic_inc(t); ++ ++ while (atomic_read(t) < all_cpus) { ++ if (timeout < SPINUNIT) { ++ pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", ++ all_cpus - atomic_read(t)); ++ return 1; ++ } ++ ++ ndelay(SPINUNIT); ++ timeout -= SPINUNIT; ++ ++ touch_nmi_watchdog(); ++ } ++ return 0; ++} + + /* + * Returns: +@@ -527,30 +549,16 @@ static atomic_t late_cpus; + */ + static int __reload_late(void *info) + { +- unsigned int timeout = NSEC_PER_SEC; +- int all_cpus = num_online_cpus(); + int cpu = smp_processor_id(); + enum ucode_state err; + int ret = 0; + +- atomic_dec(&late_cpus); +- + /* + * Wait for all CPUs to arrive. A load will not be attempted unless all + * CPUs show up. + * */ +- while (atomic_read(&late_cpus)) { +- if (timeout < SPINUNIT) { +- pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", +- atomic_read(&late_cpus)); +- return -1; +- } +- +- ndelay(SPINUNIT); +- timeout -= SPINUNIT; +- +- touch_nmi_watchdog(); +- } ++ if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) ++ return -1; + + spin_lock(&update_lock); + apply_microcode_local(&err); +@@ -558,15 +566,22 @@ static int __reload_late(void *info) + + if (err > UCODE_NFOUND) { + pr_warn("Error reloading microcode on CPU %d\n", cpu); +- ret = -1; +- } else if (err == UCODE_UPDATED) { ++ return -1; ++ /* siblings return UCODE_OK because their engine got updated already */ ++ } else if (err == UCODE_UPDATED || err == UCODE_OK) { + ret = 1; ++ } else { ++ return ret; + } + +- atomic_inc(&late_cpus); +- +- while (atomic_read(&late_cpus) != all_cpus) +- cpu_relax(); ++ /* ++ * Increase the wait timeout to a safe value here since we're ++ * serializing the microcode update and that could take a while on a ++ * large number of CPUs. And that is fine as the *actual* timeout will ++ * be determined by the last CPU finished updating and thus cut short. ++ */ ++ if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC * num_online_cpus())) ++ panic("Timeout during microcode update!\n"); + + return ret; + } +@@ -579,12 +594,11 @@ static int microcode_reload_late(void) + { + int ret; + +- atomic_set(&late_cpus, num_online_cpus()); ++ atomic_set(&late_cpus_in, 0); ++ atomic_set(&late_cpus_out, 0); + + ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); +- if (ret < 0) +- return ret; +- else if (ret > 0) ++ if (ret > 0) + microcode_check(); + + return ret; +-- +cgit v1.1 + diff --git a/linux-kernel-patches/13-09e182d17e8891dd73baba961a0f5a82e9274c97.patch b/linux-kernel-patches/13-09e182d17e8891dd73baba961a0f5a82e9274c97.patch new file mode 100644 index 0000000..54a90a5 --- /dev/null +++ b/linux-kernel-patches/13-09e182d17e8891dd73baba961a0f5a82e9274c97.patch @@ -0,0 +1,59 @@ +From 09e182d17e8891dd73baba961a0f5a82e9274c97 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Sat, 21 Apr 2018 10:19:30 +0200 +Subject: x86/microcode: Do not exit early from __reload_late() + +Vitezslav reported a case where the + + "Timeout during microcode update!" + +panic would hit. After a deeper look, it turned out that his .config had +CONFIG_HOTPLUG_CPU disabled which practically made save_mc_for_early() a +no-op. + +When that happened, the discovered microcode patch wasn't saved into the +cache and the late loading path wouldn't find any. + +This, then, lead to early exit from __reload_late() and thus CPUs waiting +until the timeout is reached, leading to the panic. + +In hindsight, that function should have been written so it does not return +before the post-synchronization. Oh well, I know better now... + +Fixes: bb8c13d61a62 ("x86/microcode: Fix CPU synchronization routine") +Reported-by: Vitezslav Samel +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Vitezslav Samel +Tested-by: Ashok Raj +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20180418081140.GA2439@pc11.op.pod.cz +Link: https://lkml.kernel.org/r/20180421081930.15741-2-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 10c4fc2..77e2013 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -564,14 +564,12 @@ static int __reload_late(void *info) + apply_microcode_local(&err); + spin_unlock(&update_lock); + ++ /* siblings return UCODE_OK because their engine got updated already */ + if (err > UCODE_NFOUND) { + pr_warn("Error reloading microcode on CPU %d\n", cpu); +- return -1; +- /* siblings return UCODE_OK because their engine got updated already */ ++ ret = -1; + } else if (err == UCODE_UPDATED || err == UCODE_OK) { + ret = 1; +- } else { +- return ret; + } + + /* +-- +cgit v1.1 + diff --git a/linux-kernel-patches/14-84749d83758af6576552046b215b9b7f37f9556b.patch b/linux-kernel-patches/14-84749d83758af6576552046b215b9b7f37f9556b.patch new file mode 100644 index 0000000..fb1074f --- /dev/null +++ b/linux-kernel-patches/14-84749d83758af6576552046b215b9b7f37f9556b.patch @@ -0,0 +1,48 @@ +From 84749d83758af6576552046b215b9b7f37f9556b Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Sat, 21 Apr 2018 10:19:29 +0200 +Subject: x86/microcode/intel: Save microcode patch unconditionally + +save_mc_for_early() was a no-op on !CONFIG_HOTPLUG_CPU but the +generic_load_microcode() path saves the microcode patches it has found into +the cache of patches which is used for late loading too. Regardless of +whether CPU hotplug is used or not. + +Make the saving unconditional so that late loading can find the proper +patch. + +Reported-by: Vitezslav Samel +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Vitezslav Samel +Tested-by: Ashok Raj +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20180418081140.GA2439@pc11.op.pod.cz +Link: https://lkml.kernel.org/r/20180421081930.15741-1-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 32b8e57..1c2cfa0 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -485,7 +485,6 @@ static void show_saved_mc(void) + */ + static void save_mc_for_early(u8 *mc, unsigned int size) + { +-#ifdef CONFIG_HOTPLUG_CPU + /* Synchronization during CPU hotplug. */ + static DEFINE_MUTEX(x86_cpu_microcode_mutex); + +@@ -495,7 +494,6 @@ static void save_mc_for_early(u8 *mc, unsigned int size) + show_saved_mc(); + + mutex_unlock(&x86_cpu_microcode_mutex); +-#endif + } + + static bool load_builtin_intel_microcode(struct cpio_data *cp) +-- +cgit v1.1 + diff --git a/releasenote.md b/releasenote.md new file mode 100644 index 0000000..299d2bb --- /dev/null +++ b/releasenote.md @@ -0,0 +1,540 @@ +# Release Notes + +## [microcode-20201027-staging](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201027-staging) + +### Purpose + +- Added Security updates for [TBD](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-tbd.html). + +### New Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile + +### Updated Platforms + +None + +### Removed Platforms + +None + +## [microcode-20201021-staging](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201021-staging) + +### Purpose + +- Added Security updates for [TBD](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-tbd.html). + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 + +### Removed Platforms + +None + +## [microcode-20201008-staging](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201008-staging) + +### Purpose + +- Added Security updates for [TBD](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-tbd.html). + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile +| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile +| APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx +| APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx +| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 + +### Removed Platforms + +None + +## [microcode-20200925-staging](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200925-staging) + +### Purpose + +- Security updates for [TBD](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-tbd.html). + +### New Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 +| CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile +| CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 +| CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 +| CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 +| SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx +| CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 +| CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 +| ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile +| AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile +| KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile +| AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile +| CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile +| WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile +| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 +| CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 +| CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile +| CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile + +### Removed Platforms + +None + +## [microcode-20200616](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200616) + +### Purpose + +- Revert to previous versions due to reported system hang. + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SKL-U/Y | D0 | 06-4e-03/c0 | 000000dc | 000000d6 | Core Gen6 Mobile +| SKL-U23e | K1 | 06-4e-03/c0 | 000000dc | 000000d6 | Core Gen6 Mobile +| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000dc | 000000d6 | Core Gen6; Xeon E3 v5 + +### Removed Platforms + +None + +## [microcode-20200609](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200609) + +### Purpose + +- Security updates for [SA00329](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html). + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| HSW | C0 | 06-3c-03/32 | 00000027 | 00000028 | Core Gen4 +| BDW-U/Y | E0/F0 | 06-3d-04/c0 | 0000002e | 0000002f | Core Gen5 +| HSW-U | C0/D0 | 06-45-01/72 | 00000025 | 00000026 | Core Gen4 +| HSW-H | C0 | 06-46-01/32 | 0000001b | 0000001c | Core Gen4 +| BDW-H/E3 | E0/G0 | 06-47-01/22 | 00000021 | 00000022 | Core Gen5 +| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000dc | Core Gen6 Mobile +| SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000dc | Core Gen6 Mobile +| SKX-SP | B1 | 06-55-03/97 | 01000151 | 01000157 | Xeon Scalable +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02000065 | 02006906 | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 02000065 | 02006906 | Xeon D-21xx +| CLX-SP | B0 | 06-55-06/bf | 0400002c | 04002f01 | Xeon Scalable Gen2 +| CLX-SP | B1 | 06-55-07/bf | 0500002c | 05002f01 | Xeon Scalable Gen2 +| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000dc | Core Gen6; Xeon E3 v5 +| AML-Y22 | H0 | 06-8e-09/10 | 000000ca | 000000d6 | Core Gen8 Mobile +| KBL-U/Y | H0 | 06-8e-09/c0 | 000000ca | 000000d6 | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 000000ca | 000000d6 | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | 000000ca | 000000d6 | Core Gen8 Mobile +| AML-Y42 | V0 | 06-8e-0c/94 | 000000ca | 000000d6 | Core Gen10 Mobile +| CML-Y42 | V0 | 06-8e-0c/94 | 000000ca | 000000d6 | Core Gen10 Mobile +| WHL-U | V0 | 06-8e-0c/94 | 000000ca | 000000d6 | Core Gen8 Mobile +| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000ca | 000000d6 | Core Gen7; Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000ca | 000000d6 | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 000000ca | 000000d6 | Core Gen8 +| CFL-H/S | P0 | 06-9e-0c/22 | 000000ca | 000000d6 | Core Gen9 +| CFL-H | R0 | 06-9e-0d/22 | 000000ca | 000000d6 | Core Gen9 Mobile + +### Removed Platforms + +None + +## [microcode-20200520](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200520) + +### Purpose + +- Update to SA00233. + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SNB-E/EN/EP | C1/M0 | 06-2d-06/6d | 0000061f | 00000621 | Xeon E3/E5, Core X +| SNB-E/EN/EP | C2/M1 | 06-2d-07/6d | 00000718 | 0000071a | Xeon E3/E5, Core X + +### Removed Platforms + +None + +## [microcode-20200508](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200508) + +### Purpose + +- Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| ICL-U/Y | D1 | 06-7e-05/80 | 00000046 | 00000078 | Core Gen10 Mobile + +### Removed Platforms + +None + +## [microcode-20191115](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191115) + +### Purpose + +- Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. +- Update for functional issues. Refer to [8th and 9th Gen Intel® Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. +- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel® Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. +- Update for functional issues. Refer to [6th Gen Intel® Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. +- Update for functional issues. Refer to [Intel® Xeon® E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. +- Update for functional issues. Refer to [Intel® Xeon® E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SKL-U/Y | D0 | 06-4e-03/c0 | 000000d4 | 000000d6 | Core Gen6 Mobile +| SKL-U23e | K1 | 06-4e-03/c0 | 000000d4 | 000000d6 | Core Gen6 Mobile +| SKL-H/S/E3 | N0/R0/S0 | 06-5e-03/36 | 000000d4 | 000000d6 | Core Gen6 +| AML-Y22 | H0 | 06-8e-09/10 | 000000c6 | 000000ca | Core Gen8 Mobile +| KBL-U/Y | H0 | 06-8e-09/c0 | 000000c6 | 000000ca | Core Gen7 Mobile +| KBL-U23e | J1 | 06-8e-09/c0 | 000000c6 | 000000ca | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 000000c6 | 000000ca | Core Gen8 Mobile +| KBL-R U | Y0 | 06-8e-0a/c0 | 000000c6 | 000000ca | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | 000000c6 | 000000ca | Core Gen8 Mobile +| AML-Y42 | V0 | 06-8e-0c/94 | 000000c6 | 000000ca | Core Gen10 Mobile +| WHL-U | V0 | 06-8e-0c/94 | 000000c6 | 000000ca | Core Gen8 Mobile +| CML-U42 | V0 | 06-8e-0c/94 | 000000c6 | 000000ca | Core Gen10 Mobile +| KBL-G/H/S/X/E3 | B0 | 06-9e-09/2a | 000000c6 | 000000ca | Core Gen7 Desktop, Mobile, Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000c6 | 000000ca | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 000000c6 | 000000ca | Core Gen8 +| CFL-S | P0 | 06-9e-0c/22 | 000000c6 | 000000ca | Core Gen9 Desktop +| CFL-H/S/E3 | R0 | 06-9e-0d/22 | 000000c6 | 000000ca | Core Gen9 Desktop, Mobile, Xeon E +| CML-U62 | A0 | 06-a6-00/80 | 000000c6 | 000000ca | Core Gen10 Mobile + +### Removed Platforms + +None + +## [microcode-20191113](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191113) + +### Purpose + +- Security updates for [SA00270](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html). +- Correction in release notes for specific processor to CFL-S only. Prior release showed as CFL-H/S. + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| CFL-S | P0 | 06-9e-0c/22 | 000000ae | 000000c6 | Core Gen9 Desktop + +### Removed Platforms + +None + +## [microcode-20191112](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112) + +### Purpose + +- Security updates for [SA00233](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html). +- Security updates for [SA00270](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html). +- Update to SA00270. + +### New Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| AVN | B0/C0 | 06-4d-08/01 | | 0000012D | Atom C2xxx +| CML-U62 | A0 | 06-a6-00/80 | | 000000c6 | Core Gen10 Mobile +| CNL-U | D0 | 06-66-03/80 | | 0000002a | Core Gen8 Mobile +| SKX-SP | B1 | 06-55-03/97 | | 01000151 | Xeon Scalable +| GKL | B0 | 06-7a-01/01 | | 00000032 | Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100 +| GKL-R | R0 | 06-7a-08/01 | | 00000016 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 +| ICL U/Y | D1 | 06-7e-05/80 | | 00000046 | Core Gen10 Mobile + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SKL U/Y | D0 | 06-4e-03/c0 | 000000cc | 000000d4 | Core Gen6 Mobile +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02000064 | 00000065 | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 02000064 | 00000065 | Xeon D-21xx +| CLX-SP | B0 | 06-55-06/bf | 0400002b | 0400002c | Xeon Scalable Gen2 +| CLX-SP | B1 | 06-55-07/bf | 0500002b | 0500002c | Xeon Scalable Gen2 +| SKL H/S/E3 | R0/N0 | 06-5e-03/36 | 000000cc | 000000d4 | Core Gen6 +| AML-Y22 | H0 | 06-8e-09/10 | 000000b4 | 000000c6 | Core Gen8 Mobile +| KBL-U/Y | H0 | 06-8e-09/c0 | 000000b4 | 000000c6 | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 000000b4 | 000000c6 | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | 000000b8 | 000000c6 | Core Gen8 Mobile +| AML-Y | V0 | 06-8e-0c/94 | 000000b8 | 000000c6 | Core Gen10 Mobile +| CML-U42 | V0 | 06-8e-0c/94 | 000000b8 | 000000c6 | Core Gen10 Mobile +| WHL-U | V0 | 06-8e-0c/94 | 000000b8 | 000000c6 | Core Gen8 Mobile +| KBL-G/X | H0 | 06-9e-09/2a | 000000b4 | 000000c6 | Core Gen7/Gen8 +| KBL-H/S/E3 | B0 | 06-9e-09/2a | 000000b4 | 000000c6 | Core Gen7; Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000b4 | 000000c6 | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 000000b4 | 000000c6 | Core Gen8 +| CFL-H | R0 | 06-9e-0d/22 | 000000b8 | 000000c6 | Core Gen9 Mobile + +### Removed Platforms + +None + +## [microcode-20190918](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20190918) + +### Purpose + +- Update for functional issues. Refer to [Intel® Xeon® Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. +- Update for functional issues. Refer to [Intel® Xeon® E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. +- Security updates for [SA00270](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html). + +### New Platforms + +None + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| BDW-U/Y | E0/F0 | 06-3d-04/c0 | 0000002d | 0000002e | Core Gen5 +| HSX-EX | E0 | 06-3f-04/80 | 00000014 | 00000016 | Xeon E7 v3 +| BDW-H/E3 | E0/G0 | 06-47-01/22 | 00000020 | 00000021 | Core Gen5 +| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000036 | 0b000038 | Xeon E5/E7 v4; Core i7-69xx/68xx +| BDX-DE | V1 | 06-56-02/10 | 0000001a | 0000001c | Xeon D-1520/40 +| BDX-DE | V2/3 | 06-56-03/10 | 07000017 | 07000019 | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 +| BDX-DE | Y0 | 06-56-04/10 | 0f000015 | 0f000017 | Xeon D-1557/59/67/71/77/81/87 +| BDX-NS | A0 | 06-56-05/10 | 0e00000d | 0e00000f | Xeon D-1513N/23/33/43/53 +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 0200005e | 00000064 | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 0200005e | 00000064 | Xeon D-21xx +| CLX-SP | B1 | 06-55-07/bf | 05000021 | 0500002b | Xeon Scalable Gen2 + +### Removed Platforms + +None + +## [microcode-20190618](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20190618) + +### Purpose + +- Security updates for [SA00233](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html). + +### New Platforms + +None + +### Updated Platforms0 + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SNB-E/EN/EP | C1/M0 | 06-2d-06/6d | 0000061d | 0000061f | Xeon E3/E5, Core X +| SNB-E/EN/EP | C2/M1 | 06-2d-07/6d | 00000714 | 00000718 | Xeon E3/E5, Core X + +### Removed Platforms + +None + +## [microcode-20190514a](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20190514a) + +### Purpose + +- Resolved errors in releasenote from microcode-20190514a. + +### New Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| VLV | C0 | 06-37-08/02 | | 00000838 | Atom Z series +| VLV | C0 | 06-37-08/0C | | 00000838 | Celeron N2xxx, Pentium N35xx +| VLV | D0 | 06-37-09/0F | | 0000090c | Atom E38xx +| CHV | C0 | 06-4c-03/01 | | 00000368 | Atom X series +| CHV | D0 | 06-4c-04/01 | | 00000411 | Atom X series +| CLX-SP | B1 | 06-55-07/bf | | 05000021 | Xeon Scalable Gen2 + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SNB | D2/G1/Q0 | 06-2a-07/12 | 0000002e | 0000002f | Core Gen2 +| IVB | E1/L1 | 06-3a-09/12 | 00000020 | 00000021 | Core Gen3 +| HSW | C0 | 06-3c-03/32 | 00000025 | 00000027 | Core Gen4 +| BDW-U/Y | E0/F0 | 06-3d-04/c0 | 0000002b | 0000002d | Core Gen5 +| IVB-E/EP | C1/M1/S1 | 06-3e-04/ed | 0000042d | 0000042e | Core Gen3 X Series; Xeon E5 v2 +| IVB-EX | D1 | 06-3e-07/ed | 00000714 | 00000715 | Xeon E7 v2 +| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000041 | 00000043 | Core Gen4 X series; Xeon E5 v3 +| HSX-EX | E0 | 06-3f-04/80 | 00000013 | 00000014 | Xeon E7 v3 +| HSW-U | C0/D0 | 06-45-01/72 | 00000024 | 00000025 | Core Gen4 +| HSW-H | C0 | 06-46-01/32 | 0000001a | 0000001b | Core Gen4 +| BDW-H/E3 | E0/G0 | 06-47-01/22 | 0000001e | 00000020 | Core Gen5 +| SKL-U/Y | D0/K1 | 06-4e-03/c0 | 000000c6 | 000000cc | Core Gen6 +| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b00002e | 0b000036 | Xeon E5/E7 v4; Core i7-69xx/68xx +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 0200005a | 0000005e | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 0200005a | 0000005e | Xeon D-21xx +| BDX-DE | V1 | 06-56-02/10 | 00000019 | 0000001a | Xeon D-1520/40 +| BDX-DE | V2/3 | 06-56-03/10 | 07000016 | 07000017 | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 +| BDX-DE | Y0 | 06-56-04/10 | 0f000014 | 0f000015 | Xeon D-1557/59/67/71/77/81/87 +| BDX-NS | A0 | 06-56-05/10 | 0e00000c | 0e00000d | Xeon D-1513N/23/33/43/53 +| APL | D0 | 06-5c-09/03 | 00000036 | 00000038 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx +| APL | E0 | 06-5c-0a/03 | 0000000c | 00000016 | Atom x5-E39xx +| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000c6 | 000000cc | Core Gen6; Xeon E3 v5 +| DNV | B0 | 06-5f-01/01 | 00000024 | 0000002e | Atom C Series +| GLK | B0 | 06-7a-01/01 | 0000002c | 0000002e | Pentium Silver N/J5xxx, Celeron N/J4xxx +| AML-Y22 | H0 | 06-8e-09/10 | 0000009e | 000000b4 | Core Gen8 Mobile +| KBL-U/Y | H0 | 06-8e-09/c0 | 0000009a | 000000b4 | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 0000009e | 000000b4 | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | 000000a4 | 000000b8 | Core Gen8 Mobile +| WHL-U | V0 | 06-8e-0d/94 | 000000b2 | 000000b8 | Core Gen8 Mobile +| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 0000009a | 000000b4 | Core Gen7; Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000aa | 000000b4 | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 000000aa | 000000b4 | Core Gen8 +| CFL-H/S | P0 | 06-9e-0c/22 | 000000a2 | 000000ae | Core Gen9 +| CFL-H | R0 | 06-9e-0d/22 | 000000b0 | 000000b8 | Core Gen9 Mobile + +### Removed Platforms + +None + +## [microcode-20190514](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20190514) + +### Purpose + +- Security updates for [SA00233](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html). + +### New Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| VLV | C0 | 06-37-08/02 | | 00000838 | Atom Z series +| VLV | C0 | 06-37-08/0C | | 00000838 | Celeron N2xxx, Pentium N35xx +| VLV | D0 | 06-37-09/0F | | 0000090c | Atom E38xx +| CHV | C0 | 06-4c-03/01 | | 00000368 | Atom X series +| CHV | D0 | 06-4c-04/01 | | 00000411 | Atom X series +| CLX-SP | B1 | 06-55-07/bf | | 05000021 | Xeon Scalable Gen2 + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| SNB | D2/G1/Q0 | 06-2a-07/12 | 0000002e | 0000002f | Core Gen2 +| IVB | E1/L1 | 06-3a-09/12 | 00000020 | 00000021 | Core Gen3 +| HSW | C0 | 06-3c-03/32 | 00000025 | 00000027 | Core Gen4 +| BDW-U/Y | E0/F0 | 06-3d-04/c0 | 0000002b | 0000002d | Core Gen5 +| IVB-E/EP | C1/M1/S1 | 06-3e-04/ed | 0000042e | 0000042f | Core Gen3 X Series; Xeon E5 v2 +| IVB-EX | D1 | 06-3e-07/ed | 00000714 | 00000715 | Xeon E7 v2 +| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000041 | 00000043 | Core Gen4 X series; Xeon E5 v3 +| HSX-EX | E0 | 06-3f-04/80 | 00000013 | 00000014 | Xeon E7 v3 +| HSW-U | C0/D0 | 06-45-01/72 | 00000024 | 00000025 | Core Gen4 +| HSW-H | C0 | 06-46-01/32 | 0000001a | 0000001b | Core Gen4 +| BDW-H/E3 | E0/G0 | 06-47-01/22 | 0000001e | 00000020 | Core Gen5 +| SKL-U/Y | D0/K1 | 06-4e-03/c0 | 000000c6 | 000000cc | Core Gen6 +| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b00002e | 00000036 | Xeon E5/E7 v4; Core i7-69xx/68xx +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 0200005a | 0000005e | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 0200005a | 0000005e | Xeon D-21xx +| BDX-DE | V1 | 06-56-02/10 | 00000019 | 0000001a | Xeon D-1520/40 +| BDX-DE | V2/3 | 06-56-03/10 | 07000016 | 07000017 | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 +| BDX-DE | Y0 | 06-56-04/10 | 0f000014 | 0f000015 | Xeon D-1557/59/67/71/77/81/87 +| BDX-NS | A0 | 06-56-05/10 | 0e00000c | 0e00000d | Xeon D-1513N/23/33/43/53 +| APL | D0 | 06-5c-09/03 | 00000036 | 00000038 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx +| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000c6 | 000000cc | Core Gen6; Xeon E3 v5 +| DNV | B0 | 06-5f-01/01 | 00000024 | 0000002e | Atom C Series +| GLK | B0 | 06-7a-01/01 | 0000002c | 0000002e | Pentium Silver N/J5xxx, Celeron N/J4xxx +| AML-Y22 | H0 | 06-8e-09/10 | 0000009e | 000000b4 | Core Gen8 Mobile +| KBL-U/Y | H0 | 06-8e-09/c0 | 0000009a | 000000b4 | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 0000009e | 000000b4 | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | 000000a4 | 000000b8 | Core Gen8 Mobile +| WHL-U | V0 | 06-8e-0d/94 | 000000b2 | 000000b8 | Core Gen8 Mobile +| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 0000009a | 000000b4 | Core Gen7; Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000aa | 000000b4 | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 000000aa | 000000b4 | Core Gen8 +| CFL-H/S | P0 | 06-9e-0c/22 | 000000a2 | 000000ae | Core Gen9 +| CFL-H | R0 | 06-9e-0d/22 | 000000b0 | 000000b8 | Core Gen9 Mobile + +### Removed Platforms + +None + +## [microcode-20190312](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20190312) + +### Purpose + +- Security updates for [SA00088](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00088.html). + +### New Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| AML-Y22 | H0 | 06-8e-09/10 | | 0000009e | Core Gen8 Mobile +| WHL-U | W0 | 06-8e-0b/d0 | | 000000a4 | Core Gen8 Mobile +| WHL-U | V0 | 06-8e-0d/94 | | 000000b2 | Core Gen8 Mobile +| CFL-S | P0 | 06-9e-0c/22 | | 000000a2 | Core Gen9 Desktop +| CFL-H | R0 | 06-9e-0d/22 | | 000000b0 | Core Gen9 Mobile + +### Updated Platforms + +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:--------- +| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 0000003d | 00000041 | Core Gen4 X series; Xeon E5 v3 +| HSX-EX | E0 | 06-3f-04/80 | 00000012 | 00000013 | Xeon E7 v3 +| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 0200004d | 0000005a | Xeon Scalable +| SKX-D | M1 | 06-55-04/b7 | 0200004d | 0000005a | Xeon D-21xx +| BDX-DE | V1 | 06-56-02/10 | 00000017 | 00000019 | Xeon D-1520/40 +| BDX-DE | V2/3 | 06-56-03/10 | 07000013 | 07000016 | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 +| BDX-DE | Y0 | 06-56-04/10 | 0f000012 | 0f000014 | Xeon D-1557/59/67/71/77/81/87 +| BDX-NS | A0 | 06-56-05/10 | 0e00000a | 0e00000c | Xeon D-1513N/23/33/43/53 +| APL | D0 | 06-5c-09/03 | 00000032 | 00000036 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx +| APL | E0 | 06-5c-0a/03 | 0000000c | 00000010 | Atom x5/7-E39xx +| GLK | B0 | 06-7a-01/01 | 00000028 | 0000002c | Pentium Silver N/J5xxx, Celeron N/J4xxx +| KBL-U/Y | H0 | 06-8e-09/c0 | 0000008e | 0000009a | Core Gen7 Mobile +| CFL-U43e | D0 | 06-8e-0a/c0 | 00000096 | 0000009e | Core Gen8 Mobile +| KBL-H/S/E3 | B0 | 06-9e-09/2a | 0000008e | 0000009a | Core Gen7; Xeon E3 v6 +| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 00000096 | 000000aa | Core Gen8 Desktop, Mobile, Xeon E +| CFL-S | B0 | 06-9e-0b/02 | 0000008e | 000000aa | Core Gen8 + +### Removed Platforms + +None diff --git a/security.md b/security.md new file mode 100644 index 0000000..3193a4d --- /dev/null +++ b/security.md @@ -0,0 +1,39 @@ +# Security Policy + +## Report a Vulnerability + +If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to [secure@intel.com](mailto:secure@intel.com). Encrypt sensitive information using our [PGP public key](https://www.intel.com/content/www/us/en/security-center/pgp-public-key.html). + +Please provide as much information as possible, including: + +- The products and versions affected +- Detailed description of the vulnerability +- Information on known exploits + +A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see: + +- [Vulnerability handling guidelines](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html) + +For issues related to Intel's external web presence (Intel.com and related subdomains), please contact [Intel's External Security Research team](mailto:external.security.research@intel.com). + +## Intel's Bug Bounty Program + +Intel Corporation believes that working with skilled security researchers across the globe is a crucial part of identifying and mitigating security vulnerabilities in Intel products. + +Like other major technology companies, Intel incentivizes security researchers to report security vulnerabilities in Intel products to us to enable a coordinated response. To encourage closer collaboration with the security research community on these kinds of issues, Intel created its Bug Bounty Program. + +If you believe you've found a security vulnerability in an Intel product or technology, we encourage you to notify us through our program and work with us to mitigate and to coordinate disclosure of the vulnerability. + +[Read full details.](https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html) + +## Need product support? + +The [secure@intel.com](mailto:secure@intel.com) e-mail address should only be used for reporting security issues. + +If you... + +- Have questions about the security features of an Intel product +- Require technical support +- Want product updates or patches + +Please visit [Support & Downloads](https://www.intel.com/content/www/us/en/support.html).