diff --git a/intel-ucode-with-caveats/06-4f-01 b/intel-ucode-with-caveats/06-4f-01 new file mode 100644 index 0000000..b38c4a5 Binary files /dev/null and b/intel-ucode-with-caveats/06-4f-01 differ diff --git a/intel-ucode/06-03-02 b/intel-ucode/06-03-02 new file mode 100644 index 0000000..7543c59 Binary files /dev/null and b/intel-ucode/06-03-02 differ diff --git a/intel-ucode/06-05-00 b/intel-ucode/06-05-00 new file mode 100644 index 0000000..6f502e0 Binary files /dev/null and b/intel-ucode/06-05-00 differ diff --git a/intel-ucode/06-05-01 b/intel-ucode/06-05-01 new file mode 100644 index 0000000..de548de Binary files /dev/null and b/intel-ucode/06-05-01 differ diff --git a/intel-ucode/06-05-02 b/intel-ucode/06-05-02 new file mode 100644 index 0000000..3444aff Binary files /dev/null and b/intel-ucode/06-05-02 differ diff --git a/intel-ucode/06-05-03 b/intel-ucode/06-05-03 new file mode 100644 index 0000000..55878ae Binary files /dev/null and b/intel-ucode/06-05-03 differ diff --git a/intel-ucode/06-06-00 b/intel-ucode/06-06-00 new file mode 100644 index 0000000..fd9a8a7 Binary files /dev/null and b/intel-ucode/06-06-00 differ diff --git a/intel-ucode/06-06-05 b/intel-ucode/06-06-05 new file mode 100644 index 0000000..522c0db Binary files /dev/null and b/intel-ucode/06-06-05 differ diff --git a/intel-ucode/06-06-0a b/intel-ucode/06-06-0a new file mode 100644 index 0000000..d3aa9ce Binary files /dev/null and b/intel-ucode/06-06-0a differ diff --git a/intel-ucode/06-06-0d b/intel-ucode/06-06-0d new file mode 100644 index 0000000..6e38e60 Binary files /dev/null and b/intel-ucode/06-06-0d differ diff --git a/intel-ucode/06-07-01 b/intel-ucode/06-07-01 new file mode 100644 index 0000000..e030715 Binary files /dev/null and b/intel-ucode/06-07-01 differ diff --git a/intel-ucode/06-07-02 b/intel-ucode/06-07-02 new file mode 100644 index 0000000..d6c9bb7 Binary files /dev/null and b/intel-ucode/06-07-02 differ diff --git a/intel-ucode/06-07-03 b/intel-ucode/06-07-03 new file mode 100644 index 0000000..ad8bfe4 Binary files /dev/null and b/intel-ucode/06-07-03 differ diff --git a/intel-ucode/06-08-01 b/intel-ucode/06-08-01 new file mode 100644 index 0000000..b40b4c0 Binary files /dev/null and b/intel-ucode/06-08-01 differ diff --git a/intel-ucode/06-08-03 b/intel-ucode/06-08-03 new file mode 100644 index 0000000..659c72c Binary files /dev/null and b/intel-ucode/06-08-03 differ diff --git a/intel-ucode/06-08-06 b/intel-ucode/06-08-06 new file mode 100644 index 0000000..35096c0 Binary files /dev/null and b/intel-ucode/06-08-06 differ diff --git a/intel-ucode/06-08-0a b/intel-ucode/06-08-0a new file mode 100644 index 0000000..fd67bdd Binary files /dev/null and b/intel-ucode/06-08-0a differ diff --git a/intel-ucode/06-09-05 b/intel-ucode/06-09-05 new file mode 100644 index 0000000..e3d6342 Binary files /dev/null and b/intel-ucode/06-09-05 differ diff --git a/intel-ucode/06-0a-00 b/intel-ucode/06-0a-00 new file mode 100644 index 0000000..184c3f4 Binary files /dev/null and b/intel-ucode/06-0a-00 differ diff --git a/intel-ucode/06-0a-01 b/intel-ucode/06-0a-01 new file mode 100644 index 0000000..2fef7ce Binary files /dev/null and b/intel-ucode/06-0a-01 differ diff --git a/intel-ucode/06-0b-01 b/intel-ucode/06-0b-01 new file mode 100644 index 0000000..92fbf6a Binary files /dev/null and b/intel-ucode/06-0b-01 differ diff --git a/intel-ucode/06-0b-04 b/intel-ucode/06-0b-04 new file mode 100644 index 0000000..e08e73c Binary files /dev/null and b/intel-ucode/06-0b-04 differ diff --git a/intel-ucode/06-0d-06 b/intel-ucode/06-0d-06 new file mode 100644 index 0000000..d11772c Binary files /dev/null and b/intel-ucode/06-0d-06 differ diff --git a/intel-ucode/06-0e-08 b/intel-ucode/06-0e-08 new file mode 100644 index 0000000..d31fa24 Binary files /dev/null and b/intel-ucode/06-0e-08 differ diff --git a/intel-ucode/06-0e-0c b/intel-ucode/06-0e-0c new file mode 100644 index 0000000..e2b5a54 Binary files /dev/null and b/intel-ucode/06-0e-0c differ diff --git a/intel-ucode/06-0f-02 b/intel-ucode/06-0f-02 new file mode 100644 index 0000000..8f31db5 Binary files /dev/null and b/intel-ucode/06-0f-02 differ diff --git a/intel-ucode/06-0f-06 b/intel-ucode/06-0f-06 new file mode 100644 index 0000000..0efcffb Binary files /dev/null and b/intel-ucode/06-0f-06 differ diff --git a/intel-ucode/06-0f-07 b/intel-ucode/06-0f-07 new file mode 100644 index 0000000..5e75b6c Binary files /dev/null and b/intel-ucode/06-0f-07 differ diff --git a/intel-ucode/06-0f-0a b/intel-ucode/06-0f-0a new file mode 100644 index 0000000..436e607 Binary files /dev/null and b/intel-ucode/06-0f-0a differ diff --git a/intel-ucode/06-0f-0b b/intel-ucode/06-0f-0b new file mode 100644 index 0000000..1907ec6 Binary files /dev/null and b/intel-ucode/06-0f-0b differ diff --git a/intel-ucode/06-0f-0d b/intel-ucode/06-0f-0d new file mode 100644 index 0000000..d7e6227 Binary files /dev/null and b/intel-ucode/06-0f-0d differ diff --git a/intel-ucode/06-16-01 b/intel-ucode/06-16-01 new file mode 100644 index 0000000..4e81f95 Binary files /dev/null and b/intel-ucode/06-16-01 differ diff --git a/intel-ucode/06-17-06 b/intel-ucode/06-17-06 new file mode 100644 index 0000000..93a69eb Binary files /dev/null and b/intel-ucode/06-17-06 differ diff --git a/intel-ucode/06-17-07 b/intel-ucode/06-17-07 new file mode 100644 index 0000000..cc6bc81 Binary files /dev/null and b/intel-ucode/06-17-07 differ diff --git a/intel-ucode/06-17-0a b/intel-ucode/06-17-0a new file mode 100644 index 0000000..2275d65 Binary files /dev/null and b/intel-ucode/06-17-0a differ diff --git a/intel-ucode/06-1a-04 b/intel-ucode/06-1a-04 new file mode 100644 index 0000000..4604f50 Binary files /dev/null and b/intel-ucode/06-1a-04 differ diff --git a/intel-ucode/06-1a-05 b/intel-ucode/06-1a-05 new file mode 100644 index 0000000..154e08c Binary files /dev/null and b/intel-ucode/06-1a-05 differ diff --git a/intel-ucode/06-1c-02 b/intel-ucode/06-1c-02 new file mode 100644 index 0000000..db30b52 Binary files /dev/null and b/intel-ucode/06-1c-02 differ diff --git a/intel-ucode/06-1c-0a b/intel-ucode/06-1c-0a new file mode 100644 index 0000000..5dcbe9a Binary files /dev/null and b/intel-ucode/06-1c-0a differ diff --git a/intel-ucode/06-1d-01 b/intel-ucode/06-1d-01 new file mode 100644 index 0000000..fc9c5f4 Binary files /dev/null and b/intel-ucode/06-1d-01 differ diff --git a/intel-ucode/06-1e-05 b/intel-ucode/06-1e-05 new file mode 100644 index 0000000..b692f51 Binary files /dev/null and b/intel-ucode/06-1e-05 differ diff --git a/intel-ucode/06-25-02 b/intel-ucode/06-25-02 new file mode 100644 index 0000000..f63ee55 Binary files /dev/null and b/intel-ucode/06-25-02 differ diff --git a/intel-ucode/06-25-05 b/intel-ucode/06-25-05 new file mode 100644 index 0000000..06bbbc5 Binary files /dev/null and b/intel-ucode/06-25-05 differ diff --git a/intel-ucode/06-26-01 b/intel-ucode/06-26-01 new file mode 100644 index 0000000..355f374 Binary files /dev/null and b/intel-ucode/06-26-01 differ diff --git a/intel-ucode/06-2a-07 b/intel-ucode/06-2a-07 new file mode 100644 index 0000000..844fc1f Binary files /dev/null and b/intel-ucode/06-2a-07 differ diff --git a/intel-ucode/06-2c-02 b/intel-ucode/06-2c-02 new file mode 100644 index 0000000..2a78b4a Binary files /dev/null and b/intel-ucode/06-2c-02 differ diff --git a/intel-ucode/06-2d-06 b/intel-ucode/06-2d-06 new file mode 100644 index 0000000..29eb3e9 Binary files /dev/null and b/intel-ucode/06-2d-06 differ diff --git a/intel-ucode/06-2d-07 b/intel-ucode/06-2d-07 new file mode 100644 index 0000000..23926a0 Binary files /dev/null and b/intel-ucode/06-2d-07 differ diff --git a/intel-ucode/06-2e-06 b/intel-ucode/06-2e-06 new file mode 100644 index 0000000..1ec0402 Binary files /dev/null and b/intel-ucode/06-2e-06 differ diff --git a/intel-ucode/06-2f-02 b/intel-ucode/06-2f-02 new file mode 100644 index 0000000..8cebe97 Binary files /dev/null and b/intel-ucode/06-2f-02 differ diff --git a/intel-ucode/06-37-08 b/intel-ucode/06-37-08 new file mode 100644 index 0000000..513dc1a Binary files /dev/null and b/intel-ucode/06-37-08 differ diff --git a/intel-ucode/06-37-09 b/intel-ucode/06-37-09 new file mode 100644 index 0000000..410fa71 Binary files /dev/null and b/intel-ucode/06-37-09 differ diff --git a/intel-ucode/06-3a-09 b/intel-ucode/06-3a-09 new file mode 100644 index 0000000..896e410 Binary files /dev/null and b/intel-ucode/06-3a-09 differ diff --git a/intel-ucode/06-3c-03 b/intel-ucode/06-3c-03 new file mode 100644 index 0000000..275df73 Binary files /dev/null and b/intel-ucode/06-3c-03 differ diff --git a/intel-ucode/06-3d-04 b/intel-ucode/06-3d-04 new file mode 100644 index 0000000..a788b3c Binary files /dev/null and b/intel-ucode/06-3d-04 differ diff --git a/intel-ucode/06-3e-04 b/intel-ucode/06-3e-04 new file mode 100644 index 0000000..b60f219 Binary files /dev/null and b/intel-ucode/06-3e-04 differ diff --git a/intel-ucode/06-3e-06 b/intel-ucode/06-3e-06 new file mode 100644 index 0000000..41b2d07 Binary files /dev/null and b/intel-ucode/06-3e-06 differ diff --git a/intel-ucode/06-3e-07 b/intel-ucode/06-3e-07 new file mode 100644 index 0000000..21a97de Binary files /dev/null and b/intel-ucode/06-3e-07 differ diff --git a/intel-ucode/06-3f-02 b/intel-ucode/06-3f-02 new file mode 100644 index 0000000..8445583 Binary files /dev/null and b/intel-ucode/06-3f-02 differ diff --git a/intel-ucode/06-3f-04 b/intel-ucode/06-3f-04 new file mode 100644 index 0000000..2cdbb7c Binary files /dev/null and b/intel-ucode/06-3f-04 differ diff --git a/intel-ucode/06-45-01 b/intel-ucode/06-45-01 new file mode 100644 index 0000000..1fe82fd Binary files /dev/null and b/intel-ucode/06-45-01 differ diff --git a/intel-ucode/06-46-01 b/intel-ucode/06-46-01 new file mode 100644 index 0000000..36a651f Binary files /dev/null and b/intel-ucode/06-46-01 differ diff --git a/intel-ucode/06-47-01 b/intel-ucode/06-47-01 new file mode 100644 index 0000000..b8dbcb5 Binary files /dev/null and b/intel-ucode/06-47-01 differ diff --git a/intel-ucode/06-4c-03 b/intel-ucode/06-4c-03 new file mode 100644 index 0000000..f23284f Binary files /dev/null and b/intel-ucode/06-4c-03 differ diff --git a/intel-ucode/06-4c-04 b/intel-ucode/06-4c-04 new file mode 100644 index 0000000..b0b003b Binary files /dev/null and b/intel-ucode/06-4c-04 differ diff --git a/intel-ucode/06-4d-08 b/intel-ucode/06-4d-08 new file mode 100644 index 0000000..7c66bec Binary files /dev/null and b/intel-ucode/06-4d-08 differ diff --git a/intel-ucode/06-4e-03 b/intel-ucode/06-4e-03 new file mode 100644 index 0000000..33b963e Binary files /dev/null and b/intel-ucode/06-4e-03 differ diff --git a/intel-ucode/06-55-03 b/intel-ucode/06-55-03 new file mode 100644 index 0000000..f270858 Binary files /dev/null and b/intel-ucode/06-55-03 differ diff --git a/intel-ucode/06-55-04 b/intel-ucode/06-55-04 new file mode 100644 index 0000000..d78784a Binary files /dev/null and b/intel-ucode/06-55-04 differ diff --git a/intel-ucode/06-55-06 b/intel-ucode/06-55-06 new file mode 100644 index 0000000..e0cfe7a Binary files /dev/null and b/intel-ucode/06-55-06 differ diff --git a/intel-ucode/06-55-07 b/intel-ucode/06-55-07 new file mode 100644 index 0000000..0ca9df0 Binary files /dev/null and b/intel-ucode/06-55-07 differ diff --git a/intel-ucode/06-56-02 b/intel-ucode/06-56-02 new file mode 100644 index 0000000..2b4c64d Binary files /dev/null and b/intel-ucode/06-56-02 differ diff --git a/intel-ucode/06-56-03 b/intel-ucode/06-56-03 new file mode 100644 index 0000000..37f7333 Binary files /dev/null and b/intel-ucode/06-56-03 differ diff --git a/intel-ucode/06-56-04 b/intel-ucode/06-56-04 new file mode 100644 index 0000000..0e8fc2b Binary files /dev/null and b/intel-ucode/06-56-04 differ diff --git a/intel-ucode/06-56-05 b/intel-ucode/06-56-05 new file mode 100644 index 0000000..b2c17aa Binary files /dev/null and b/intel-ucode/06-56-05 differ diff --git a/intel-ucode/06-5c-02 b/intel-ucode/06-5c-02 new file mode 100644 index 0000000..387e1e2 Binary files /dev/null and b/intel-ucode/06-5c-02 differ diff --git a/intel-ucode/06-5c-09 b/intel-ucode/06-5c-09 new file mode 100644 index 0000000..b999fdb Binary files /dev/null and b/intel-ucode/06-5c-09 differ diff --git a/intel-ucode/06-5c-0a b/intel-ucode/06-5c-0a new file mode 100644 index 0000000..51c8344 Binary files /dev/null and b/intel-ucode/06-5c-0a differ diff --git a/intel-ucode/06-5e-03 b/intel-ucode/06-5e-03 new file mode 100644 index 0000000..4e947ea Binary files /dev/null and b/intel-ucode/06-5e-03 differ diff --git a/intel-ucode/06-5f-01 b/intel-ucode/06-5f-01 new file mode 100644 index 0000000..a1e3d41 Binary files /dev/null and b/intel-ucode/06-5f-01 differ diff --git a/intel-ucode/06-66-03 b/intel-ucode/06-66-03 new file mode 100644 index 0000000..22e36d2 Binary files /dev/null and b/intel-ucode/06-66-03 differ diff --git a/intel-ucode/06-7a-01 b/intel-ucode/06-7a-01 new file mode 100644 index 0000000..c9fcc07 Binary files /dev/null and b/intel-ucode/06-7a-01 differ diff --git a/intel-ucode/06-7a-08 b/intel-ucode/06-7a-08 new file mode 100644 index 0000000..7468c9f Binary files /dev/null and b/intel-ucode/06-7a-08 differ diff --git a/intel-ucode/06-7e-05 b/intel-ucode/06-7e-05 new file mode 100644 index 0000000..5924718 Binary files /dev/null and b/intel-ucode/06-7e-05 differ diff --git a/intel-ucode/06-8e-09 b/intel-ucode/06-8e-09 new file mode 100644 index 0000000..9b6fd63 Binary files /dev/null and b/intel-ucode/06-8e-09 differ diff --git a/intel-ucode/06-8e-0a b/intel-ucode/06-8e-0a new file mode 100644 index 0000000..dc94890 Binary files /dev/null and b/intel-ucode/06-8e-0a differ diff --git a/intel-ucode/06-8e-0b b/intel-ucode/06-8e-0b new file mode 100644 index 0000000..024ff57 Binary files /dev/null and b/intel-ucode/06-8e-0b differ diff --git a/intel-ucode/06-8e-0c b/intel-ucode/06-8e-0c new file mode 100644 index 0000000..d51735c Binary files /dev/null and b/intel-ucode/06-8e-0c differ diff --git a/intel-ucode/06-9e-09 b/intel-ucode/06-9e-09 new file mode 100644 index 0000000..c40b1c3 Binary files /dev/null and b/intel-ucode/06-9e-09 differ diff --git a/intel-ucode/06-9e-0a b/intel-ucode/06-9e-0a new file mode 100644 index 0000000..1e40058 Binary files /dev/null and b/intel-ucode/06-9e-0a differ diff --git a/intel-ucode/06-9e-0b b/intel-ucode/06-9e-0b new file mode 100644 index 0000000..b97eb12 Binary files /dev/null and b/intel-ucode/06-9e-0b differ diff --git a/intel-ucode/06-9e-0c b/intel-ucode/06-9e-0c new file mode 100644 index 0000000..a77f6eb Binary files /dev/null and b/intel-ucode/06-9e-0c differ diff --git a/intel-ucode/06-9e-0d b/intel-ucode/06-9e-0d new file mode 100644 index 0000000..2678318 Binary files /dev/null and b/intel-ucode/06-9e-0d differ diff --git a/intel-ucode/06-a6-00 b/intel-ucode/06-a6-00 new file mode 100644 index 0000000..0ab1930 Binary files /dev/null and b/intel-ucode/06-a6-00 differ diff --git a/intel-ucode/0f-00-07 b/intel-ucode/0f-00-07 new file mode 100644 index 0000000..ba616bb Binary files /dev/null and b/intel-ucode/0f-00-07 differ diff --git a/intel-ucode/0f-00-0a b/intel-ucode/0f-00-0a new file mode 100644 index 0000000..62bd0de Binary files /dev/null and b/intel-ucode/0f-00-0a differ diff --git a/intel-ucode/0f-01-02 b/intel-ucode/0f-01-02 new file mode 100644 index 0000000..a789e0d Binary files /dev/null and b/intel-ucode/0f-01-02 differ diff --git a/intel-ucode/0f-02-04 b/intel-ucode/0f-02-04 new file mode 100644 index 0000000..0240ed7 Binary files /dev/null and b/intel-ucode/0f-02-04 differ diff --git a/intel-ucode/0f-02-05 b/intel-ucode/0f-02-05 new file mode 100644 index 0000000..592851b Binary files /dev/null and b/intel-ucode/0f-02-05 differ diff --git a/intel-ucode/0f-02-06 b/intel-ucode/0f-02-06 new file mode 100644 index 0000000..1fe95c1 Binary files /dev/null and b/intel-ucode/0f-02-06 differ diff --git a/intel-ucode/0f-02-07 b/intel-ucode/0f-02-07 new file mode 100644 index 0000000..c382e13 Binary files /dev/null and b/intel-ucode/0f-02-07 differ diff --git a/intel-ucode/0f-02-09 b/intel-ucode/0f-02-09 new file mode 100644 index 0000000..6fd5a07 Binary files /dev/null and b/intel-ucode/0f-02-09 differ diff --git a/intel-ucode/0f-03-02 b/intel-ucode/0f-03-02 new file mode 100644 index 0000000..00271ee Binary files /dev/null and b/intel-ucode/0f-03-02 differ diff --git a/intel-ucode/0f-03-03 b/intel-ucode/0f-03-03 new file mode 100644 index 0000000..10300a2 Binary files /dev/null and b/intel-ucode/0f-03-03 differ diff --git a/intel-ucode/0f-03-04 b/intel-ucode/0f-03-04 new file mode 100644 index 0000000..27f2b9b Binary files /dev/null and b/intel-ucode/0f-03-04 differ diff --git a/intel-ucode/0f-04-01 b/intel-ucode/0f-04-01 new file mode 100644 index 0000000..6ddf104 Binary files /dev/null and b/intel-ucode/0f-04-01 differ diff --git a/intel-ucode/0f-04-03 b/intel-ucode/0f-04-03 new file mode 100644 index 0000000..0ed7e18 Binary files /dev/null and b/intel-ucode/0f-04-03 differ diff --git a/intel-ucode/0f-04-04 b/intel-ucode/0f-04-04 new file mode 100644 index 0000000..669f659 Binary files /dev/null and b/intel-ucode/0f-04-04 differ diff --git a/intel-ucode/0f-04-07 b/intel-ucode/0f-04-07 new file mode 100644 index 0000000..0d2190c Binary files /dev/null and b/intel-ucode/0f-04-07 differ diff --git a/intel-ucode/0f-04-08 b/intel-ucode/0f-04-08 new file mode 100644 index 0000000..bd87498 Binary files /dev/null and b/intel-ucode/0f-04-08 differ diff --git a/intel-ucode/0f-04-09 b/intel-ucode/0f-04-09 new file mode 100644 index 0000000..3307178 Binary files /dev/null and b/intel-ucode/0f-04-09 differ diff --git a/intel-ucode/0f-04-0a b/intel-ucode/0f-04-0a new file mode 100644 index 0000000..c64296f Binary files /dev/null and b/intel-ucode/0f-04-0a differ diff --git a/intel-ucode/0f-06-02 b/intel-ucode/0f-06-02 new file mode 100644 index 0000000..dbf381c Binary files /dev/null and b/intel-ucode/0f-06-02 differ diff --git a/intel-ucode/0f-06-04 b/intel-ucode/0f-06-04 new file mode 100644 index 0000000..9572727 Binary files /dev/null and b/intel-ucode/0f-06-04 differ diff --git a/intel-ucode/0f-06-05 b/intel-ucode/0f-06-05 new file mode 100644 index 0000000..d02b9dc Binary files /dev/null and b/intel-ucode/0f-06-05 differ diff --git a/intel-ucode/0f-06-08 b/intel-ucode/0f-06-08 new file mode 100644 index 0000000..bdc81f4 Binary files /dev/null and b/intel-ucode/0f-06-08 differ diff --git a/license b/license new file mode 100644 index 0000000..8fbad3d --- /dev/null +++ b/license @@ -0,0 +1,37 @@ +Copyright (c) 2018-2020 Intel Corporation. +All rights reserved. + +Redistribution. + +Redistribution and use in binary form, without modification, are permitted, +provided that the following conditions are met: + +1. Redistributions must reproduce the above copyright notice and the + following disclaimer in the documentation and/or other materials provided + with the distribution. + +2. Neither the name of Intel Corporation nor the names of its suppliers may + be used to endorse or promote products derived from this software without + specific prior written permission. + +3. No reverse engineering, decompilation, or disassembly of this software + is permitted. + + +"Binary form" includes any format that is commonly used for electronic +conveyance that is a reversible, bit-exact translation of binary +representation to ASCII or ISO text, for example "uuencode". + +DISCLAIMER. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/linux-kernel-patches/01-3f1f576a195aa266813cbd4ca70291deb61e0129.patch b/linux-kernel-patches/01-3f1f576a195aa266813cbd4ca70291deb61e0129.patch new file mode 100644 index 0000000..fb895a4 --- /dev/null +++ b/linux-kernel-patches/01-3f1f576a195aa266813cbd4ca70291deb61e0129.patch @@ -0,0 +1,234 @@ +From 3f1f576a195aa266813cbd4ca70291deb61e0129 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 16 Feb 2018 12:26:38 +0100 +Subject: x86/microcode: Propagate return value from updating functions + +... so that callers can know when microcode was updated and act +accordingly. + +Tested-by: Ashok Raj +Signed-off-by: Borislav Petkov +Reviewed-by: Ashok Raj +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20180216112640.11554-2-bp@alien8.de +Signed-off-by: Ingo Molnar +--- + arch/x86/include/asm/microcode.h | 9 +++++++-- + arch/x86/kernel/cpu/microcode/amd.c | 10 +++++----- + arch/x86/kernel/cpu/microcode/core.c | 33 +++++++++++++++++---------------- + arch/x86/kernel/cpu/microcode/intel.c | 10 +++++----- + 4 files changed, 34 insertions(+), 28 deletions(-) + +diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h +index 55520cec..7fb1047 100644 +--- a/arch/x86/include/asm/microcode.h ++++ b/arch/x86/include/asm/microcode.h +@@ -37,7 +37,12 @@ struct cpu_signature { + + struct device; + +-enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND }; ++enum ucode_state { ++ UCODE_OK = 0, ++ UCODE_UPDATED, ++ UCODE_NFOUND, ++ UCODE_ERROR, ++}; + + struct microcode_ops { + enum ucode_state (*request_microcode_user) (int cpu, +@@ -54,7 +59,7 @@ struct microcode_ops { + * are being called. + * See also the "Synchronization" section in microcode_core.c. + */ +- int (*apply_microcode) (int cpu); ++ enum ucode_state (*apply_microcode) (int cpu); + int (*collect_cpu_info) (int cpu, struct cpu_signature *csig); + }; + +diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c +index 330b846..a998e1a 100644 +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -498,7 +498,7 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size, + return patch_size; + } + +-static int apply_microcode_amd(int cpu) ++static enum ucode_state apply_microcode_amd(int cpu) + { + struct cpuinfo_x86 *c = &cpu_data(cpu); + struct microcode_amd *mc_amd; +@@ -512,7 +512,7 @@ static int apply_microcode_amd(int cpu) + + p = find_patch(cpu); + if (!p) +- return 0; ++ return UCODE_NFOUND; + + mc_amd = p->data; + uci->mc = p->data; +@@ -523,13 +523,13 @@ static int apply_microcode_amd(int cpu) + if (rev >= mc_amd->hdr.patch_id) { + c->microcode = rev; + uci->cpu_sig.rev = rev; +- return 0; ++ return UCODE_OK; + } + + if (__apply_microcode_amd(mc_amd)) { + pr_err("CPU%d: update failed for patch_level=0x%08x\n", + cpu, mc_amd->hdr.patch_id); +- return -1; ++ return UCODE_ERROR; + } + pr_info("CPU%d: new patch_level=0x%08x\n", cpu, + mc_amd->hdr.patch_id); +@@ -537,7 +537,7 @@ static int apply_microcode_amd(int cpu) + uci->cpu_sig.rev = mc_amd->hdr.patch_id; + c->microcode = mc_amd->hdr.patch_id; + +- return 0; ++ return UCODE_UPDATED; + } + + static int install_equiv_cpu_table(const u8 *buf) +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 319dd65..6fdaf7c 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -374,7 +374,7 @@ static int collect_cpu_info(int cpu) + } + + struct apply_microcode_ctx { +- int err; ++ enum ucode_state err; + }; + + static void apply_microcode_local(void *arg) +@@ -489,31 +489,29 @@ static void __exit microcode_dev_exit(void) + /* fake device for request_firmware */ + static struct platform_device *microcode_pdev; + +-static int reload_for_cpu(int cpu) ++static enum ucode_state reload_for_cpu(int cpu) + { + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + enum ucode_state ustate; +- int err = 0; + + if (!uci->valid) +- return err; ++ return UCODE_OK; + + ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, true); +- if (ustate == UCODE_OK) +- apply_microcode_on_target(cpu); +- else +- if (ustate == UCODE_ERROR) +- err = -EINVAL; +- return err; ++ if (ustate != UCODE_OK) ++ return ustate; ++ ++ return apply_microcode_on_target(cpu); + } + + static ssize_t reload_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) + { ++ enum ucode_state tmp_ret = UCODE_OK; + unsigned long val; ++ ssize_t ret = 0; + int cpu; +- ssize_t ret = 0, tmp_ret; + + ret = kstrtoul(buf, 0, &val); + if (ret) +@@ -526,15 +524,18 @@ static ssize_t reload_store(struct device *dev, + mutex_lock(µcode_mutex); + for_each_online_cpu(cpu) { + tmp_ret = reload_for_cpu(cpu); +- if (tmp_ret != 0) ++ if (tmp_ret > UCODE_NFOUND) { + pr_warn("Error reloading microcode on CPU %d\n", cpu); + +- /* save retval of the first encountered reload error */ +- if (!ret) +- ret = tmp_ret; ++ /* set retval for the first encountered reload error */ ++ if (!ret) ++ ret = -EINVAL; ++ } + } +- if (!ret) ++ ++ if (!ret && tmp_ret == UCODE_UPDATED) + perf_check_microcode(); ++ + mutex_unlock(µcode_mutex); + put_online_cpus(); + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index a15db2b..923054a 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -772,7 +772,7 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) + return 0; + } + +-static int apply_microcode_intel(int cpu) ++static enum ucode_state apply_microcode_intel(int cpu) + { + struct microcode_intel *mc; + struct ucode_cpu_info *uci; +@@ -782,7 +782,7 @@ static int apply_microcode_intel(int cpu) + + /* We should bind the task to the CPU */ + if (WARN_ON(raw_smp_processor_id() != cpu)) +- return -1; ++ return UCODE_ERROR; + + uci = ucode_cpu_info + cpu; + mc = uci->mc; +@@ -790,7 +790,7 @@ static int apply_microcode_intel(int cpu) + /* Look for a newer patch in our cache: */ + mc = find_patch(uci); + if (!mc) +- return 0; ++ return UCODE_NFOUND; + } + + /* write microcode via MSR 0x79 */ +@@ -801,7 +801,7 @@ static int apply_microcode_intel(int cpu) + if (rev != mc->hdr.rev) { + pr_err("CPU%d update to revision 0x%x failed\n", + cpu, mc->hdr.rev); +- return -1; ++ return UCODE_ERROR; + } + + if (rev != prev_rev) { +@@ -818,7 +818,7 @@ static int apply_microcode_intel(int cpu) + uci->cpu_sig.rev = rev; + c->microcode = rev; + +- return 0; ++ return UCODE_UPDATED; + } + + static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, +-- +cgit v1.1 + diff --git a/linux-kernel-patches/02-1008c52c09dcb23d93f8e0ea83a6246265d2cce0.patch b/linux-kernel-patches/02-1008c52c09dcb23d93f8e0ea83a6246265d2cce0.patch new file mode 100644 index 0000000..df8b5d3 --- /dev/null +++ b/linux-kernel-patches/02-1008c52c09dcb23d93f8e0ea83a6246265d2cce0.patch @@ -0,0 +1,90 @@ +From 1008c52c09dcb23d93f8e0ea83a6246265d2cce0 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 16 Feb 2018 12:26:39 +0100 +Subject: x86/CPU: Add a microcode loader callback + +Add a callback function which the microcode loader calls when microcode +has been updated to a newer revision. Do the callback only when no error +was encountered during loading. + +Tested-by: Ashok Raj +Signed-off-by: Borislav Petkov +Reviewed-by: Ashok Raj +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20180216112640.11554-3-bp@alien8.de +Signed-off-by: Ingo Molnar +--- + arch/x86/include/asm/processor.h | 1 + + arch/x86/kernel/cpu/common.c | 10 ++++++++++ + arch/x86/kernel/cpu/microcode/core.c | 8 ++++++-- + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h +index 1bd9ed8..b0ccd48 100644 +--- a/arch/x86/include/asm/processor.h ++++ b/arch/x86/include/asm/processor.h +@@ -977,4 +977,5 @@ bool xen_set_default_idle(void); + + void stop_this_cpu(void *dummy); + void df_debug(struct pt_regs *regs, long error_code); ++void microcode_check(void); + #endif /* _ASM_X86_PROCESSOR_H */ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 824aee0..84f1cd8 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1749,3 +1749,13 @@ static int __init init_cpu_syscore(void) + return 0; + } + core_initcall(init_cpu_syscore); ++ ++/* ++ * The microcode loader calls this upon late microcode load to recheck features, ++ * only when microcode has been updated. Caller holds microcode_mutex and CPU ++ * hotplug lock. ++ */ ++void microcode_check(void) ++{ ++ perf_check_microcode(); ++} +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 6fdaf7c..aa1b9a4 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -509,6 +509,7 @@ static ssize_t reload_store(struct device *dev, + const char *buf, size_t size) + { + enum ucode_state tmp_ret = UCODE_OK; ++ bool do_callback = false; + unsigned long val; + ssize_t ret = 0; + int cpu; +@@ -531,10 +532,13 @@ static ssize_t reload_store(struct device *dev, + if (!ret) + ret = -EINVAL; + } ++ ++ if (tmp_ret == UCODE_UPDATED) ++ do_callback = true; + } + +- if (!ret && tmp_ret == UCODE_UPDATED) +- perf_check_microcode(); ++ if (!ret && do_callback) ++ microcode_check(); + + mutex_unlock(µcode_mutex); + put_online_cpus(); +-- +cgit v1.1 + diff --git a/linux-kernel-patches/03-42ca8082e260dcfd8afa2afa6ec1940b9d41724c.patch b/linux-kernel-patches/03-42ca8082e260dcfd8afa2afa6ec1940b9d41724c.patch new file mode 100644 index 0000000..b4a17ca --- /dev/null +++ b/linux-kernel-patches/03-42ca8082e260dcfd8afa2afa6ec1940b9d41724c.patch @@ -0,0 +1,64 @@ +From 42ca8082e260dcfd8afa2afa6ec1940b9d41724c Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 16 Feb 2018 12:26:40 +0100 +Subject: x86/CPU: Check CPU feature bits after microcode upgrade + +With some microcode upgrades, new CPUID features can become visible on +the CPU. Check what the kernel has mirrored now and issue a warning +hinting at possible things the user/admin can do to make use of the +newly visible features. + +Originally-by: Ashok Raj +Tested-by: Ashok Raj +Signed-off-by: Borislav Petkov +Reviewed-by: Ashok Raj +Cc: Andy Lutomirski +Cc: Arjan van de Ven +Cc: Borislav Petkov +Cc: Dan Williams +Cc: Dave Hansen +Cc: David Woodhouse +Cc: Greg Kroah-Hartman +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20180216112640.11554-4-bp@alien8.de +Signed-off-by: Ingo Molnar +--- + arch/x86/kernel/cpu/common.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 84f1cd8..348cf48 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1757,5 +1757,25 @@ core_initcall(init_cpu_syscore); + */ + void microcode_check(void) + { ++ struct cpuinfo_x86 info; ++ + perf_check_microcode(); ++ ++ /* Reload CPUID max function as it might've changed. */ ++ info.cpuid_level = cpuid_eax(0); ++ ++ /* ++ * Copy all capability leafs to pick up the synthetic ones so that ++ * memcmp() below doesn't fail on that. The ones coming from CPUID will ++ * get overwritten in get_cpu_cap(). ++ */ ++ memcpy(&info.x86_capability, &boot_cpu_data.x86_capability, sizeof(info.x86_capability)); ++ ++ get_cpu_cap(&info); ++ ++ if (!memcmp(&info.x86_capability, &boot_cpu_data.x86_capability, sizeof(info.x86_capability))) ++ return; ++ ++ pr_warn("x86/CPU: CPU features have changed after loading microcode, but might not take effect.\n"); ++ pr_warn("x86/CPU: Please consider either early loading through initrd/built-in or a potential BIOS update.\n"); + } +-- +cgit v1.1 + diff --git a/linux-kernel-patches/04-854857f5944c59a881ff607b37ed9ed41d031a3b.patch b/linux-kernel-patches/04-854857f5944c59a881ff607b37ed9ed41d031a3b.patch new file mode 100644 index 0000000..e618885 --- /dev/null +++ b/linux-kernel-patches/04-854857f5944c59a881ff607b37ed9ed41d031a3b.patch @@ -0,0 +1,62 @@ +From 854857f5944c59a881ff607b37ed9ed41d031a3b Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 28 Feb 2018 11:28:40 +0100 +Subject: x86/microcode: Get rid of struct apply_microcode_ctx + +It is a useless remnant from earlier times. Use the ucode_state enum +directly. + +No functional change. + +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-2-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index aa1b9a4..6337065 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -373,26 +373,23 @@ static int collect_cpu_info(int cpu) + return ret; + } + +-struct apply_microcode_ctx { +- enum ucode_state err; +-}; +- + static void apply_microcode_local(void *arg) + { +- struct apply_microcode_ctx *ctx = arg; ++ enum ucode_state *err = arg; + +- ctx->err = microcode_ops->apply_microcode(smp_processor_id()); ++ *err = microcode_ops->apply_microcode(smp_processor_id()); + } + + static int apply_microcode_on_target(int cpu) + { +- struct apply_microcode_ctx ctx = { .err = 0 }; ++ enum ucode_state err; + int ret; + +- ret = smp_call_function_single(cpu, apply_microcode_local, &ctx, 1); +- if (!ret) +- ret = ctx.err; +- ++ ret = smp_call_function_single(cpu, apply_microcode_local, &err, 1); ++ if (!ret) { ++ if (err == UCODE_ERROR) ++ ret = 1; ++ } + return ret; + } + +-- +cgit v1.1 + diff --git a/linux-kernel-patches/05-c182d2b7d0ca48e0d6ff16f7d883161238c447ed.patch b/linux-kernel-patches/05-c182d2b7d0ca48e0d6ff16f7d883161238c447ed.patch new file mode 100644 index 0000000..0f868bf --- /dev/null +++ b/linux-kernel-patches/05-c182d2b7d0ca48e0d6ff16f7d883161238c447ed.patch @@ -0,0 +1,90 @@ +From c182d2b7d0ca48e0d6ff16f7d883161238c447ed Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:41 +0100 +Subject: x86/microcode/intel: Check microcode revision before updating sibling + threads + +After updating microcode on one of the threads of a core, the other +thread sibling automatically gets the update since the microcode +resources on a hyperthreaded core are shared between the two threads. + +Check the microcode revision on the CPU before performing a microcode +update and thus save us the WRMSR 0x79 because it is a particularly +expensive operation. + +[ Borislav: Massage changelog and coding style. ] + +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: http://lkml.kernel.org/r/1519352533-15992-2-git-send-email-ashok.raj@intel.com +Link: https://lkml.kernel.org/r/20180228102846.13447-3-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 27 ++++++++++++++++++++++++--- + 1 file changed, 24 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 923054a..87bd6dc 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -589,6 +589,17 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) + if (!mc) + return 0; + ++ /* ++ * Save us the MSR write below - which is a particular expensive ++ * operation - when the other hyperthread has updated the microcode ++ * already. ++ */ ++ rev = intel_get_microcode_revision(); ++ if (rev >= mc->hdr.rev) { ++ uci->cpu_sig.rev = rev; ++ return UCODE_OK; ++ } ++ + /* write microcode via MSR 0x79 */ + native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +@@ -776,7 +787,7 @@ static enum ucode_state apply_microcode_intel(int cpu) + { + struct microcode_intel *mc; + struct ucode_cpu_info *uci; +- struct cpuinfo_x86 *c; ++ struct cpuinfo_x86 *c = &cpu_data(cpu); + static int prev_rev; + u32 rev; + +@@ -793,6 +804,18 @@ static enum ucode_state apply_microcode_intel(int cpu) + return UCODE_NFOUND; + } + ++ /* ++ * Save us the MSR write below - which is a particular expensive ++ * operation - when the other hyperthread has updated the microcode ++ * already. ++ */ ++ rev = intel_get_microcode_revision(); ++ if (rev >= mc->hdr.rev) { ++ uci->cpu_sig.rev = rev; ++ c->microcode = rev; ++ return UCODE_OK; ++ } ++ + /* write microcode via MSR 0x79 */ + wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +@@ -813,8 +836,6 @@ static enum ucode_state apply_microcode_intel(int cpu) + prev_rev = rev; + } + +- c = &cpu_data(cpu); +- + uci->cpu_sig.rev = rev; + c->microcode = rev; + +-- +cgit v1.1 + diff --git a/linux-kernel-patches/06-91df9fdf51492aec9fed6b4cbd33160886740f47.patch b/linux-kernel-patches/06-91df9fdf51492aec9fed6b4cbd33160886740f47.patch new file mode 100644 index 0000000..ab9c49e --- /dev/null +++ b/linux-kernel-patches/06-91df9fdf51492aec9fed6b4cbd33160886740f47.patch @@ -0,0 +1,58 @@ +From 91df9fdf51492aec9fed6b4cbd33160886740f47 Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:42 +0100 +Subject: x86/microcode/intel: Writeback and invalidate caches before updating + microcode + +Updating microcode is less error prone when caches have been flushed and +depending on what exactly the microcode is updating. For example, some +of the issues around certain Broadwell parts can be addressed by doing a +full cache flush. + +[ Borislav: Massage it and use native_wbinvd() in both cases. ] + +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: http://lkml.kernel.org/r/1519352533-15992-3-git-send-email-ashok.raj@intel.com +Link: https://lkml.kernel.org/r/20180228102846.13447-4-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 87bd6dc..e2864bc 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -600,6 +600,12 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) + return UCODE_OK; + } + ++ /* ++ * Writeback and invalidate caches before updating microcode to avoid ++ * internal issues depending on what the microcode is updating. ++ */ ++ native_wbinvd(); ++ + /* write microcode via MSR 0x79 */ + native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +@@ -816,6 +822,12 @@ static enum ucode_state apply_microcode_intel(int cpu) + return UCODE_OK; + } + ++ /* ++ * Writeback and invalidate caches before updating microcode to avoid ++ * internal issues depending on what the microcode is updating. ++ */ ++ native_wbinvd(); ++ + /* write microcode via MSR 0x79 */ + wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); + +-- +cgit v1.1 + diff --git a/linux-kernel-patches/07-30ec26da9967d0d785abc24073129a34c3211777.patch b/linux-kernel-patches/07-30ec26da9967d0d785abc24073129a34c3211777.patch new file mode 100644 index 0000000..d785ad2 --- /dev/null +++ b/linux-kernel-patches/07-30ec26da9967d0d785abc24073129a34c3211777.patch @@ -0,0 +1,71 @@ +From 30ec26da9967d0d785abc24073129a34c3211777 Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:43 +0100 +Subject: x86/microcode: Do not upload microcode if CPUs are offline + +Avoid loading microcode if any of the CPUs are offline, and issue a +warning. Having different microcode revisions on the system at any time +is outright dangerous. + +[ Borislav: Massage changelog. ] + +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Reviewed-by: Tom Lendacky +Cc: Arjan Van De Ven +Link: http://lkml.kernel.org/r/1519352533-15992-4-git-send-email-ashok.raj@intel.com +Link: https://lkml.kernel.org/r/20180228102846.13447-5-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 6337065..fa32cb3 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -486,6 +486,16 @@ static void __exit microcode_dev_exit(void) + /* fake device for request_firmware */ + static struct platform_device *microcode_pdev; + ++static int check_online_cpus(void) ++{ ++ if (num_online_cpus() == num_present_cpus()) ++ return 0; ++ ++ pr_err("Not all CPUs online, aborting microcode update.\n"); ++ ++ return -EINVAL; ++} ++ + static enum ucode_state reload_for_cpu(int cpu) + { + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; +@@ -519,7 +529,13 @@ static ssize_t reload_store(struct device *dev, + return size; + + get_online_cpus(); ++ ++ ret = check_online_cpus(); ++ if (ret) ++ goto put; ++ + mutex_lock(µcode_mutex); ++ + for_each_online_cpu(cpu) { + tmp_ret = reload_for_cpu(cpu); + if (tmp_ret > UCODE_NFOUND) { +@@ -538,6 +554,8 @@ static ssize_t reload_store(struct device *dev, + microcode_check(); + + mutex_unlock(µcode_mutex); ++ ++put: + put_online_cpus(); + + if (!ret) +-- +cgit v1.1 + diff --git a/linux-kernel-patches/08-d8c3b52c00a05036e0a6b315b4b17921a7b67997.patch b/linux-kernel-patches/08-d8c3b52c00a05036e0a6b315b4b17921a7b67997.patch new file mode 100644 index 0000000..66699ff --- /dev/null +++ b/linux-kernel-patches/08-d8c3b52c00a05036e0a6b315b4b17921a7b67997.patch @@ -0,0 +1,54 @@ +From d8c3b52c00a05036e0a6b315b4b17921a7b67997 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 28 Feb 2018 11:28:44 +0100 +Subject: x86/microcode/intel: Look into the patch cache first + +The cache might contain a newer patch - look in there first. + +A follow-on change will make sure newest patches are loaded into the +cache of microcode patches. + +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-6-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index e2864bc..2aded9d 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -791,9 +791,9 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig) + + static enum ucode_state apply_microcode_intel(int cpu) + { +- struct microcode_intel *mc; +- struct ucode_cpu_info *uci; ++ struct ucode_cpu_info *uci = ucode_cpu_info + cpu; + struct cpuinfo_x86 *c = &cpu_data(cpu); ++ struct microcode_intel *mc; + static int prev_rev; + u32 rev; + +@@ -801,11 +801,10 @@ static enum ucode_state apply_microcode_intel(int cpu) + if (WARN_ON(raw_smp_processor_id() != cpu)) + return UCODE_ERROR; + +- uci = ucode_cpu_info + cpu; +- mc = uci->mc; ++ /* Look for a newer patch in our cache: */ ++ mc = find_patch(uci); + if (!mc) { +- /* Look for a newer patch in our cache: */ +- mc = find_patch(uci); ++ mc = uci->mc; + if (!mc) + return UCODE_NFOUND; + } +-- +cgit v1.1 + diff --git a/linux-kernel-patches/09-cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117.patch b/linux-kernel-patches/09-cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117.patch new file mode 100644 index 0000000..0541a2b --- /dev/null +++ b/linux-kernel-patches/09-cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117.patch @@ -0,0 +1,67 @@ +From cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 28 Feb 2018 11:28:45 +0100 +Subject: x86/microcode: Request microcode on the BSP + +... so that any newer version can land in the cache and can later be +fished out by the application functions. Do that before grabbing the +hotplug lock. + +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Reviewed-by: Tom Lendacky +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-7-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index fa32cb3..5dd157d 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -499,15 +499,10 @@ static int check_online_cpus(void) + static enum ucode_state reload_for_cpu(int cpu) + { + struct ucode_cpu_info *uci = ucode_cpu_info + cpu; +- enum ucode_state ustate; + + if (!uci->valid) + return UCODE_OK; + +- ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, true); +- if (ustate != UCODE_OK) +- return ustate; +- + return apply_microcode_on_target(cpu); + } + +@@ -515,11 +510,11 @@ static ssize_t reload_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) + { ++ int cpu, bsp = boot_cpu_data.cpu_index; + enum ucode_state tmp_ret = UCODE_OK; + bool do_callback = false; + unsigned long val; + ssize_t ret = 0; +- int cpu; + + ret = kstrtoul(buf, 0, &val); + if (ret) +@@ -528,6 +523,10 @@ static ssize_t reload_store(struct device *dev, + if (val != 1) + return size; + ++ tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true); ++ if (tmp_ret != UCODE_OK) ++ return size; ++ + get_online_cpus(); + + ret = check_online_cpus(); +-- +cgit v1.1 + diff --git a/linux-kernel-patches/10-a5321aec6412b20b5ad15db2d6b916c05349dbff.patch b/linux-kernel-patches/10-a5321aec6412b20b5ad15db2d6b916c05349dbff.patch new file mode 100644 index 0000000..793d62e --- /dev/null +++ b/linux-kernel-patches/10-a5321aec6412b20b5ad15db2d6b916c05349dbff.patch @@ -0,0 +1,213 @@ +From a5321aec6412b20b5ad15db2d6b916c05349dbff Mon Sep 17 00:00:00 2001 +From: Ashok Raj +Date: Wed, 28 Feb 2018 11:28:46 +0100 +Subject: x86/microcode: Synchronize late microcode loading + +Original idea by Ashok, completely rewritten by Borislav. + +Before you read any further: the early loading method is still the +preferred one and you should always do that. The following patch is +improving the late loading mechanism for long running jobs and cloud use +cases. + +Gather all cores and serialize the microcode update on them by doing it +one-by-one to make the late update process as reliable as possible and +avoid potential issues caused by the microcode update. + +[ Borislav: Rewrite completely. ] + +Co-developed-by: Borislav Petkov +Signed-off-by: Ashok Raj +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Tom Lendacky +Tested-by: Ashok Raj +Reviewed-by: Tom Lendacky +Cc: Arjan Van De Ven +Link: https://lkml.kernel.org/r/20180228102846.13447-8-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 118 +++++++++++++++++++++++++++-------- + 1 file changed, 92 insertions(+), 26 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 5dd157d..70ecbc8 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -22,13 +22,16 @@ + #define pr_fmt(fmt) "microcode: " fmt + + #include ++#include + #include + #include + #include + #include + #include ++#include + #include + #include ++#include + #include + #include + +@@ -64,6 +67,11 @@ LIST_HEAD(microcode_cache); + */ + static DEFINE_MUTEX(microcode_mutex); + ++/* ++ * Serialize late loading so that CPUs get updated one-by-one. ++ */ ++static DEFINE_SPINLOCK(update_lock); ++ + struct ucode_cpu_info ucode_cpu_info[NR_CPUS]; + + struct cpu_info_ctx { +@@ -486,6 +494,19 @@ static void __exit microcode_dev_exit(void) + /* fake device for request_firmware */ + static struct platform_device *microcode_pdev; + ++/* ++ * Late loading dance. Why the heavy-handed stomp_machine effort? ++ * ++ * - HT siblings must be idle and not execute other code while the other sibling ++ * is loading microcode in order to avoid any negative interactions caused by ++ * the loading. ++ * ++ * - In addition, microcode update on the cores must be serialized until this ++ * requirement can be relaxed in the future. Right now, this is conservative ++ * and good. ++ */ ++#define SPINUNIT 100 /* 100 nsec */ ++ + static int check_online_cpus(void) + { + if (num_online_cpus() == num_present_cpus()) +@@ -496,23 +517,85 @@ static int check_online_cpus(void) + return -EINVAL; + } + +-static enum ucode_state reload_for_cpu(int cpu) ++static atomic_t late_cpus; ++ ++/* ++ * Returns: ++ * < 0 - on error ++ * 0 - no update done ++ * 1 - microcode was updated ++ */ ++static int __reload_late(void *info) + { +- struct ucode_cpu_info *uci = ucode_cpu_info + cpu; ++ unsigned int timeout = NSEC_PER_SEC; ++ int all_cpus = num_online_cpus(); ++ int cpu = smp_processor_id(); ++ enum ucode_state err; ++ int ret = 0; + +- if (!uci->valid) +- return UCODE_OK; ++ atomic_dec(&late_cpus); ++ ++ /* ++ * Wait for all CPUs to arrive. A load will not be attempted unless all ++ * CPUs show up. ++ * */ ++ while (atomic_read(&late_cpus)) { ++ if (timeout < SPINUNIT) { ++ pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", ++ atomic_read(&late_cpus)); ++ return -1; ++ } ++ ++ ndelay(SPINUNIT); ++ timeout -= SPINUNIT; ++ ++ touch_nmi_watchdog(); ++ } ++ ++ spin_lock(&update_lock); ++ apply_microcode_local(&err); ++ spin_unlock(&update_lock); ++ ++ if (err > UCODE_NFOUND) { ++ pr_warn("Error reloading microcode on CPU %d\n", cpu); ++ ret = -1; ++ } else if (err == UCODE_UPDATED) { ++ ret = 1; ++ } + +- return apply_microcode_on_target(cpu); ++ atomic_inc(&late_cpus); ++ ++ while (atomic_read(&late_cpus) != all_cpus) ++ cpu_relax(); ++ ++ return ret; ++} ++ ++/* ++ * Reload microcode late on all CPUs. Wait for a sec until they ++ * all gather together. ++ */ ++static int microcode_reload_late(void) ++{ ++ int ret; ++ ++ atomic_set(&late_cpus, num_online_cpus()); ++ ++ ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); ++ if (ret < 0) ++ return ret; ++ else if (ret > 0) ++ microcode_check(); ++ ++ return ret; + } + + static ssize_t reload_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t size) + { +- int cpu, bsp = boot_cpu_data.cpu_index; + enum ucode_state tmp_ret = UCODE_OK; +- bool do_callback = false; ++ int bsp = boot_cpu_data.cpu_index; + unsigned long val; + ssize_t ret = 0; + +@@ -534,30 +617,13 @@ static ssize_t reload_store(struct device *dev, + goto put; + + mutex_lock(µcode_mutex); +- +- for_each_online_cpu(cpu) { +- tmp_ret = reload_for_cpu(cpu); +- if (tmp_ret > UCODE_NFOUND) { +- pr_warn("Error reloading microcode on CPU %d\n", cpu); +- +- /* set retval for the first encountered reload error */ +- if (!ret) +- ret = -EINVAL; +- } +- +- if (tmp_ret == UCODE_UPDATED) +- do_callback = true; +- } +- +- if (!ret && do_callback) +- microcode_check(); +- ++ ret = microcode_reload_late(); + mutex_unlock(µcode_mutex); + + put: + put_online_cpus(); + +- if (!ret) ++ if (ret >= 0) + ret = size; + + return ret; +-- +cgit v1.1 + diff --git a/linux-kernel-patches/11-2613f36ed965d0e5a595a1d931fd3b480e82d6fd.patch b/linux-kernel-patches/11-2613f36ed965d0e5a595a1d931fd3b480e82d6fd.patch new file mode 100644 index 0000000..c9adfe2 --- /dev/null +++ b/linux-kernel-patches/11-2613f36ed965d0e5a595a1d931fd3b480e82d6fd.patch @@ -0,0 +1,154 @@ +From 2613f36ed965d0e5a595a1d931fd3b480e82d6fd Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 14 Mar 2018 19:36:14 +0100 +Subject: x86/microcode: Attempt late loading only when new microcode is + present + +Return UCODE_NEW from the scanning functions to denote that new microcode +was found and only then attempt the expensive synchronization dance. + +Reported-by: Emanuel Czirai +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Emanuel Czirai +Tested-by: Ashok Raj +Tested-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20180314183615.17629-1-bp@alien8.de +--- + arch/x86/include/asm/microcode.h | 1 + + arch/x86/kernel/cpu/microcode/amd.c | 34 +++++++++++++++++++++------------- + arch/x86/kernel/cpu/microcode/core.c | 8 +++----- + arch/x86/kernel/cpu/microcode/intel.c | 4 +++- + 4 files changed, 28 insertions(+), 19 deletions(-) + +diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h +index 7fb1047..6cf0e4c 100644 +--- a/arch/x86/include/asm/microcode.h ++++ b/arch/x86/include/asm/microcode.h +@@ -39,6 +39,7 @@ struct device; + + enum ucode_state { + UCODE_OK = 0, ++ UCODE_NEW, + UCODE_UPDATED, + UCODE_NFOUND, + UCODE_ERROR, +diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c +index a998e1a..4817992 100644 +--- a/arch/x86/kernel/cpu/microcode/amd.c ++++ b/arch/x86/kernel/cpu/microcode/amd.c +@@ -339,7 +339,7 @@ int __init save_microcode_in_initrd_amd(unsigned int cpuid_1_eax) + return -EINVAL; + + ret = load_microcode_amd(true, x86_family(cpuid_1_eax), desc.data, desc.size); +- if (ret != UCODE_OK) ++ if (ret > UCODE_UPDATED) + return -EINVAL; + + return 0; +@@ -683,27 +683,35 @@ static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, + static enum ucode_state + load_microcode_amd(bool save, u8 family, const u8 *data, size_t size) + { ++ struct ucode_patch *p; + enum ucode_state ret; + + /* free old equiv table */ + free_equiv_cpu_table(); + + ret = __load_microcode_amd(family, data, size); +- +- if (ret != UCODE_OK) ++ if (ret != UCODE_OK) { + cleanup(); ++ return ret; ++ } + +-#ifdef CONFIG_X86_32 +- /* save BSP's matching patch for early load */ +- if (save) { +- struct ucode_patch *p = find_patch(0); +- if (p) { +- memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); +- memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), +- PATCH_MAX_SIZE)); +- } ++ p = find_patch(0); ++ if (!p) { ++ return ret; ++ } else { ++ if (boot_cpu_data.microcode == p->patch_id) ++ return ret; ++ ++ ret = UCODE_NEW; + } +-#endif ++ ++ /* save BSP's matching patch for early load */ ++ if (!save) ++ return ret; ++ ++ memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); ++ memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE)); ++ + return ret; + } + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 70ecbc8..9f0fe5b 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -607,7 +607,7 @@ static ssize_t reload_store(struct device *dev, + return size; + + tmp_ret = microcode_ops->request_microcode_fw(bsp, µcode_pdev->dev, true); +- if (tmp_ret != UCODE_OK) ++ if (tmp_ret != UCODE_NEW) + return size; + + get_online_cpus(); +@@ -691,10 +691,8 @@ static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw) + if (system_state != SYSTEM_RUNNING) + return UCODE_NFOUND; + +- ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, +- refresh_fw); +- +- if (ustate == UCODE_OK) { ++ ustate = microcode_ops->request_microcode_fw(cpu, µcode_pdev->dev, refresh_fw); ++ if (ustate == UCODE_NEW) { + pr_debug("CPU%d updated upon init\n", cpu); + apply_microcode_on_target(cpu); + } +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 2aded9d..32b8e57 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -862,6 +862,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + unsigned int leftover = size; + unsigned int curr_mc_size = 0, new_mc_size = 0; + unsigned int csig, cpf; ++ enum ucode_state ret = UCODE_OK; + + while (leftover) { + struct microcode_header_intel mc_header; +@@ -903,6 +904,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + new_mc = mc; + new_mc_size = mc_size; + mc = NULL; /* trigger new vmalloc */ ++ ret = UCODE_NEW; + } + + ucode_ptr += mc_size; +@@ -932,7 +934,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n", + cpu, new_rev, uci->cpu_sig.rev); + +- return UCODE_OK; ++ return ret; + } + + static int get_ucode_fw(void *to, const void *from, size_t n) +-- +cgit v1.1 + diff --git a/linux-kernel-patches/12-bb8c13d61a629276a162c1d2b1a20a815cbcfbb7.patch b/linux-kernel-patches/12-bb8c13d61a629276a162c1d2b1a20a815cbcfbb7.patch new file mode 100644 index 0000000..7baa44a --- /dev/null +++ b/linux-kernel-patches/12-bb8c13d61a629276a162c1d2b1a20a815cbcfbb7.patch @@ -0,0 +1,163 @@ +From bb8c13d61a629276a162c1d2b1a20a815cbcfbb7 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Wed, 14 Mar 2018 19:36:15 +0100 +Subject: x86/microcode: Fix CPU synchronization routine + +Emanuel reported an issue with a hang during microcode update because my +dumb idea to use one atomic synchronization variable for both rendezvous +- before and after update - was simply bollocks: + + microcode: microcode_reload_late: late_cpus: 4 + microcode: __reload_late: cpu 2 entered + microcode: __reload_late: cpu 1 entered + microcode: __reload_late: cpu 3 entered + microcode: __reload_late: cpu 0 entered + microcode: __reload_late: cpu 1 left + microcode: Timeout while waiting for CPUs rendezvous, remaining: 1 + +CPU1 above would finish, leave and the others will still spin waiting for +it to join. + +So do two synchronization atomics instead, which makes the code a lot more +straightforward. + +Also, since the update is serialized and it also takes quite some time per +microcode engine, increase the exit timeout by the number of CPUs on the +system. + +That's ok because the moment all CPUs are done, that timeout will be cut +short. + +Furthermore, panic when some of the CPUs timeout when returning from a +microcode update: we can't allow a system with not all cores updated. + +Also, as an optimization, do not do the exit sync if microcode wasn't +updated. + +Reported-by: Emanuel Czirai +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Emanuel Czirai +Tested-by: Ashok Raj +Tested-by: Tom Lendacky +Link: https://lkml.kernel.org/r/20180314183615.17629-2-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 68 ++++++++++++++++++++++-------------- + 1 file changed, 41 insertions(+), 27 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 9f0fe5b..10c4fc2 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -517,7 +517,29 @@ static int check_online_cpus(void) + return -EINVAL; + } + +-static atomic_t late_cpus; ++static atomic_t late_cpus_in; ++static atomic_t late_cpus_out; ++ ++static int __wait_for_cpus(atomic_t *t, long long timeout) ++{ ++ int all_cpus = num_online_cpus(); ++ ++ atomic_inc(t); ++ ++ while (atomic_read(t) < all_cpus) { ++ if (timeout < SPINUNIT) { ++ pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", ++ all_cpus - atomic_read(t)); ++ return 1; ++ } ++ ++ ndelay(SPINUNIT); ++ timeout -= SPINUNIT; ++ ++ touch_nmi_watchdog(); ++ } ++ return 0; ++} + + /* + * Returns: +@@ -527,30 +549,16 @@ static atomic_t late_cpus; + */ + static int __reload_late(void *info) + { +- unsigned int timeout = NSEC_PER_SEC; +- int all_cpus = num_online_cpus(); + int cpu = smp_processor_id(); + enum ucode_state err; + int ret = 0; + +- atomic_dec(&late_cpus); +- + /* + * Wait for all CPUs to arrive. A load will not be attempted unless all + * CPUs show up. + * */ +- while (atomic_read(&late_cpus)) { +- if (timeout < SPINUNIT) { +- pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n", +- atomic_read(&late_cpus)); +- return -1; +- } +- +- ndelay(SPINUNIT); +- timeout -= SPINUNIT; +- +- touch_nmi_watchdog(); +- } ++ if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC)) ++ return -1; + + spin_lock(&update_lock); + apply_microcode_local(&err); +@@ -558,15 +566,22 @@ static int __reload_late(void *info) + + if (err > UCODE_NFOUND) { + pr_warn("Error reloading microcode on CPU %d\n", cpu); +- ret = -1; +- } else if (err == UCODE_UPDATED) { ++ return -1; ++ /* siblings return UCODE_OK because their engine got updated already */ ++ } else if (err == UCODE_UPDATED || err == UCODE_OK) { + ret = 1; ++ } else { ++ return ret; + } + +- atomic_inc(&late_cpus); +- +- while (atomic_read(&late_cpus) != all_cpus) +- cpu_relax(); ++ /* ++ * Increase the wait timeout to a safe value here since we're ++ * serializing the microcode update and that could take a while on a ++ * large number of CPUs. And that is fine as the *actual* timeout will ++ * be determined by the last CPU finished updating and thus cut short. ++ */ ++ if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC * num_online_cpus())) ++ panic("Timeout during microcode update!\n"); + + return ret; + } +@@ -579,12 +594,11 @@ static int microcode_reload_late(void) + { + int ret; + +- atomic_set(&late_cpus, num_online_cpus()); ++ atomic_set(&late_cpus_in, 0); ++ atomic_set(&late_cpus_out, 0); + + ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask); +- if (ret < 0) +- return ret; +- else if (ret > 0) ++ if (ret > 0) + microcode_check(); + + return ret; +-- +cgit v1.1 + diff --git a/linux-kernel-patches/13-09e182d17e8891dd73baba961a0f5a82e9274c97.patch b/linux-kernel-patches/13-09e182d17e8891dd73baba961a0f5a82e9274c97.patch new file mode 100644 index 0000000..54a90a5 --- /dev/null +++ b/linux-kernel-patches/13-09e182d17e8891dd73baba961a0f5a82e9274c97.patch @@ -0,0 +1,59 @@ +From 09e182d17e8891dd73baba961a0f5a82e9274c97 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Sat, 21 Apr 2018 10:19:30 +0200 +Subject: x86/microcode: Do not exit early from __reload_late() + +Vitezslav reported a case where the + + "Timeout during microcode update!" + +panic would hit. After a deeper look, it turned out that his .config had +CONFIG_HOTPLUG_CPU disabled which practically made save_mc_for_early() a +no-op. + +When that happened, the discovered microcode patch wasn't saved into the +cache and the late loading path wouldn't find any. + +This, then, lead to early exit from __reload_late() and thus CPUs waiting +until the timeout is reached, leading to the panic. + +In hindsight, that function should have been written so it does not return +before the post-synchronization. Oh well, I know better now... + +Fixes: bb8c13d61a62 ("x86/microcode: Fix CPU synchronization routine") +Reported-by: Vitezslav Samel +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Vitezslav Samel +Tested-by: Ashok Raj +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20180418081140.GA2439@pc11.op.pod.cz +Link: https://lkml.kernel.org/r/20180421081930.15741-2-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/core.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c +index 10c4fc2..77e2013 100644 +--- a/arch/x86/kernel/cpu/microcode/core.c ++++ b/arch/x86/kernel/cpu/microcode/core.c +@@ -564,14 +564,12 @@ static int __reload_late(void *info) + apply_microcode_local(&err); + spin_unlock(&update_lock); + ++ /* siblings return UCODE_OK because their engine got updated already */ + if (err > UCODE_NFOUND) { + pr_warn("Error reloading microcode on CPU %d\n", cpu); +- return -1; +- /* siblings return UCODE_OK because their engine got updated already */ ++ ret = -1; + } else if (err == UCODE_UPDATED || err == UCODE_OK) { + ret = 1; +- } else { +- return ret; + } + + /* +-- +cgit v1.1 + diff --git a/linux-kernel-patches/14-84749d83758af6576552046b215b9b7f37f9556b.patch b/linux-kernel-patches/14-84749d83758af6576552046b215b9b7f37f9556b.patch new file mode 100644 index 0000000..fb1074f --- /dev/null +++ b/linux-kernel-patches/14-84749d83758af6576552046b215b9b7f37f9556b.patch @@ -0,0 +1,48 @@ +From 84749d83758af6576552046b215b9b7f37f9556b Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Sat, 21 Apr 2018 10:19:29 +0200 +Subject: x86/microcode/intel: Save microcode patch unconditionally + +save_mc_for_early() was a no-op on !CONFIG_HOTPLUG_CPU but the +generic_load_microcode() path saves the microcode patches it has found into +the cache of patches which is used for late loading too. Regardless of +whether CPU hotplug is used or not. + +Make the saving unconditional so that late loading can find the proper +patch. + +Reported-by: Vitezslav Samel +Signed-off-by: Borislav Petkov +Signed-off-by: Thomas Gleixner +Tested-by: Vitezslav Samel +Tested-by: Ashok Raj +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20180418081140.GA2439@pc11.op.pod.cz +Link: https://lkml.kernel.org/r/20180421081930.15741-1-bp@alien8.de +--- + arch/x86/kernel/cpu/microcode/intel.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c +index 32b8e57..1c2cfa0 100644 +--- a/arch/x86/kernel/cpu/microcode/intel.c ++++ b/arch/x86/kernel/cpu/microcode/intel.c +@@ -485,7 +485,6 @@ static void show_saved_mc(void) + */ + static void save_mc_for_early(u8 *mc, unsigned int size) + { +-#ifdef CONFIG_HOTPLUG_CPU + /* Synchronization during CPU hotplug. */ + static DEFINE_MUTEX(x86_cpu_microcode_mutex); + +@@ -495,7 +494,6 @@ static void save_mc_for_early(u8 *mc, unsigned int size) + show_saved_mc(); + + mutex_unlock(&x86_cpu_microcode_mutex); +-#endif + } + + static bool load_builtin_intel_microcode(struct cpio_data *cp) +-- +cgit v1.1 + diff --git a/releasenote b/releasenote new file mode 100644 index 0000000..9b60007 --- /dev/null +++ b/releasenote @@ -0,0 +1,118 @@ +Intel Processor Microcode Package for Linux + +CPU microcode is a mechanism to correct certain errata in existing systems. +The normal preferred method to apply microcode updates is using the system +BIOS, but for a subset of Intel's processors this can be done at runtime +using the operating system. This package contains those processors that +support OS loading of microcode updates. + +The target user for this package are OS vendors such as Linux distributions +for inclusion in their OS releases. Intel recommends getting the microcode +using the OS vendor update mechanism. Expert users can of course update their +microcode directly outside the OS vendor mechanism. This method is complex and +thus could be error prone. + +Microcode is best loaded from the BIOS. Certain microcode must only be applied +from the BIOS. Such processor microcode updates are never packaged in this +package since they are not appropriate for OS distribution. An OEM may receive +microcode packages that might be a superset of what is contained in this +package. + +OS vendors may choose to also update microcode that kernel can consume for early +loading. For e.g. Linux can update processor microcode very early in the kernel +boot sequence. In situations when the BIOS update isn't available, early loading +is the next best alternative to updating processor microcode. Microcode states +are reset on a power reset, hence its required to be updated everytime during +boot process. + +Loading microcode using the initrd method is recommended so that the microcode +is loaded at the earliest time for best coverage. Systems that cannot tolerate +downtime may use the late reload method to update a running system without a +reboot. + +== About Processor Signature, Family, Model, Stepping and Platform ID == +Processor signature is a number identifying the model and version of a +Intel processor. It can be obtained using the CPUID instruction, and can +also be obtained via the command lscpu or from the content of /proc/cpuinfo. +It's usually presented as 3 fields: Family, Model and Stepping +(In the table of updates below, they are shorten as F, MO and S). + +The width of Family/Model/Stepping is 12/8/4bit, but when arranged in the +32bit processor signature raw data is like 0FFM0FMS, hexadecimal. +e.g. if a processor signature is 0x000906eb, it means +Family=0x006, Model=0x9e and Stepping=0xb + +A processor product can be implemented for multiple types of platforms, +So in MSR(17H), Intel processors have a 3bit Platform ID field, +that can specify a platform type from at most 8 types. +A microcode file for a specified processor model can support multiple +platforms, so the Platform ID of a microcode (shorten as PI in the table) +is a 8bit mask, each set bit indicates a platform type that it supports. +One can find the platform ID on Linux using rdmsr from msr-tools. + +== Microcode update instructions == +-- intel-ucode/ -- +intel-ucode directory contains binary microcode files named in +family-model-stepping pattern. The file is supported in most modern Linux +distributions. It's generally located in the /lib/firmware directory, +and can be updated through the microcode reload interface. + +To update early loading initrd, consult your distribution on how to package +microcode files for early loading. Some distros use update-initramfs or dracut. +As recommended above, please use the OS vendors are recommended method to ensure +microcode file is updated for early loading before attempting the late-load +procedure below. + +To update the intel-ucode package to the system, one need: +1. Ensure the existence of /sys/devices/system/cpu/microcode/reload +2. Copy intel-ucode directory to /lib/firmware, overwrite the files in +/lib/firmware/intel-ucode/ +3. Write the reload interface to 1 to reload the microcode files, e.g. + echo 1 > /sys/devices/system/cpu/microcode/reload + +If you are using the OS vendor method to update microcode, the above steps may +have been done automatically during the update process. + +-- intel-ucode-with-caveats/ -- +This directory holds microcode that might need special handling. +BDX-ML microcode is provided in directory, because it need special commits in +the Linux kernel, otherwise, updating it might result in unexpected system +behavior. +OS vendors must ensure that the late loader patches (provided in +linux-kernel-patches\) are included in the distribution before packaging the +BDX-ML microcode for late-loading. + +== 20200609 Release == +-- Updates upon 20200520 release -- +Processor Identifier Version Products +Model Stepping F-MO-S/PI Old->New +---- new platforms ---------------------------------------- + +---- updated platforms ------------------------------------ +HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 +BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 +HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 +HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 +BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 +SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile +SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile +SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable +SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable +SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx +CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 +CLX-SP B1 6-55-7/bf 0500002c->05002f01 Xeon Scalable Gen2 +SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 +AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile +KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile +CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile +WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile +AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile +CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile +WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile +KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 +CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E +CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 +CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 +CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile + +---- removed platforms ------------------------------------ diff --git a/security.md b/security.md new file mode 100644 index 0000000..3193a4d --- /dev/null +++ b/security.md @@ -0,0 +1,39 @@ +# Security Policy + +## Report a Vulnerability + +If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to [secure@intel.com](mailto:secure@intel.com). Encrypt sensitive information using our [PGP public key](https://www.intel.com/content/www/us/en/security-center/pgp-public-key.html). + +Please provide as much information as possible, including: + +- The products and versions affected +- Detailed description of the vulnerability +- Information on known exploits + +A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see: + +- [Vulnerability handling guidelines](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html) + +For issues related to Intel's external web presence (Intel.com and related subdomains), please contact [Intel's External Security Research team](mailto:external.security.research@intel.com). + +## Intel's Bug Bounty Program + +Intel Corporation believes that working with skilled security researchers across the globe is a crucial part of identifying and mitigating security vulnerabilities in Intel products. + +Like other major technology companies, Intel incentivizes security researchers to report security vulnerabilities in Intel products to us to enable a coordinated response. To encourage closer collaboration with the security research community on these kinds of issues, Intel created its Bug Bounty Program. + +If you believe you've found a security vulnerability in an Intel product or technology, we encourage you to notify us through our program and work with us to mitigate and to coordinate disclosure of the vulnerability. + +[Read full details.](https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html) + +## Need product support? + +The [secure@intel.com](mailto:secure@intel.com) e-mail address should only be used for reporting security issues. + +If you... + +- Have questions about the security features of an Intel product +- Require technical support +- Want product updates or patches + +Please visit [Support & Downloads](https://www.intel.com/content/www/us/en/support.html).