Linux 6.7 Overhauls x86 CPU Microcode Loading
Recently there has been a fair amount of work done to clean-up the Intel/AMD x86 CPU microcode loading (also used by x86_64 CPUs) on Linux that has now been merged for Linux 6.7.
With CPU microcode loading at boot time continuing to be very important in the name of mitigating a continued flow of new CPU security vulnerabilities as well as addressing functionality issues at times, Thomas Gleixner recently took to cleaning up the x86 CPU microcode loading functionality and making various improvements along the way.
Some of the x86 microcode loading improvements in Linux 6.7 include not loading microcode on 32-bit before paging has been enabled to avoid a variety of issues, reworked late-loading of CPU microcode, late-loading microcode is now CPU hotplug safe, and the notion of a minimum microcode revision for determining when late microcode loading is deemed safe.
The x86/microcode highlights are summed up as:
These improvements are merged for Linux 6.7.
With CPU microcode loading at boot time continuing to be very important in the name of mitigating a continued flow of new CPU security vulnerabilities as well as addressing functionality issues at times, Thomas Gleixner recently took to cleaning up the x86 CPU microcode loading functionality and making various improvements along the way.
Some of the x86 microcode loading improvements in Linux 6.7 include not loading microcode on 32-bit before paging has been enabled to avoid a variety of issues, reworked late-loading of CPU microcode, late-loading microcode is now CPU hotplug safe, and the notion of a minimum microcode revision for determining when late microcode loading is deemed safe.
The x86/microcode highlights are summed up as:
- Restructure the code needed for it and add a temporary initrd mapping on 32-bit so that the loader can access the microcode blobs. This in itself is a preparation for the next major improvement:
- Do not load microcode on 32-bit before paging has been enabled. Handling this has caused an endless stream of headaches, issues, ugly code and unnecessary hacks in the past. And there really wasn't any sensible reason to do that in the first place. So switch the 32-bit loading to happen after paging has been enabled and turn the loader code "real purrty" again
- Drop mixed microcode steppings loading on Intel - there, a single patch loaded on the whole system is sufficient
- Rework late loading to track which CPUs have updated microcode successfully and which haven't, act accordingly
- Move late microcode loading on Intel in NMI context in order to guarantee concurrent loading on all threads
- Make the late loading CPU-hotplug-safe and have the offlined threads be woken up for the purpose of the update
- Add support for a minimum revision which determines whether late microcode loading is safe on a machine and the microcode does not change software visible features which the machine cannot use anyway since feature detection has happened already. Roughly, the minimum revision is the smallest revision number which must be loaded currently on the system so that late updates can be allowed
- Other nice cleanups, fixes, etc all over the place
These improvements are merged for Linux 6.7.
6 Comments