WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: [PATCH 0/2] x86/microcode: support for microcode update

from [Borislav Petkov] [Permanent Link][Original]
To: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Subject: [Xen-devel] Re: [PATCH 0/2] x86/microcode: support for microcode update in Xen dom0
From: Borislav Petkov <bp@xxxxxxxxx>
Date: Sun, 30 Jan 2011 12:33:56 +0100
Cc: Xen Devel <Xen-devel@xxxxxxxxxxxxxxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Jeremy Fitzhardinge <jeremy.fitzhardinge@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxx>
Delivery-date: Sun, 30 Jan 2011 18:04:26 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alien8.de; s=alien8; t=1296387240; bh=J08fjbT3zvUDPHLJ6N5ujwRtKJFOJ74ZjyDWDt4KLDU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=XDTkCHJjHHGbmvepCHwhQ9zCdcLmv/2vpIJsg7 dzSWk6UgmXs/ZM0/isvCJH/wPKcqRIYW7QN4dUiZGxwsowwLrPyC+DMf89gwNPvpsdD 6F2A8Wjf9cf79pqknfWB/z6+Be5Ie3PRfjrOPs459yMbRms9aDGIItZWlVCHKoneDE=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alien8.de; s=alien8; t=1296387240; bh=J08fjbT3zvUDPHLJ6N5ujwRtKJFOJ74ZjyDWDt4KLDU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=XDTkCHJjHHGbmvepCHwhQ9zCdcLmv/2vpIJsg7 dzSWk6UgmXs/ZM0/isvCJH/wPKcqRIYW7QN4dUiZGxwsowwLrPyC+DMf89gwNPvpsdD 6F2A8Wjf9cf79pqknfWB/z6+Be5Ie3PRfjrOPs459yMbRms9aDGIItZWlVCHKoneDE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <cover.1296259339.git.jeremy.fitzhardinge@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: Borislav Petkov <bp@xxxxxxxxx>, Jeremy Fitzhardinge <jeremy@xxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Xen Devel <Xen-devel@xxxxxxxxxxxxxxxxxxx>, Jeremy Fitzhardinge <jeremy.fitzhardinge@xxxxxxxxxx>
References: <cover.1296259339.git.jeremy.fitzhardinge@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14) 
On Fri, Jan 28, 2011 at 04:26:52PM -0800, Jeremy Fitzhardinge wrote:
> From: Jeremy Fitzhardinge <jeremy.fitzhardinge@xxxxxxxxxx>
> 
> Hi all,
> 
> I'm proposing this for 2.6.39.
> 
> This series adds a new "Xen" microcode update type, in addition to
> Intel and AMD.
> 
> The Xen hypervisor is responsible for performing the actual microcode
> update (since only it knows what physical CPUs are in the system and
> has sufficient privilege to access them), but it requires the dom0
> kernel to provide the actual microcode update data.
> 
> Xen update mechanism is uniform independent of the CPU type, but the
> driver must know where to find the data file, which depends on the CPU
> type.  And since the update hypercall updates all CPUs, we only need
> to execute it once on any CPU - but for simplicity it just runs it only
> on (V)CPU 0.

I don't like this for several reasons:

- ucode should be loaded as early as possible and the perfect place
for that should be the hypervisor and not the dom0 kernel. But I'm not
that familiar with xen design and I guess it would be pretty hard to
do. (Btw, x86 bare metal could also try to improve the situation there
but that's also hard due to the design of the firmware loader (needs
userspace)).

- you're adding a microcode_xen.c as if this is another hw vendor and
you're figuring out which is the proper firmware image based on the
vendor, then you load it and then do the hypercall. This is duplicating
code and inviting future bugs. Everytime the hw vendors decide to change
something to their fw loading mechanism, xen needs to be updated. Also,
you don't do any sanity checks to the ucode image as the vendor code
does which is inacceptable.

What it should do instead, is call into the hw vendor-specific ucode
loading mechanism and do all the image loading/verification there. The
only thing you'd need to supply is a xen-specific ->apply_microcode()
doing the hypercall _after_ the ucode image has been verified and is
good to go. I'm guessing the XENPF_microcode_update does call into the
hypervisor and calls a xen-specific ucode update mechanism based on the
vendor instead of using the vendor-supplied code...

Thanks.

-- 
Regards/Gruss,
    Boris.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: libxc: maintain a small, per-handle, cache of hypercall buffer memory (Was: Re: [Xen-devel] Xen 4.1 rc1 test report), Haitao Shan
Next by Date:  [Xen-devel] Re: [PATCH 0/2] x86/microcode: support for microcode update in Xen dom0, Jeremy Fitzhardinge
Previous by Thread:  [Xen-devel] [PATCH 2/2] xen: add CPU microcode update driver, Jeremy Fitzhardinge
Next by Thread:  [Xen-devel] Re: [PATCH 0/2] x86/microcode: support for microcode update in Xen dom0, Jeremy Fitzhardinge
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy