1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AMD CPU Microcode Update Driver for Linux 4 * 5 * This driver allows to upgrade microcode on F10h AMD 6 * CPUs and later. 7 * 8 * Copyright (C) 2008-2011 Advanced Micro Devices Inc. 9 * 2013-2018 Borislav Petkov <bp@alien8.de> 10 * 11 * Author: Peter Oruba <peter.oruba@amd.com> 12 * 13 * Based on work by: 14 * Tigran Aivazian <aivazian.tigran@gmail.com> 15 * 16 * early loader: 17 * Copyright (C) 2013 Advanced Micro Devices, Inc. 18 * 19 * Author: Jacob Shin <jacob.shin@amd.com> 20 * Fixes: Borislav Petkov <bp@suse.de> 21 */ 22 #define pr_fmt(fmt) "microcode: " fmt 23 24 #include <linux/earlycpio.h> 25 #include <linux/firmware.h> 26 #include <linux/bsearch.h> 27 #include <linux/uaccess.h> 28 #include <linux/vmalloc.h> 29 #include <linux/initrd.h> 30 #include <linux/kernel.h> 31 #include <linux/pci.h> 32 33 #include <crypto/sha2.h> 34 35 #include <asm/microcode.h> 36 #include <asm/processor.h> 37 #include <asm/cpuid/api.h> 38 #include <asm/cmdline.h> 39 #include <asm/setup.h> 40 #include <asm/cpu.h> 41 #include <asm/msr.h> 42 #include <asm/tlb.h> 43 44 #include "internal.h" 45 46 struct ucode_patch { 47 struct list_head plist; 48 void *data; 49 unsigned int size; 50 u32 patch_id; 51 u16 equiv_cpu; 52 }; 53 54 static LIST_HEAD(microcode_cache); 55 56 #define UCODE_MAGIC 0x00414d44 57 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000 58 #define UCODE_UCODE_TYPE 0x00000001 59 60 #define SECTION_HDR_SIZE 8 61 #define CONTAINER_HDR_SZ 12 62 63 struct equiv_cpu_entry { 64 u32 installed_cpu; 65 u32 fixed_errata_mask; 66 u32 fixed_errata_compare; 67 u16 equiv_cpu; 68 u16 res; 69 } __packed; 70 71 struct microcode_header_amd { 72 u32 data_code; 73 u32 patch_id; 74 u16 mc_patch_data_id; 75 u8 mc_patch_data_len; 76 u8 init_flag; 77 u32 mc_patch_data_checksum; 78 u32 nb_dev_id; 79 u32 sb_dev_id; 80 u16 processor_rev_id; 81 u8 nb_rev_id; 82 u8 sb_rev_id; 83 u8 bios_api_rev; 84 u8 reserved1[3]; 85 u32 match_reg[8]; 86 } __packed; 87 88 struct microcode_amd { 89 struct microcode_header_amd hdr; 90 unsigned int mpb[]; 91 }; 92 93 static struct equiv_cpu_table { 94 unsigned int num_entries; 95 struct equiv_cpu_entry *entry; 96 } equiv_table; 97 98 union zen_patch_rev { 99 struct { 100 __u32 rev : 8, 101 stepping : 4, 102 model : 4, 103 __reserved : 4, 104 ext_model : 4, 105 ext_fam : 8; 106 }; 107 __u32 ucode_rev; 108 }; 109 110 union cpuid_1_eax { 111 struct { 112 __u32 stepping : 4, 113 model : 4, 114 family : 4, 115 __reserved0 : 4, 116 ext_model : 4, 117 ext_fam : 8, 118 __reserved1 : 4; 119 }; 120 __u32 full; 121 }; 122 123 /* 124 * This points to the current valid container of microcode patches which we will 125 * save from the initrd/builtin before jettisoning its contents. @mc is the 126 * microcode patch we found to match. 127 */ 128 struct cont_desc { 129 struct microcode_amd *mc; 130 u32 psize; 131 u8 *data; 132 size_t size; 133 }; 134 135 /* 136 * Microcode patch container file is prepended to the initrd in cpio 137 * format. See Documentation/arch/x86/microcode.rst 138 */ 139 static const char 140 ucode_path[] __maybe_unused = "kernel/x86/microcode/AuthenticAMD.bin"; 141 142 /* 143 * This is CPUID(1).EAX on the BSP. It is used in two ways: 144 * 145 * 1. To ignore the equivalence table on Zen1 and newer. 146 * 147 * 2. To match which patches to load because the patch revision ID 148 * already contains the f/m/s for which the microcode is destined 149 * for. 150 */ 151 static u32 bsp_cpuid_1_eax __ro_after_init; 152 153 static bool sha_check = true; 154 155 struct patch_digest { 156 u32 patch_id; 157 u8 sha256[SHA256_DIGEST_SIZE]; 158 }; 159 160 #include "amd_shas.c" 161 162 static int cmp_id(const void *key, const void *elem) 163 { 164 struct patch_digest *pd = (struct patch_digest *)elem; 165 u32 patch_id = *(u32 *)key; 166 167 if (patch_id == pd->patch_id) 168 return 0; 169 else if (patch_id < pd->patch_id) 170 return -1; 171 else 172 return 1; 173 } 174 175 static u32 cpuid_to_ucode_rev(unsigned int val) 176 { 177 union zen_patch_rev p = {}; 178 union cpuid_1_eax c; 179 180 c.full = val; 181 182 p.stepping = c.stepping; 183 p.model = c.model; 184 p.ext_model = c.ext_model; 185 p.ext_fam = c.ext_fam; 186 187 return p.ucode_rev; 188 } 189 190 static u32 get_cutoff_revision(u32 rev) 191 { 192 switch (rev >> 8) { 193 case 0x80012: return 0x8001277; break; 194 case 0x80082: return 0x800820f; break; 195 case 0x83010: return 0x830107c; break; 196 case 0x86001: return 0x860010e; break; 197 case 0x86081: return 0x8608108; break; 198 case 0x87010: return 0x8701034; break; 199 case 0x8a000: return 0x8a0000a; break; 200 case 0xa0010: return 0xa00107a; break; 201 case 0xa0011: return 0xa0011da; break; 202 case 0xa0012: return 0xa001243; break; 203 case 0xa0082: return 0xa00820e; break; 204 case 0xa1011: return 0xa101153; break; 205 case 0xa1012: return 0xa10124e; break; 206 case 0xa1081: return 0xa108109; break; 207 case 0xa2010: return 0xa20102f; break; 208 case 0xa2012: return 0xa201212; break; 209 case 0xa4041: return 0xa404109; break; 210 case 0xa5000: return 0xa500013; break; 211 case 0xa6012: return 0xa60120a; break; 212 case 0xa7041: return 0xa704109; break; 213 case 0xa7052: return 0xa705208; break; 214 case 0xa7080: return 0xa708009; break; 215 case 0xa70c0: return 0xa70C009; break; 216 case 0xaa001: return 0xaa00116; break; 217 case 0xaa002: return 0xaa00218; break; 218 case 0xb0021: return 0xb002146; break; 219 case 0xb0081: return 0xb008111; break; 220 case 0xb1010: return 0xb101046; break; 221 case 0xb2040: return 0xb204031; break; 222 case 0xb4040: return 0xb404031; break; 223 case 0xb4041: return 0xb404101; break; 224 case 0xb6000: return 0xb600031; break; 225 case 0xb6080: return 0xb608031; break; 226 case 0xb7000: return 0xb700031; break; 227 default: break; 228 229 } 230 return 0; 231 } 232 233 static bool need_sha_check(u32 cur_rev) 234 { 235 u32 cutoff; 236 237 cutoff = get_cutoff_revision(cur_rev); 238 if (cutoff) 239 return cur_rev <= cutoff; 240 241 pr_info("You should not be seeing this. Please send the following couple of lines to x86-<at>-kernel.org\n"); 242 pr_info("CPUID(1).EAX: 0x%x, current revision: 0x%x\n", bsp_cpuid_1_eax, cur_rev); 243 return true; 244 } 245 246 static bool cpu_has_entrysign(void) 247 { 248 unsigned int fam = x86_family(bsp_cpuid_1_eax); 249 unsigned int model = x86_model(bsp_cpuid_1_eax); 250 251 if (fam == 0x17 || fam == 0x19) 252 return true; 253 254 if (fam == 0x1a) { 255 if (model <= 0x2f || 256 (0x40 <= model && model <= 0x4f) || 257 (0x60 <= model && model <= 0x7f)) 258 return true; 259 } 260 261 return false; 262 } 263 264 static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsigned int len) 265 { 266 struct patch_digest *pd = NULL; 267 u8 digest[SHA256_DIGEST_SIZE]; 268 int i; 269 270 if (!cpu_has_entrysign()) 271 return true; 272 273 if (!need_sha_check(cur_rev)) 274 return true; 275 276 if (!sha_check) 277 return true; 278 279 pd = bsearch(&patch_id, phashes, ARRAY_SIZE(phashes), sizeof(struct patch_digest), cmp_id); 280 if (!pd) { 281 pr_err("No sha256 digest for patch ID: 0x%x found\n", patch_id); 282 return false; 283 } 284 285 sha256(data, len, digest); 286 287 if (memcmp(digest, pd->sha256, sizeof(digest))) { 288 pr_err("Patch 0x%x SHA256 digest mismatch!\n", patch_id); 289 290 for (i = 0; i < SHA256_DIGEST_SIZE; i++) 291 pr_cont("0x%x ", digest[i]); 292 pr_info("\n"); 293 294 return false; 295 } 296 297 return true; 298 } 299 300 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val) 301 { 302 union zen_patch_rev p; 303 union cpuid_1_eax c; 304 305 p.ucode_rev = val; 306 c.full = 0; 307 308 c.stepping = p.stepping; 309 c.model = p.model; 310 c.ext_model = p.ext_model; 311 c.family = 0xf; 312 c.ext_fam = p.ext_fam; 313 314 return c; 315 } 316 317 static u32 get_patch_level(void) 318 { 319 u32 rev, dummy __always_unused; 320 321 if (IS_ENABLED(CONFIG_MICROCODE_DBG) && x86_hypervisor_present) { 322 int cpu = smp_processor_id(); 323 324 if (!microcode_rev[cpu]) { 325 if (!base_rev) 326 base_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax); 327 328 microcode_rev[cpu] = base_rev; 329 330 ucode_dbg("CPU%d, base_rev: 0x%x\n", cpu, base_rev); 331 } 332 333 return microcode_rev[cpu]; 334 } 335 336 native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy); 337 if (!rev) { 338 if (x86_family(bsp_cpuid_1_eax) < 0x17) 339 return rev; 340 341 rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax); 342 pr_info_once("No current revision, generating the lowest one: 0x%x\n", rev); 343 } 344 345 return rev; 346 } 347 348 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig) 349 { 350 unsigned int i; 351 352 /* Zen and newer do not need an equivalence table. */ 353 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 354 return 0; 355 356 if (!et || !et->num_entries) 357 return 0; 358 359 for (i = 0; i < et->num_entries; i++) { 360 struct equiv_cpu_entry *e = &et->entry[i]; 361 362 if (sig == e->installed_cpu) 363 return e->equiv_cpu; 364 } 365 return 0; 366 } 367 368 /* 369 * Check whether there is a valid microcode container file at the beginning 370 * of @buf of size @buf_size. 371 */ 372 static bool verify_container(const u8 *buf, size_t buf_size) 373 { 374 u32 cont_magic; 375 376 if (buf_size <= CONTAINER_HDR_SZ) { 377 ucode_dbg("Truncated microcode container header.\n"); 378 return false; 379 } 380 381 cont_magic = *(const u32 *)buf; 382 if (cont_magic != UCODE_MAGIC) { 383 ucode_dbg("Invalid magic value (0x%08x).\n", cont_magic); 384 return false; 385 } 386 387 return true; 388 } 389 390 /* 391 * Check whether there is a valid, non-truncated CPU equivalence table at the 392 * beginning of @buf of size @buf_size. 393 */ 394 static bool verify_equivalence_table(const u8 *buf, size_t buf_size) 395 { 396 const u32 *hdr = (const u32 *)buf; 397 u32 cont_type, equiv_tbl_len; 398 399 if (!verify_container(buf, buf_size)) 400 return false; 401 402 /* Zen and newer do not need an equivalence table. */ 403 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 404 return true; 405 406 cont_type = hdr[1]; 407 if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) { 408 ucode_dbg("Wrong microcode container equivalence table type: %u.\n", 409 cont_type); 410 return false; 411 } 412 413 buf_size -= CONTAINER_HDR_SZ; 414 415 equiv_tbl_len = hdr[2]; 416 if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) || 417 buf_size < equiv_tbl_len) { 418 ucode_dbg("Truncated equivalence table.\n"); 419 return false; 420 } 421 422 return true; 423 } 424 425 /* 426 * Check whether there is a valid, non-truncated microcode patch section at the 427 * beginning of @buf of size @buf_size. 428 * 429 * On success, @sh_psize returns the patch size according to the section header, 430 * to the caller. 431 */ 432 static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize) 433 { 434 u32 p_type, p_size; 435 const u32 *hdr; 436 437 if (buf_size < SECTION_HDR_SIZE) { 438 ucode_dbg("Truncated patch section.\n"); 439 return false; 440 } 441 442 hdr = (const u32 *)buf; 443 p_type = hdr[0]; 444 p_size = hdr[1]; 445 446 if (p_type != UCODE_UCODE_TYPE) { 447 ucode_dbg("Invalid type field (0x%x) in container file section header.\n", 448 p_type); 449 return false; 450 } 451 452 if (p_size < sizeof(struct microcode_header_amd)) { 453 ucode_dbg("Patch of size %u too short.\n", p_size); 454 return false; 455 } 456 457 *sh_psize = p_size; 458 459 return true; 460 } 461 462 /* 463 * Check whether the passed remaining file @buf_size is large enough to contain 464 * a patch of the indicated @sh_psize (and also whether this size does not 465 * exceed the per-family maximum). @sh_psize is the size read from the section 466 * header. 467 */ 468 static bool __verify_patch_size(u32 sh_psize, size_t buf_size) 469 { 470 u8 family = x86_family(bsp_cpuid_1_eax); 471 u32 max_size; 472 473 if (family >= 0x15) 474 goto ret; 475 476 #define F1XH_MPB_MAX_SIZE 2048 477 #define F14H_MPB_MAX_SIZE 1824 478 479 switch (family) { 480 case 0x10 ... 0x12: 481 max_size = F1XH_MPB_MAX_SIZE; 482 break; 483 case 0x14: 484 max_size = F14H_MPB_MAX_SIZE; 485 break; 486 default: 487 WARN(1, "%s: WTF family: 0x%x\n", __func__, family); 488 return false; 489 } 490 491 if (sh_psize > max_size) 492 return false; 493 494 ret: 495 /* Working with the whole buffer so < is ok. */ 496 return sh_psize <= buf_size; 497 } 498 499 /* 500 * Verify the patch in @buf. 501 * 502 * Returns: 503 * negative: on error 504 * positive: patch is not for this family, skip it 505 * 0: success 506 */ 507 static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size) 508 { 509 u8 family = x86_family(bsp_cpuid_1_eax); 510 struct microcode_header_amd *mc_hdr; 511 u32 cur_rev, cutoff, patch_rev; 512 u32 sh_psize; 513 u16 proc_id; 514 u8 patch_fam; 515 516 if (!__verify_patch_section(buf, buf_size, &sh_psize)) 517 return -1; 518 519 /* 520 * The section header length is not included in this indicated size 521 * but is present in the leftover file length so we need to subtract 522 * it before passing this value to the function below. 523 */ 524 buf_size -= SECTION_HDR_SIZE; 525 526 /* 527 * Check if the remaining buffer is big enough to contain a patch of 528 * size sh_psize, as the section claims. 529 */ 530 if (buf_size < sh_psize) { 531 ucode_dbg("Patch of size %u truncated.\n", sh_psize); 532 return -1; 533 } 534 535 if (!__verify_patch_size(sh_psize, buf_size)) { 536 ucode_dbg("Per-family patch size mismatch.\n"); 537 return -1; 538 } 539 540 *patch_size = sh_psize; 541 542 mc_hdr = (struct microcode_header_amd *)(buf + SECTION_HDR_SIZE); 543 if (mc_hdr->nb_dev_id || mc_hdr->sb_dev_id) { 544 pr_err("Patch-ID 0x%08x: chipset-specific code unsupported.\n", mc_hdr->patch_id); 545 return -1; 546 } 547 548 proc_id = mc_hdr->processor_rev_id; 549 patch_fam = 0xf + (proc_id >> 12); 550 551 if (patch_fam != family) 552 return 1; 553 554 cur_rev = get_patch_level(); 555 556 /* No cutoff revision means old/unaffected by signing algorithm weakness => matches */ 557 cutoff = get_cutoff_revision(cur_rev); 558 if (!cutoff) 559 goto ok; 560 561 patch_rev = mc_hdr->patch_id; 562 563 ucode_dbg("cur_rev: 0x%x, cutoff: 0x%x, patch_rev: 0x%x\n", 564 cur_rev, cutoff, patch_rev); 565 566 if (cur_rev <= cutoff && patch_rev <= cutoff) 567 goto ok; 568 569 if (cur_rev > cutoff && patch_rev > cutoff) 570 goto ok; 571 572 return 1; 573 574 ok: 575 ucode_dbg("Patch-ID 0x%08x: family: 0x%x\n", mc_hdr->patch_id, patch_fam); 576 577 return 0; 578 } 579 580 static bool mc_patch_matches(struct microcode_amd *mc, u16 eq_id) 581 { 582 /* Zen and newer do not need an equivalence table. */ 583 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 584 return ucode_rev_to_cpuid(mc->hdr.patch_id).full == bsp_cpuid_1_eax; 585 else 586 return eq_id == mc->hdr.processor_rev_id; 587 } 588 589 /* 590 * This scans the ucode blob for the proper container as we can have multiple 591 * containers glued together. 592 * 593 * Returns the amount of bytes consumed while scanning. @desc contains all the 594 * data we're going to use in later stages of the application. 595 */ 596 static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc) 597 { 598 struct equiv_cpu_table table; 599 size_t orig_size = size; 600 u32 *hdr = (u32 *)ucode; 601 u16 eq_id; 602 u8 *buf; 603 604 if (!verify_equivalence_table(ucode, size)) 605 return 0; 606 607 buf = ucode; 608 609 table.entry = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ); 610 table.num_entries = hdr[2] / sizeof(struct equiv_cpu_entry); 611 612 /* 613 * Find the equivalence ID of our CPU in this table. Even if this table 614 * doesn't contain a patch for the CPU, scan through the whole container 615 * so that it can be skipped in case there are other containers appended. 616 */ 617 eq_id = find_equiv_id(&table, bsp_cpuid_1_eax); 618 619 buf += hdr[2] + CONTAINER_HDR_SZ; 620 size -= hdr[2] + CONTAINER_HDR_SZ; 621 622 /* 623 * Scan through the rest of the container to find where it ends. We do 624 * some basic sanity-checking too. 625 */ 626 while (size > 0) { 627 struct microcode_amd *mc; 628 u32 patch_size; 629 int ret; 630 631 ret = verify_patch(buf, size, &patch_size); 632 if (ret < 0) { 633 /* 634 * Patch verification failed, skip to the next container, if 635 * there is one. Before exit, check whether that container has 636 * found a patch already. If so, use it. 637 */ 638 goto out; 639 } else if (ret > 0) { 640 goto skip; 641 } 642 643 mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE); 644 645 if (mc_patch_matches(mc, eq_id)) { 646 desc->psize = patch_size; 647 desc->mc = mc; 648 649 ucode_dbg(" match: size: %d\n", patch_size); 650 } 651 652 skip: 653 /* Skip patch section header too: */ 654 buf += patch_size + SECTION_HDR_SIZE; 655 size -= patch_size + SECTION_HDR_SIZE; 656 } 657 658 out: 659 /* 660 * If we have found a patch (desc->mc), it means we're looking at the 661 * container which has a patch for this CPU so return 0 to mean, @ucode 662 * already points to the proper container. Otherwise, we return the size 663 * we scanned so that we can advance to the next container in the 664 * buffer. 665 */ 666 if (desc->mc) { 667 desc->data = ucode; 668 desc->size = orig_size - size; 669 670 return 0; 671 } 672 673 return orig_size - size; 674 } 675 676 /* 677 * Scan the ucode blob for the proper container as we can have multiple 678 * containers glued together. 679 */ 680 static void scan_containers(u8 *ucode, size_t size, struct cont_desc *desc) 681 { 682 while (size) { 683 size_t s = parse_container(ucode, size, desc); 684 if (!s) 685 return; 686 687 /* catch wraparound */ 688 if (size >= s) { 689 ucode += s; 690 size -= s; 691 } else { 692 return; 693 } 694 } 695 } 696 697 static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev, 698 unsigned int psize) 699 { 700 unsigned long p_addr = (unsigned long)&mc->hdr.data_code; 701 702 if (!verify_sha256_digest(mc->hdr.patch_id, *cur_rev, (const u8 *)p_addr, psize)) 703 return false; 704 705 native_wrmsrq(MSR_AMD64_PATCH_LOADER, p_addr); 706 707 if (x86_family(bsp_cpuid_1_eax) == 0x17) { 708 unsigned long p_addr_end = p_addr + psize - 1; 709 710 invlpg(p_addr); 711 712 /* 713 * Flush next page too if patch image is crossing a page 714 * boundary. 715 */ 716 if (p_addr >> PAGE_SHIFT != p_addr_end >> PAGE_SHIFT) 717 invlpg(p_addr_end); 718 } 719 720 if (IS_ENABLED(CONFIG_MICROCODE_DBG) && x86_hypervisor_present) 721 microcode_rev[smp_processor_id()] = mc->hdr.patch_id; 722 723 /* verify patch application was successful */ 724 *cur_rev = get_patch_level(); 725 726 ucode_dbg("updated rev: 0x%x\n", *cur_rev); 727 728 if (*cur_rev != mc->hdr.patch_id) 729 return false; 730 731 return true; 732 } 733 734 static bool get_builtin_microcode(struct cpio_data *cp) 735 { 736 char fw_name[36] = "amd-ucode/microcode_amd.bin"; 737 u8 family = x86_family(bsp_cpuid_1_eax); 738 struct firmware fw; 739 740 if (IS_ENABLED(CONFIG_X86_32)) 741 return false; 742 743 if (family >= 0x15) 744 snprintf(fw_name, sizeof(fw_name), 745 "amd-ucode/microcode_amd_fam%02hhxh.bin", family); 746 747 if (firmware_request_builtin(&fw, fw_name)) { 748 cp->size = fw.size; 749 cp->data = (void *)fw.data; 750 return true; 751 } 752 753 return false; 754 } 755 756 static bool __init find_blobs_in_containers(struct cpio_data *ret) 757 { 758 struct cpio_data cp; 759 bool found; 760 761 if (!get_builtin_microcode(&cp)) 762 cp = find_microcode_in_initrd(ucode_path); 763 764 found = cp.data && cp.size; 765 if (found) 766 *ret = cp; 767 768 return found; 769 } 770 771 /* 772 * Early load occurs before we can vmalloc(). So we look for the microcode 773 * patch container file in initrd, traverse equivalent cpu table, look for a 774 * matching microcode patch, and update, all in initrd memory in place. 775 * When vmalloc() is available for use later -- on 64-bit during first AP load, 776 * and on 32-bit during save_microcode_in_initrd() -- we can call 777 * load_microcode_amd() to save equivalent cpu table and microcode patches in 778 * kernel heap memory. 779 */ 780 void __init load_ucode_amd_bsp(struct early_load_data *ed, unsigned int cpuid_1_eax) 781 { 782 struct cont_desc desc = { }; 783 struct microcode_amd *mc; 784 struct cpio_data cp = { }; 785 char buf[4]; 786 u32 rev; 787 788 if (cmdline_find_option(boot_command_line, "microcode.amd_sha_check", buf, 4)) { 789 if (!strncmp(buf, "off", 3)) { 790 sha_check = false; 791 pr_warn_once("It is a very very bad idea to disable the blobs SHA check!\n"); 792 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 793 } 794 } 795 796 bsp_cpuid_1_eax = cpuid_1_eax; 797 798 rev = get_patch_level(); 799 ed->old_rev = rev; 800 801 /* Needed in load_microcode_amd() */ 802 ucode_cpu_info[0].cpu_sig.sig = cpuid_1_eax; 803 804 if (!find_blobs_in_containers(&cp)) 805 return; 806 807 scan_containers(cp.data, cp.size, &desc); 808 809 mc = desc.mc; 810 if (!mc) 811 return; 812 813 /* 814 * Allow application of the same revision to pick up SMT-specific 815 * changes even if the revision of the other SMT thread is already 816 * up-to-date. 817 */ 818 if (ed->old_rev > mc->hdr.patch_id) 819 return; 820 821 if (__apply_microcode_amd(mc, &rev, desc.psize)) 822 ed->new_rev = rev; 823 } 824 825 static inline bool patch_cpus_equivalent(struct ucode_patch *p, 826 struct ucode_patch *n, 827 bool ignore_stepping) 828 { 829 /* Zen and newer hardcode the f/m/s in the patch ID */ 830 if (x86_family(bsp_cpuid_1_eax) >= 0x17) { 831 union cpuid_1_eax p_cid = ucode_rev_to_cpuid(p->patch_id); 832 union cpuid_1_eax n_cid = ucode_rev_to_cpuid(n->patch_id); 833 834 if (ignore_stepping) { 835 p_cid.stepping = 0; 836 n_cid.stepping = 0; 837 } 838 839 return p_cid.full == n_cid.full; 840 } else { 841 return p->equiv_cpu == n->equiv_cpu; 842 } 843 } 844 845 /* 846 * a small, trivial cache of per-family ucode patches 847 */ 848 static struct ucode_patch *cache_find_patch(struct ucode_cpu_info *uci, u16 equiv_cpu) 849 { 850 struct ucode_patch *p; 851 struct ucode_patch n; 852 853 n.equiv_cpu = equiv_cpu; 854 n.patch_id = uci->cpu_sig.rev; 855 856 list_for_each_entry(p, µcode_cache, plist) 857 if (patch_cpus_equivalent(p, &n, false)) 858 return p; 859 860 return NULL; 861 } 862 863 static inline int patch_newer(struct ucode_patch *p, struct ucode_patch *n) 864 { 865 /* Zen and newer hardcode the f/m/s in the patch ID */ 866 if (x86_family(bsp_cpuid_1_eax) >= 0x17) { 867 union zen_patch_rev zp, zn; 868 869 zp.ucode_rev = p->patch_id; 870 zn.ucode_rev = n->patch_id; 871 872 if (zn.stepping != zp.stepping) 873 return -1; 874 875 return zn.rev > zp.rev; 876 } else { 877 return n->patch_id > p->patch_id; 878 } 879 } 880 881 static void update_cache(struct ucode_patch *new_patch) 882 { 883 struct ucode_patch *p; 884 int ret; 885 886 list_for_each_entry(p, µcode_cache, plist) { 887 if (patch_cpus_equivalent(p, new_patch, true)) { 888 ret = patch_newer(p, new_patch); 889 if (ret < 0) 890 continue; 891 else if (!ret) { 892 /* we already have the latest patch */ 893 kfree(new_patch->data); 894 kfree(new_patch); 895 return; 896 } 897 898 list_replace(&p->plist, &new_patch->plist); 899 kfree(p->data); 900 kfree(p); 901 return; 902 } 903 } 904 /* no patch found, add it */ 905 list_add_tail(&new_patch->plist, µcode_cache); 906 } 907 908 static void free_cache(void) 909 { 910 struct ucode_patch *p, *tmp; 911 912 list_for_each_entry_safe(p, tmp, µcode_cache, plist) { 913 __list_del(p->plist.prev, p->plist.next); 914 kfree(p->data); 915 kfree(p); 916 } 917 } 918 919 static struct ucode_patch *find_patch(unsigned int cpu) 920 { 921 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 922 u16 equiv_id = 0; 923 924 uci->cpu_sig.rev = get_patch_level(); 925 926 if (x86_family(bsp_cpuid_1_eax) < 0x17) { 927 equiv_id = find_equiv_id(&equiv_table, uci->cpu_sig.sig); 928 if (!equiv_id) 929 return NULL; 930 } 931 932 return cache_find_patch(uci, equiv_id); 933 } 934 935 void reload_ucode_amd(unsigned int cpu) 936 { 937 u32 rev, dummy __always_unused; 938 struct microcode_amd *mc; 939 struct ucode_patch *p; 940 941 p = find_patch(cpu); 942 if (!p) 943 return; 944 945 mc = p->data; 946 947 rev = get_patch_level(); 948 if (rev < mc->hdr.patch_id) { 949 if (__apply_microcode_amd(mc, &rev, p->size)) 950 pr_info_once("reload revision: 0x%08x\n", rev); 951 } 952 } 953 954 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig) 955 { 956 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 957 struct ucode_patch *p; 958 959 csig->sig = cpuid_eax(0x00000001); 960 csig->rev = get_patch_level(); 961 962 /* 963 * a patch could have been loaded early, set uci->mc so that 964 * mc_bp_resume() can call apply_microcode() 965 */ 966 p = find_patch(cpu); 967 if (p && (p->patch_id == csig->rev)) 968 uci->mc = p->data; 969 970 return 0; 971 } 972 973 static enum ucode_state apply_microcode_amd(int cpu) 974 { 975 struct cpuinfo_x86 *c = &cpu_data(cpu); 976 struct microcode_amd *mc_amd; 977 struct ucode_cpu_info *uci; 978 struct ucode_patch *p; 979 enum ucode_state ret; 980 u32 rev; 981 982 BUG_ON(raw_smp_processor_id() != cpu); 983 984 uci = ucode_cpu_info + cpu; 985 986 p = find_patch(cpu); 987 if (!p) 988 return UCODE_NFOUND; 989 990 rev = uci->cpu_sig.rev; 991 992 mc_amd = p->data; 993 uci->mc = p->data; 994 995 /* need to apply patch? */ 996 if (rev > mc_amd->hdr.patch_id) { 997 ret = UCODE_OK; 998 goto out; 999 } 1000 1001 if (!__apply_microcode_amd(mc_amd, &rev, p->size)) { 1002 pr_err("CPU%d: update failed for patch_level=0x%08x\n", 1003 cpu, mc_amd->hdr.patch_id); 1004 return UCODE_ERROR; 1005 } 1006 1007 rev = mc_amd->hdr.patch_id; 1008 ret = UCODE_UPDATED; 1009 1010 out: 1011 uci->cpu_sig.rev = rev; 1012 c->microcode = rev; 1013 1014 /* Update boot_cpu_data's revision too, if we're on the BSP: */ 1015 if (c->cpu_index == boot_cpu_data.cpu_index) 1016 boot_cpu_data.microcode = rev; 1017 1018 return ret; 1019 } 1020 1021 void load_ucode_amd_ap(unsigned int cpuid_1_eax) 1022 { 1023 unsigned int cpu = smp_processor_id(); 1024 1025 ucode_cpu_info[cpu].cpu_sig.sig = cpuid_1_eax; 1026 apply_microcode_amd(cpu); 1027 } 1028 1029 static size_t install_equiv_cpu_table(const u8 *buf, size_t buf_size) 1030 { 1031 u32 equiv_tbl_len; 1032 const u32 *hdr; 1033 1034 if (!verify_equivalence_table(buf, buf_size)) 1035 return 0; 1036 1037 hdr = (const u32 *)buf; 1038 equiv_tbl_len = hdr[2]; 1039 1040 /* Zen and newer do not need an equivalence table. */ 1041 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 1042 goto out; 1043 1044 equiv_table.entry = vmalloc(equiv_tbl_len); 1045 if (!equiv_table.entry) { 1046 pr_err("failed to allocate equivalent CPU table\n"); 1047 return 0; 1048 } 1049 1050 memcpy(equiv_table.entry, buf + CONTAINER_HDR_SZ, equiv_tbl_len); 1051 equiv_table.num_entries = equiv_tbl_len / sizeof(struct equiv_cpu_entry); 1052 1053 out: 1054 /* add header length */ 1055 return equiv_tbl_len + CONTAINER_HDR_SZ; 1056 } 1057 1058 static void free_equiv_cpu_table(void) 1059 { 1060 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 1061 return; 1062 1063 vfree(equiv_table.entry); 1064 memset(&equiv_table, 0, sizeof(equiv_table)); 1065 } 1066 1067 static void cleanup(void) 1068 { 1069 free_equiv_cpu_table(); 1070 free_cache(); 1071 } 1072 1073 /* 1074 * Return a non-negative value even if some of the checks failed so that 1075 * we can skip over the next patch. If we return a negative value, we 1076 * signal a grave error like a memory allocation has failed and the 1077 * driver cannot continue functioning normally. In such cases, we tear 1078 * down everything we've used up so far and exit. 1079 */ 1080 static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover, 1081 unsigned int *patch_size) 1082 { 1083 struct microcode_header_amd *mc_hdr; 1084 struct ucode_patch *patch; 1085 u16 proc_id; 1086 int ret; 1087 1088 ret = verify_patch(fw, leftover, patch_size); 1089 if (ret) 1090 return ret; 1091 1092 patch = kzalloc_obj(*patch); 1093 if (!patch) { 1094 pr_err("Patch allocation failure.\n"); 1095 return -EINVAL; 1096 } 1097 1098 patch->data = kmemdup(fw + SECTION_HDR_SIZE, *patch_size, GFP_KERNEL); 1099 if (!patch->data) { 1100 pr_err("Patch data allocation failure.\n"); 1101 kfree(patch); 1102 return -EINVAL; 1103 } 1104 patch->size = *patch_size; 1105 1106 mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE); 1107 proc_id = mc_hdr->processor_rev_id; 1108 1109 INIT_LIST_HEAD(&patch->plist); 1110 patch->patch_id = mc_hdr->patch_id; 1111 patch->equiv_cpu = proc_id; 1112 1113 ucode_dbg("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n", 1114 __func__, patch->patch_id, proc_id); 1115 1116 /* ... and add to cache. */ 1117 update_cache(patch); 1118 1119 return 0; 1120 } 1121 1122 /* Scan the blob in @data and add microcode patches to the cache. */ 1123 static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, size_t size) 1124 { 1125 u8 *fw = (u8 *)data; 1126 size_t offset; 1127 1128 offset = install_equiv_cpu_table(data, size); 1129 if (!offset) 1130 return UCODE_ERROR; 1131 1132 fw += offset; 1133 size -= offset; 1134 1135 if (*(u32 *)fw != UCODE_UCODE_TYPE) { 1136 pr_err("invalid type field in container file section header\n"); 1137 free_equiv_cpu_table(); 1138 return UCODE_ERROR; 1139 } 1140 1141 while (size > 0) { 1142 unsigned int crnt_size = 0; 1143 int ret; 1144 1145 ret = verify_and_add_patch(family, fw, size, &crnt_size); 1146 if (ret < 0) 1147 return UCODE_ERROR; 1148 1149 fw += crnt_size + SECTION_HDR_SIZE; 1150 size -= (crnt_size + SECTION_HDR_SIZE); 1151 } 1152 1153 return UCODE_OK; 1154 } 1155 1156 static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t size) 1157 { 1158 enum ucode_state ret; 1159 1160 /* free old equiv table */ 1161 free_equiv_cpu_table(); 1162 1163 ret = __load_microcode_amd(family, data, size); 1164 if (ret != UCODE_OK) 1165 cleanup(); 1166 1167 return ret; 1168 } 1169 1170 static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size) 1171 { 1172 struct cpuinfo_x86 *c; 1173 unsigned int nid, cpu; 1174 struct ucode_patch *p; 1175 enum ucode_state ret; 1176 1177 ret = _load_microcode_amd(family, data, size); 1178 if (ret != UCODE_OK) 1179 return ret; 1180 1181 for_each_node_with_cpus(nid) { 1182 cpu = cpumask_first(cpumask_of_node(nid)); 1183 c = &cpu_data(cpu); 1184 1185 p = find_patch(cpu); 1186 if (!p) 1187 continue; 1188 1189 if (c->microcode >= p->patch_id) 1190 continue; 1191 1192 ret = UCODE_NEW; 1193 } 1194 1195 return ret; 1196 } 1197 1198 static int __init save_microcode_in_initrd(void) 1199 { 1200 struct cpuinfo_x86 *c = &boot_cpu_data; 1201 struct cont_desc desc = { 0 }; 1202 unsigned int cpuid_1_eax; 1203 enum ucode_state ret; 1204 struct cpio_data cp; 1205 1206 if (microcode_loader_disabled() || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) 1207 return 0; 1208 1209 cpuid_1_eax = native_cpuid_eax(1); 1210 1211 if (!find_blobs_in_containers(&cp)) 1212 return -EINVAL; 1213 1214 scan_containers(cp.data, cp.size, &desc); 1215 if (!desc.mc) 1216 return -EINVAL; 1217 1218 ret = _load_microcode_amd(x86_family(cpuid_1_eax), desc.data, desc.size); 1219 if (ret > UCODE_UPDATED) 1220 return -EINVAL; 1221 1222 return 0; 1223 } 1224 early_initcall(save_microcode_in_initrd); 1225 1226 /* 1227 * AMD microcode firmware naming convention, up to family 15h they are in 1228 * the legacy file: 1229 * 1230 * amd-ucode/microcode_amd.bin 1231 * 1232 * This legacy file is always smaller than 2K in size. 1233 * 1234 * Beginning with family 15h, they are in family-specific firmware files: 1235 * 1236 * amd-ucode/microcode_amd_fam15h.bin 1237 * amd-ucode/microcode_amd_fam16h.bin 1238 * ... 1239 * 1240 * These might be larger than 2K. 1241 */ 1242 static enum ucode_state request_microcode_amd(int cpu, struct device *device) 1243 { 1244 char fw_name[36] = "amd-ucode/microcode_amd.bin"; 1245 struct cpuinfo_x86 *c = &cpu_data(cpu); 1246 enum ucode_state ret = UCODE_NFOUND; 1247 const struct firmware *fw; 1248 1249 if (force_minrev) 1250 return UCODE_NFOUND; 1251 1252 if (c->x86 >= 0x15) 1253 snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); 1254 1255 if (request_firmware_direct(&fw, (const char *)fw_name, device)) { 1256 ucode_dbg("failed to load file %s\n", fw_name); 1257 goto out; 1258 } 1259 1260 ret = UCODE_ERROR; 1261 if (!verify_container(fw->data, fw->size)) 1262 goto fw_release; 1263 1264 ret = load_microcode_amd(c->x86, fw->data, fw->size); 1265 1266 fw_release: 1267 release_firmware(fw); 1268 1269 out: 1270 return ret; 1271 } 1272 1273 static void microcode_fini_cpu_amd(int cpu) 1274 { 1275 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 1276 1277 uci->mc = NULL; 1278 } 1279 1280 static void finalize_late_load_amd(int result) 1281 { 1282 if (result) 1283 cleanup(); 1284 } 1285 1286 static struct microcode_ops microcode_amd_ops = { 1287 .request_microcode_fw = request_microcode_amd, 1288 .collect_cpu_info = collect_cpu_info_amd, 1289 .apply_microcode = apply_microcode_amd, 1290 .microcode_fini_cpu = microcode_fini_cpu_amd, 1291 .finalize_late_load = finalize_late_load_amd, 1292 .nmi_safe = true, 1293 }; 1294 1295 struct microcode_ops * __init init_amd_microcode(void) 1296 { 1297 struct cpuinfo_x86 *c = &boot_cpu_data; 1298 1299 if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) { 1300 pr_warn("AMD CPU family 0x%x not supported\n", c->x86); 1301 return NULL; 1302 } 1303 return µcode_amd_ops; 1304 } 1305 1306 void __exit exit_amd_microcode(void) 1307 { 1308 cleanup(); 1309 } 1310