1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AMD CPU Microcode Update Driver for Linux 4 * 5 * This driver allows to upgrade microcode on F10h AMD 6 * CPUs and later. 7 * 8 * Copyright (C) 2008-2011 Advanced Micro Devices Inc. 9 * 2013-2018 Borislav Petkov <bp@alien8.de> 10 * 11 * Author: Peter Oruba <peter.oruba@amd.com> 12 * 13 * Based on work by: 14 * Tigran Aivazian <aivazian.tigran@gmail.com> 15 * 16 * early loader: 17 * Copyright (C) 2013 Advanced Micro Devices, Inc. 18 * 19 * Author: Jacob Shin <jacob.shin@amd.com> 20 * Fixes: Borislav Petkov <bp@suse.de> 21 */ 22 #define pr_fmt(fmt) "microcode: " fmt 23 24 #include <linux/earlycpio.h> 25 #include <linux/firmware.h> 26 #include <linux/bsearch.h> 27 #include <linux/uaccess.h> 28 #include <linux/vmalloc.h> 29 #include <linux/initrd.h> 30 #include <linux/kernel.h> 31 #include <linux/pci.h> 32 33 #include <crypto/sha2.h> 34 35 #include <asm/microcode.h> 36 #include <asm/processor.h> 37 #include <asm/cmdline.h> 38 #include <asm/setup.h> 39 #include <asm/cpu.h> 40 #include <asm/msr.h> 41 #include <asm/tlb.h> 42 43 #include "internal.h" 44 45 struct ucode_patch { 46 struct list_head plist; 47 void *data; 48 unsigned int size; 49 u32 patch_id; 50 u16 equiv_cpu; 51 }; 52 53 static LIST_HEAD(microcode_cache); 54 55 #define UCODE_MAGIC 0x00414d44 56 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000 57 #define UCODE_UCODE_TYPE 0x00000001 58 59 #define SECTION_HDR_SIZE 8 60 #define CONTAINER_HDR_SZ 12 61 62 struct equiv_cpu_entry { 63 u32 installed_cpu; 64 u32 fixed_errata_mask; 65 u32 fixed_errata_compare; 66 u16 equiv_cpu; 67 u16 res; 68 } __packed; 69 70 struct microcode_header_amd { 71 u32 data_code; 72 u32 patch_id; 73 u16 mc_patch_data_id; 74 u8 mc_patch_data_len; 75 u8 init_flag; 76 u32 mc_patch_data_checksum; 77 u32 nb_dev_id; 78 u32 sb_dev_id; 79 u16 processor_rev_id; 80 u8 nb_rev_id; 81 u8 sb_rev_id; 82 u8 bios_api_rev; 83 u8 reserved1[3]; 84 u32 match_reg[8]; 85 } __packed; 86 87 struct microcode_amd { 88 struct microcode_header_amd hdr; 89 unsigned int mpb[]; 90 }; 91 92 static struct equiv_cpu_table { 93 unsigned int num_entries; 94 struct equiv_cpu_entry *entry; 95 } equiv_table; 96 97 union zen_patch_rev { 98 struct { 99 __u32 rev : 8, 100 stepping : 4, 101 model : 4, 102 __reserved : 4, 103 ext_model : 4, 104 ext_fam : 8; 105 }; 106 __u32 ucode_rev; 107 }; 108 109 union cpuid_1_eax { 110 struct { 111 __u32 stepping : 4, 112 model : 4, 113 family : 4, 114 __reserved0 : 4, 115 ext_model : 4, 116 ext_fam : 8, 117 __reserved1 : 4; 118 }; 119 __u32 full; 120 }; 121 122 /* 123 * This points to the current valid container of microcode patches which we will 124 * save from the initrd/builtin before jettisoning its contents. @mc is the 125 * microcode patch we found to match. 126 */ 127 struct cont_desc { 128 struct microcode_amd *mc; 129 u32 psize; 130 u8 *data; 131 size_t size; 132 }; 133 134 /* 135 * Microcode patch container file is prepended to the initrd in cpio 136 * format. See Documentation/arch/x86/microcode.rst 137 */ 138 static const char 139 ucode_path[] __maybe_unused = "kernel/x86/microcode/AuthenticAMD.bin"; 140 141 /* 142 * This is CPUID(1).EAX on the BSP. It is used in two ways: 143 * 144 * 1. To ignore the equivalence table on Zen1 and newer. 145 * 146 * 2. To match which patches to load because the patch revision ID 147 * already contains the f/m/s for which the microcode is destined 148 * for. 149 */ 150 static u32 bsp_cpuid_1_eax __ro_after_init; 151 152 static bool sha_check = true; 153 154 struct patch_digest { 155 u32 patch_id; 156 u8 sha256[SHA256_DIGEST_SIZE]; 157 }; 158 159 #include "amd_shas.c" 160 161 static int cmp_id(const void *key, const void *elem) 162 { 163 struct patch_digest *pd = (struct patch_digest *)elem; 164 u32 patch_id = *(u32 *)key; 165 166 if (patch_id == pd->patch_id) 167 return 0; 168 else if (patch_id < pd->patch_id) 169 return -1; 170 else 171 return 1; 172 } 173 174 static u32 cpuid_to_ucode_rev(unsigned int val) 175 { 176 union zen_patch_rev p = {}; 177 union cpuid_1_eax c; 178 179 c.full = val; 180 181 p.stepping = c.stepping; 182 p.model = c.model; 183 p.ext_model = c.ext_model; 184 p.ext_fam = c.ext_fam; 185 186 return p.ucode_rev; 187 } 188 189 static bool need_sha_check(u32 cur_rev) 190 { 191 if (!cur_rev) { 192 cur_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax); 193 pr_info_once("No current revision, generating the lowest one: 0x%x\n", cur_rev); 194 } 195 196 switch (cur_rev >> 8) { 197 case 0x80012: return cur_rev <= 0x8001277; break; 198 case 0x80082: return cur_rev <= 0x800820f; break; 199 case 0x83010: return cur_rev <= 0x830107c; break; 200 case 0x86001: return cur_rev <= 0x860010e; break; 201 case 0x86081: return cur_rev <= 0x8608108; break; 202 case 0x87010: return cur_rev <= 0x8701034; break; 203 case 0x8a000: return cur_rev <= 0x8a0000a; break; 204 case 0xa0010: return cur_rev <= 0xa00107a; break; 205 case 0xa0011: return cur_rev <= 0xa0011da; break; 206 case 0xa0012: return cur_rev <= 0xa001243; break; 207 case 0xa0082: return cur_rev <= 0xa00820e; break; 208 case 0xa1011: return cur_rev <= 0xa101153; break; 209 case 0xa1012: return cur_rev <= 0xa10124e; break; 210 case 0xa1081: return cur_rev <= 0xa108109; break; 211 case 0xa2010: return cur_rev <= 0xa20102f; break; 212 case 0xa2012: return cur_rev <= 0xa201212; break; 213 case 0xa4041: return cur_rev <= 0xa404109; break; 214 case 0xa5000: return cur_rev <= 0xa500013; break; 215 case 0xa6012: return cur_rev <= 0xa60120a; break; 216 case 0xa7041: return cur_rev <= 0xa704109; break; 217 case 0xa7052: return cur_rev <= 0xa705208; break; 218 case 0xa7080: return cur_rev <= 0xa708009; break; 219 case 0xa70c0: return cur_rev <= 0xa70C009; break; 220 case 0xaa001: return cur_rev <= 0xaa00116; break; 221 case 0xaa002: return cur_rev <= 0xaa00218; break; 222 case 0xb0021: return cur_rev <= 0xb002146; break; 223 case 0xb0081: return cur_rev <= 0xb008111; break; 224 case 0xb1010: return cur_rev <= 0xb101046; break; 225 case 0xb2040: return cur_rev <= 0xb204031; break; 226 case 0xb4040: return cur_rev <= 0xb404031; break; 227 case 0xb4041: return cur_rev <= 0xb404101; break; 228 case 0xb6000: return cur_rev <= 0xb600031; break; 229 case 0xb6080: return cur_rev <= 0xb608031; break; 230 case 0xb7000: return cur_rev <= 0xb700031; break; 231 default: break; 232 } 233 234 pr_info("You should not be seeing this. Please send the following couple of lines to x86-<at>-kernel.org\n"); 235 pr_info("CPUID(1).EAX: 0x%x, current revision: 0x%x\n", bsp_cpuid_1_eax, cur_rev); 236 return true; 237 } 238 239 static bool cpu_has_entrysign(void) 240 { 241 unsigned int fam = x86_family(bsp_cpuid_1_eax); 242 unsigned int model = x86_model(bsp_cpuid_1_eax); 243 244 if (fam == 0x17 || fam == 0x19) 245 return true; 246 247 if (fam == 0x1a) { 248 if (model <= 0x2f || 249 (0x40 <= model && model <= 0x4f) || 250 (0x60 <= model && model <= 0x6f)) 251 return true; 252 } 253 254 return false; 255 } 256 257 static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsigned int len) 258 { 259 struct patch_digest *pd = NULL; 260 u8 digest[SHA256_DIGEST_SIZE]; 261 int i; 262 263 if (!cpu_has_entrysign()) 264 return true; 265 266 if (!need_sha_check(cur_rev)) 267 return true; 268 269 if (!sha_check) 270 return true; 271 272 pd = bsearch(&patch_id, phashes, ARRAY_SIZE(phashes), sizeof(struct patch_digest), cmp_id); 273 if (!pd) { 274 pr_err("No sha256 digest for patch ID: 0x%x found\n", patch_id); 275 return false; 276 } 277 278 sha256(data, len, digest); 279 280 if (memcmp(digest, pd->sha256, sizeof(digest))) { 281 pr_err("Patch 0x%x SHA256 digest mismatch!\n", patch_id); 282 283 for (i = 0; i < SHA256_DIGEST_SIZE; i++) 284 pr_cont("0x%x ", digest[i]); 285 pr_info("\n"); 286 287 return false; 288 } 289 290 return true; 291 } 292 293 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val) 294 { 295 union zen_patch_rev p; 296 union cpuid_1_eax c; 297 298 p.ucode_rev = val; 299 c.full = 0; 300 301 c.stepping = p.stepping; 302 c.model = p.model; 303 c.ext_model = p.ext_model; 304 c.family = 0xf; 305 c.ext_fam = p.ext_fam; 306 307 return c; 308 } 309 310 static u32 get_patch_level(void) 311 { 312 u32 rev, dummy __always_unused; 313 314 if (IS_ENABLED(CONFIG_MICROCODE_DBG)) { 315 int cpu = smp_processor_id(); 316 317 if (!microcode_rev[cpu]) { 318 if (!base_rev) 319 base_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax); 320 321 microcode_rev[cpu] = base_rev; 322 323 ucode_dbg("CPU%d, base_rev: 0x%x\n", cpu, base_rev); 324 } 325 326 return microcode_rev[cpu]; 327 } 328 329 native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy); 330 331 return rev; 332 } 333 334 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig) 335 { 336 unsigned int i; 337 338 /* Zen and newer do not need an equivalence table. */ 339 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 340 return 0; 341 342 if (!et || !et->num_entries) 343 return 0; 344 345 for (i = 0; i < et->num_entries; i++) { 346 struct equiv_cpu_entry *e = &et->entry[i]; 347 348 if (sig == e->installed_cpu) 349 return e->equiv_cpu; 350 } 351 return 0; 352 } 353 354 /* 355 * Check whether there is a valid microcode container file at the beginning 356 * of @buf of size @buf_size. 357 */ 358 static bool verify_container(const u8 *buf, size_t buf_size) 359 { 360 u32 cont_magic; 361 362 if (buf_size <= CONTAINER_HDR_SZ) { 363 ucode_dbg("Truncated microcode container header.\n"); 364 return false; 365 } 366 367 cont_magic = *(const u32 *)buf; 368 if (cont_magic != UCODE_MAGIC) { 369 ucode_dbg("Invalid magic value (0x%08x).\n", cont_magic); 370 return false; 371 } 372 373 return true; 374 } 375 376 /* 377 * Check whether there is a valid, non-truncated CPU equivalence table at the 378 * beginning of @buf of size @buf_size. 379 */ 380 static bool verify_equivalence_table(const u8 *buf, size_t buf_size) 381 { 382 const u32 *hdr = (const u32 *)buf; 383 u32 cont_type, equiv_tbl_len; 384 385 if (!verify_container(buf, buf_size)) 386 return false; 387 388 /* Zen and newer do not need an equivalence table. */ 389 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 390 return true; 391 392 cont_type = hdr[1]; 393 if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) { 394 ucode_dbg("Wrong microcode container equivalence table type: %u.\n", 395 cont_type); 396 return false; 397 } 398 399 buf_size -= CONTAINER_HDR_SZ; 400 401 equiv_tbl_len = hdr[2]; 402 if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) || 403 buf_size < equiv_tbl_len) { 404 ucode_dbg("Truncated equivalence table.\n"); 405 return false; 406 } 407 408 return true; 409 } 410 411 /* 412 * Check whether there is a valid, non-truncated microcode patch section at the 413 * beginning of @buf of size @buf_size. 414 * 415 * On success, @sh_psize returns the patch size according to the section header, 416 * to the caller. 417 */ 418 static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize) 419 { 420 u32 p_type, p_size; 421 const u32 *hdr; 422 423 if (buf_size < SECTION_HDR_SIZE) { 424 ucode_dbg("Truncated patch section.\n"); 425 return false; 426 } 427 428 hdr = (const u32 *)buf; 429 p_type = hdr[0]; 430 p_size = hdr[1]; 431 432 if (p_type != UCODE_UCODE_TYPE) { 433 ucode_dbg("Invalid type field (0x%x) in container file section header.\n", 434 p_type); 435 return false; 436 } 437 438 if (p_size < sizeof(struct microcode_header_amd)) { 439 ucode_dbg("Patch of size %u too short.\n", p_size); 440 return false; 441 } 442 443 *sh_psize = p_size; 444 445 return true; 446 } 447 448 /* 449 * Check whether the passed remaining file @buf_size is large enough to contain 450 * a patch of the indicated @sh_psize (and also whether this size does not 451 * exceed the per-family maximum). @sh_psize is the size read from the section 452 * header. 453 */ 454 static bool __verify_patch_size(u32 sh_psize, size_t buf_size) 455 { 456 u8 family = x86_family(bsp_cpuid_1_eax); 457 u32 max_size; 458 459 if (family >= 0x15) 460 goto ret; 461 462 #define F1XH_MPB_MAX_SIZE 2048 463 #define F14H_MPB_MAX_SIZE 1824 464 465 switch (family) { 466 case 0x10 ... 0x12: 467 max_size = F1XH_MPB_MAX_SIZE; 468 break; 469 case 0x14: 470 max_size = F14H_MPB_MAX_SIZE; 471 break; 472 default: 473 WARN(1, "%s: WTF family: 0x%x\n", __func__, family); 474 return false; 475 } 476 477 if (sh_psize > max_size) 478 return false; 479 480 ret: 481 /* Working with the whole buffer so < is ok. */ 482 return sh_psize <= buf_size; 483 } 484 485 /* 486 * Verify the patch in @buf. 487 * 488 * Returns: 489 * negative: on error 490 * positive: patch is not for this family, skip it 491 * 0: success 492 */ 493 static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size) 494 { 495 u8 family = x86_family(bsp_cpuid_1_eax); 496 struct microcode_header_amd *mc_hdr; 497 u32 sh_psize; 498 u16 proc_id; 499 u8 patch_fam; 500 501 if (!__verify_patch_section(buf, buf_size, &sh_psize)) 502 return -1; 503 504 /* 505 * The section header length is not included in this indicated size 506 * but is present in the leftover file length so we need to subtract 507 * it before passing this value to the function below. 508 */ 509 buf_size -= SECTION_HDR_SIZE; 510 511 /* 512 * Check if the remaining buffer is big enough to contain a patch of 513 * size sh_psize, as the section claims. 514 */ 515 if (buf_size < sh_psize) { 516 ucode_dbg("Patch of size %u truncated.\n", sh_psize); 517 return -1; 518 } 519 520 if (!__verify_patch_size(sh_psize, buf_size)) { 521 ucode_dbg("Per-family patch size mismatch.\n"); 522 return -1; 523 } 524 525 *patch_size = sh_psize; 526 527 mc_hdr = (struct microcode_header_amd *)(buf + SECTION_HDR_SIZE); 528 if (mc_hdr->nb_dev_id || mc_hdr->sb_dev_id) { 529 pr_err("Patch-ID 0x%08x: chipset-specific code unsupported.\n", mc_hdr->patch_id); 530 return -1; 531 } 532 533 proc_id = mc_hdr->processor_rev_id; 534 patch_fam = 0xf + (proc_id >> 12); 535 536 ucode_dbg("Patch-ID 0x%08x: family: 0x%x\n", mc_hdr->patch_id, patch_fam); 537 538 if (patch_fam != family) 539 return 1; 540 541 return 0; 542 } 543 544 static bool mc_patch_matches(struct microcode_amd *mc, u16 eq_id) 545 { 546 /* Zen and newer do not need an equivalence table. */ 547 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 548 return ucode_rev_to_cpuid(mc->hdr.patch_id).full == bsp_cpuid_1_eax; 549 else 550 return eq_id == mc->hdr.processor_rev_id; 551 } 552 553 /* 554 * This scans the ucode blob for the proper container as we can have multiple 555 * containers glued together. 556 * 557 * Returns the amount of bytes consumed while scanning. @desc contains all the 558 * data we're going to use in later stages of the application. 559 */ 560 static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc) 561 { 562 struct equiv_cpu_table table; 563 size_t orig_size = size; 564 u32 *hdr = (u32 *)ucode; 565 u16 eq_id; 566 u8 *buf; 567 568 if (!verify_equivalence_table(ucode, size)) 569 return 0; 570 571 buf = ucode; 572 573 table.entry = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ); 574 table.num_entries = hdr[2] / sizeof(struct equiv_cpu_entry); 575 576 /* 577 * Find the equivalence ID of our CPU in this table. Even if this table 578 * doesn't contain a patch for the CPU, scan through the whole container 579 * so that it can be skipped in case there are other containers appended. 580 */ 581 eq_id = find_equiv_id(&table, bsp_cpuid_1_eax); 582 583 buf += hdr[2] + CONTAINER_HDR_SZ; 584 size -= hdr[2] + CONTAINER_HDR_SZ; 585 586 /* 587 * Scan through the rest of the container to find where it ends. We do 588 * some basic sanity-checking too. 589 */ 590 while (size > 0) { 591 struct microcode_amd *mc; 592 u32 patch_size; 593 int ret; 594 595 ret = verify_patch(buf, size, &patch_size); 596 if (ret < 0) { 597 /* 598 * Patch verification failed, skip to the next container, if 599 * there is one. Before exit, check whether that container has 600 * found a patch already. If so, use it. 601 */ 602 goto out; 603 } else if (ret > 0) { 604 goto skip; 605 } 606 607 mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE); 608 609 ucode_dbg("patch_id: 0x%x\n", mc->hdr.patch_id); 610 611 if (mc_patch_matches(mc, eq_id)) { 612 desc->psize = patch_size; 613 desc->mc = mc; 614 615 ucode_dbg(" match: size: %d\n", patch_size); 616 } 617 618 skip: 619 /* Skip patch section header too: */ 620 buf += patch_size + SECTION_HDR_SIZE; 621 size -= patch_size + SECTION_HDR_SIZE; 622 } 623 624 out: 625 /* 626 * If we have found a patch (desc->mc), it means we're looking at the 627 * container which has a patch for this CPU so return 0 to mean, @ucode 628 * already points to the proper container. Otherwise, we return the size 629 * we scanned so that we can advance to the next container in the 630 * buffer. 631 */ 632 if (desc->mc) { 633 desc->data = ucode; 634 desc->size = orig_size - size; 635 636 return 0; 637 } 638 639 return orig_size - size; 640 } 641 642 /* 643 * Scan the ucode blob for the proper container as we can have multiple 644 * containers glued together. 645 */ 646 static void scan_containers(u8 *ucode, size_t size, struct cont_desc *desc) 647 { 648 while (size) { 649 size_t s = parse_container(ucode, size, desc); 650 if (!s) 651 return; 652 653 /* catch wraparound */ 654 if (size >= s) { 655 ucode += s; 656 size -= s; 657 } else { 658 return; 659 } 660 } 661 } 662 663 static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev, 664 unsigned int psize) 665 { 666 unsigned long p_addr = (unsigned long)&mc->hdr.data_code; 667 668 if (!verify_sha256_digest(mc->hdr.patch_id, *cur_rev, (const u8 *)p_addr, psize)) 669 return false; 670 671 native_wrmsrq(MSR_AMD64_PATCH_LOADER, p_addr); 672 673 if (x86_family(bsp_cpuid_1_eax) == 0x17) { 674 unsigned long p_addr_end = p_addr + psize - 1; 675 676 invlpg(p_addr); 677 678 /* 679 * Flush next page too if patch image is crossing a page 680 * boundary. 681 */ 682 if (p_addr >> PAGE_SHIFT != p_addr_end >> PAGE_SHIFT) 683 invlpg(p_addr_end); 684 } 685 686 if (IS_ENABLED(CONFIG_MICROCODE_DBG)) 687 microcode_rev[smp_processor_id()] = mc->hdr.patch_id; 688 689 /* verify patch application was successful */ 690 *cur_rev = get_patch_level(); 691 692 ucode_dbg("updated rev: 0x%x\n", *cur_rev); 693 694 if (*cur_rev != mc->hdr.patch_id) 695 return false; 696 697 return true; 698 } 699 700 static bool get_builtin_microcode(struct cpio_data *cp) 701 { 702 char fw_name[36] = "amd-ucode/microcode_amd.bin"; 703 u8 family = x86_family(bsp_cpuid_1_eax); 704 struct firmware fw; 705 706 if (IS_ENABLED(CONFIG_X86_32)) 707 return false; 708 709 if (family >= 0x15) 710 snprintf(fw_name, sizeof(fw_name), 711 "amd-ucode/microcode_amd_fam%02hhxh.bin", family); 712 713 if (firmware_request_builtin(&fw, fw_name)) { 714 cp->size = fw.size; 715 cp->data = (void *)fw.data; 716 return true; 717 } 718 719 return false; 720 } 721 722 static bool __init find_blobs_in_containers(struct cpio_data *ret) 723 { 724 struct cpio_data cp; 725 bool found; 726 727 if (!get_builtin_microcode(&cp)) 728 cp = find_microcode_in_initrd(ucode_path); 729 730 found = cp.data && cp.size; 731 if (found) 732 *ret = cp; 733 734 return found; 735 } 736 737 /* 738 * Early load occurs before we can vmalloc(). So we look for the microcode 739 * patch container file in initrd, traverse equivalent cpu table, look for a 740 * matching microcode patch, and update, all in initrd memory in place. 741 * When vmalloc() is available for use later -- on 64-bit during first AP load, 742 * and on 32-bit during save_microcode_in_initrd() -- we can call 743 * load_microcode_amd() to save equivalent cpu table and microcode patches in 744 * kernel heap memory. 745 */ 746 void __init load_ucode_amd_bsp(struct early_load_data *ed, unsigned int cpuid_1_eax) 747 { 748 struct cont_desc desc = { }; 749 struct microcode_amd *mc; 750 struct cpio_data cp = { }; 751 char buf[4]; 752 u32 rev; 753 754 if (cmdline_find_option(boot_command_line, "microcode.amd_sha_check", buf, 4)) { 755 if (!strncmp(buf, "off", 3)) { 756 sha_check = false; 757 pr_warn_once("It is a very very bad idea to disable the blobs SHA check!\n"); 758 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); 759 } 760 } 761 762 bsp_cpuid_1_eax = cpuid_1_eax; 763 764 rev = get_patch_level(); 765 ed->old_rev = rev; 766 767 /* Needed in load_microcode_amd() */ 768 ucode_cpu_info[0].cpu_sig.sig = cpuid_1_eax; 769 770 if (!find_blobs_in_containers(&cp)) 771 return; 772 773 scan_containers(cp.data, cp.size, &desc); 774 775 mc = desc.mc; 776 if (!mc) 777 return; 778 779 /* 780 * Allow application of the same revision to pick up SMT-specific 781 * changes even if the revision of the other SMT thread is already 782 * up-to-date. 783 */ 784 if (ed->old_rev > mc->hdr.patch_id) 785 return; 786 787 if (__apply_microcode_amd(mc, &rev, desc.psize)) 788 ed->new_rev = rev; 789 } 790 791 static inline bool patch_cpus_equivalent(struct ucode_patch *p, 792 struct ucode_patch *n, 793 bool ignore_stepping) 794 { 795 /* Zen and newer hardcode the f/m/s in the patch ID */ 796 if (x86_family(bsp_cpuid_1_eax) >= 0x17) { 797 union cpuid_1_eax p_cid = ucode_rev_to_cpuid(p->patch_id); 798 union cpuid_1_eax n_cid = ucode_rev_to_cpuid(n->patch_id); 799 800 if (ignore_stepping) { 801 p_cid.stepping = 0; 802 n_cid.stepping = 0; 803 } 804 805 return p_cid.full == n_cid.full; 806 } else { 807 return p->equiv_cpu == n->equiv_cpu; 808 } 809 } 810 811 /* 812 * a small, trivial cache of per-family ucode patches 813 */ 814 static struct ucode_patch *cache_find_patch(struct ucode_cpu_info *uci, u16 equiv_cpu) 815 { 816 struct ucode_patch *p; 817 struct ucode_patch n; 818 819 n.equiv_cpu = equiv_cpu; 820 n.patch_id = uci->cpu_sig.rev; 821 822 list_for_each_entry(p, µcode_cache, plist) 823 if (patch_cpus_equivalent(p, &n, false)) 824 return p; 825 826 return NULL; 827 } 828 829 static inline int patch_newer(struct ucode_patch *p, struct ucode_patch *n) 830 { 831 /* Zen and newer hardcode the f/m/s in the patch ID */ 832 if (x86_family(bsp_cpuid_1_eax) >= 0x17) { 833 union zen_patch_rev zp, zn; 834 835 zp.ucode_rev = p->patch_id; 836 zn.ucode_rev = n->patch_id; 837 838 if (zn.stepping != zp.stepping) 839 return -1; 840 841 return zn.rev > zp.rev; 842 } else { 843 return n->patch_id > p->patch_id; 844 } 845 } 846 847 static void update_cache(struct ucode_patch *new_patch) 848 { 849 struct ucode_patch *p; 850 int ret; 851 852 list_for_each_entry(p, µcode_cache, plist) { 853 if (patch_cpus_equivalent(p, new_patch, true)) { 854 ret = patch_newer(p, new_patch); 855 if (ret < 0) 856 continue; 857 else if (!ret) { 858 /* we already have the latest patch */ 859 kfree(new_patch->data); 860 kfree(new_patch); 861 return; 862 } 863 864 list_replace(&p->plist, &new_patch->plist); 865 kfree(p->data); 866 kfree(p); 867 return; 868 } 869 } 870 /* no patch found, add it */ 871 list_add_tail(&new_patch->plist, µcode_cache); 872 } 873 874 static void free_cache(void) 875 { 876 struct ucode_patch *p, *tmp; 877 878 list_for_each_entry_safe(p, tmp, µcode_cache, plist) { 879 __list_del(p->plist.prev, p->plist.next); 880 kfree(p->data); 881 kfree(p); 882 } 883 } 884 885 static struct ucode_patch *find_patch(unsigned int cpu) 886 { 887 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 888 u16 equiv_id = 0; 889 890 uci->cpu_sig.rev = get_patch_level(); 891 892 if (x86_family(bsp_cpuid_1_eax) < 0x17) { 893 equiv_id = find_equiv_id(&equiv_table, uci->cpu_sig.sig); 894 if (!equiv_id) 895 return NULL; 896 } 897 898 return cache_find_patch(uci, equiv_id); 899 } 900 901 void reload_ucode_amd(unsigned int cpu) 902 { 903 u32 rev, dummy __always_unused; 904 struct microcode_amd *mc; 905 struct ucode_patch *p; 906 907 p = find_patch(cpu); 908 if (!p) 909 return; 910 911 mc = p->data; 912 913 rev = get_patch_level(); 914 if (rev < mc->hdr.patch_id) { 915 if (__apply_microcode_amd(mc, &rev, p->size)) 916 pr_info_once("reload revision: 0x%08x\n", rev); 917 } 918 } 919 920 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig) 921 { 922 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 923 struct ucode_patch *p; 924 925 csig->sig = cpuid_eax(0x00000001); 926 csig->rev = get_patch_level(); 927 928 /* 929 * a patch could have been loaded early, set uci->mc so that 930 * mc_bp_resume() can call apply_microcode() 931 */ 932 p = find_patch(cpu); 933 if (p && (p->patch_id == csig->rev)) 934 uci->mc = p->data; 935 936 return 0; 937 } 938 939 static enum ucode_state apply_microcode_amd(int cpu) 940 { 941 struct cpuinfo_x86 *c = &cpu_data(cpu); 942 struct microcode_amd *mc_amd; 943 struct ucode_cpu_info *uci; 944 struct ucode_patch *p; 945 enum ucode_state ret; 946 u32 rev; 947 948 BUG_ON(raw_smp_processor_id() != cpu); 949 950 uci = ucode_cpu_info + cpu; 951 952 p = find_patch(cpu); 953 if (!p) 954 return UCODE_NFOUND; 955 956 rev = uci->cpu_sig.rev; 957 958 mc_amd = p->data; 959 uci->mc = p->data; 960 961 /* need to apply patch? */ 962 if (rev > mc_amd->hdr.patch_id) { 963 ret = UCODE_OK; 964 goto out; 965 } 966 967 if (!__apply_microcode_amd(mc_amd, &rev, p->size)) { 968 pr_err("CPU%d: update failed for patch_level=0x%08x\n", 969 cpu, mc_amd->hdr.patch_id); 970 return UCODE_ERROR; 971 } 972 973 rev = mc_amd->hdr.patch_id; 974 ret = UCODE_UPDATED; 975 976 out: 977 uci->cpu_sig.rev = rev; 978 c->microcode = rev; 979 980 /* Update boot_cpu_data's revision too, if we're on the BSP: */ 981 if (c->cpu_index == boot_cpu_data.cpu_index) 982 boot_cpu_data.microcode = rev; 983 984 return ret; 985 } 986 987 void load_ucode_amd_ap(unsigned int cpuid_1_eax) 988 { 989 unsigned int cpu = smp_processor_id(); 990 991 ucode_cpu_info[cpu].cpu_sig.sig = cpuid_1_eax; 992 apply_microcode_amd(cpu); 993 } 994 995 static size_t install_equiv_cpu_table(const u8 *buf, size_t buf_size) 996 { 997 u32 equiv_tbl_len; 998 const u32 *hdr; 999 1000 if (!verify_equivalence_table(buf, buf_size)) 1001 return 0; 1002 1003 hdr = (const u32 *)buf; 1004 equiv_tbl_len = hdr[2]; 1005 1006 /* Zen and newer do not need an equivalence table. */ 1007 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 1008 goto out; 1009 1010 equiv_table.entry = vmalloc(equiv_tbl_len); 1011 if (!equiv_table.entry) { 1012 pr_err("failed to allocate equivalent CPU table\n"); 1013 return 0; 1014 } 1015 1016 memcpy(equiv_table.entry, buf + CONTAINER_HDR_SZ, equiv_tbl_len); 1017 equiv_table.num_entries = equiv_tbl_len / sizeof(struct equiv_cpu_entry); 1018 1019 out: 1020 /* add header length */ 1021 return equiv_tbl_len + CONTAINER_HDR_SZ; 1022 } 1023 1024 static void free_equiv_cpu_table(void) 1025 { 1026 if (x86_family(bsp_cpuid_1_eax) >= 0x17) 1027 return; 1028 1029 vfree(equiv_table.entry); 1030 memset(&equiv_table, 0, sizeof(equiv_table)); 1031 } 1032 1033 static void cleanup(void) 1034 { 1035 free_equiv_cpu_table(); 1036 free_cache(); 1037 } 1038 1039 /* 1040 * Return a non-negative value even if some of the checks failed so that 1041 * we can skip over the next patch. If we return a negative value, we 1042 * signal a grave error like a memory allocation has failed and the 1043 * driver cannot continue functioning normally. In such cases, we tear 1044 * down everything we've used up so far and exit. 1045 */ 1046 static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover, 1047 unsigned int *patch_size) 1048 { 1049 struct microcode_header_amd *mc_hdr; 1050 struct ucode_patch *patch; 1051 u16 proc_id; 1052 int ret; 1053 1054 ret = verify_patch(fw, leftover, patch_size); 1055 if (ret) 1056 return ret; 1057 1058 patch = kzalloc(sizeof(*patch), GFP_KERNEL); 1059 if (!patch) { 1060 pr_err("Patch allocation failure.\n"); 1061 return -EINVAL; 1062 } 1063 1064 patch->data = kmemdup(fw + SECTION_HDR_SIZE, *patch_size, GFP_KERNEL); 1065 if (!patch->data) { 1066 pr_err("Patch data allocation failure.\n"); 1067 kfree(patch); 1068 return -EINVAL; 1069 } 1070 patch->size = *patch_size; 1071 1072 mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE); 1073 proc_id = mc_hdr->processor_rev_id; 1074 1075 INIT_LIST_HEAD(&patch->plist); 1076 patch->patch_id = mc_hdr->patch_id; 1077 patch->equiv_cpu = proc_id; 1078 1079 ucode_dbg("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n", 1080 __func__, patch->patch_id, proc_id); 1081 1082 /* ... and add to cache. */ 1083 update_cache(patch); 1084 1085 return 0; 1086 } 1087 1088 /* Scan the blob in @data and add microcode patches to the cache. */ 1089 static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, size_t size) 1090 { 1091 u8 *fw = (u8 *)data; 1092 size_t offset; 1093 1094 offset = install_equiv_cpu_table(data, size); 1095 if (!offset) 1096 return UCODE_ERROR; 1097 1098 fw += offset; 1099 size -= offset; 1100 1101 if (*(u32 *)fw != UCODE_UCODE_TYPE) { 1102 pr_err("invalid type field in container file section header\n"); 1103 free_equiv_cpu_table(); 1104 return UCODE_ERROR; 1105 } 1106 1107 while (size > 0) { 1108 unsigned int crnt_size = 0; 1109 int ret; 1110 1111 ret = verify_and_add_patch(family, fw, size, &crnt_size); 1112 if (ret < 0) 1113 return UCODE_ERROR; 1114 1115 fw += crnt_size + SECTION_HDR_SIZE; 1116 size -= (crnt_size + SECTION_HDR_SIZE); 1117 } 1118 1119 return UCODE_OK; 1120 } 1121 1122 static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t size) 1123 { 1124 enum ucode_state ret; 1125 1126 /* free old equiv table */ 1127 free_equiv_cpu_table(); 1128 1129 ret = __load_microcode_amd(family, data, size); 1130 if (ret != UCODE_OK) 1131 cleanup(); 1132 1133 return ret; 1134 } 1135 1136 static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size) 1137 { 1138 struct cpuinfo_x86 *c; 1139 unsigned int nid, cpu; 1140 struct ucode_patch *p; 1141 enum ucode_state ret; 1142 1143 ret = _load_microcode_amd(family, data, size); 1144 if (ret != UCODE_OK) 1145 return ret; 1146 1147 for_each_node_with_cpus(nid) { 1148 cpu = cpumask_first(cpumask_of_node(nid)); 1149 c = &cpu_data(cpu); 1150 1151 p = find_patch(cpu); 1152 if (!p) 1153 continue; 1154 1155 if (c->microcode >= p->patch_id) 1156 continue; 1157 1158 ret = UCODE_NEW; 1159 } 1160 1161 return ret; 1162 } 1163 1164 static int __init save_microcode_in_initrd(void) 1165 { 1166 struct cpuinfo_x86 *c = &boot_cpu_data; 1167 struct cont_desc desc = { 0 }; 1168 unsigned int cpuid_1_eax; 1169 enum ucode_state ret; 1170 struct cpio_data cp; 1171 1172 if (microcode_loader_disabled() || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) 1173 return 0; 1174 1175 cpuid_1_eax = native_cpuid_eax(1); 1176 1177 if (!find_blobs_in_containers(&cp)) 1178 return -EINVAL; 1179 1180 scan_containers(cp.data, cp.size, &desc); 1181 if (!desc.mc) 1182 return -EINVAL; 1183 1184 ret = _load_microcode_amd(x86_family(cpuid_1_eax), desc.data, desc.size); 1185 if (ret > UCODE_UPDATED) 1186 return -EINVAL; 1187 1188 return 0; 1189 } 1190 early_initcall(save_microcode_in_initrd); 1191 1192 /* 1193 * AMD microcode firmware naming convention, up to family 15h they are in 1194 * the legacy file: 1195 * 1196 * amd-ucode/microcode_amd.bin 1197 * 1198 * This legacy file is always smaller than 2K in size. 1199 * 1200 * Beginning with family 15h, they are in family-specific firmware files: 1201 * 1202 * amd-ucode/microcode_amd_fam15h.bin 1203 * amd-ucode/microcode_amd_fam16h.bin 1204 * ... 1205 * 1206 * These might be larger than 2K. 1207 */ 1208 static enum ucode_state request_microcode_amd(int cpu, struct device *device) 1209 { 1210 char fw_name[36] = "amd-ucode/microcode_amd.bin"; 1211 struct cpuinfo_x86 *c = &cpu_data(cpu); 1212 enum ucode_state ret = UCODE_NFOUND; 1213 const struct firmware *fw; 1214 1215 if (force_minrev) 1216 return UCODE_NFOUND; 1217 1218 if (c->x86 >= 0x15) 1219 snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); 1220 1221 if (request_firmware_direct(&fw, (const char *)fw_name, device)) { 1222 ucode_dbg("failed to load file %s\n", fw_name); 1223 goto out; 1224 } 1225 1226 ret = UCODE_ERROR; 1227 if (!verify_container(fw->data, fw->size)) 1228 goto fw_release; 1229 1230 ret = load_microcode_amd(c->x86, fw->data, fw->size); 1231 1232 fw_release: 1233 release_firmware(fw); 1234 1235 out: 1236 return ret; 1237 } 1238 1239 static void microcode_fini_cpu_amd(int cpu) 1240 { 1241 struct ucode_cpu_info *uci = ucode_cpu_info + cpu; 1242 1243 uci->mc = NULL; 1244 } 1245 1246 static void finalize_late_load_amd(int result) 1247 { 1248 if (result) 1249 cleanup(); 1250 } 1251 1252 static struct microcode_ops microcode_amd_ops = { 1253 .request_microcode_fw = request_microcode_amd, 1254 .collect_cpu_info = collect_cpu_info_amd, 1255 .apply_microcode = apply_microcode_amd, 1256 .microcode_fini_cpu = microcode_fini_cpu_amd, 1257 .finalize_late_load = finalize_late_load_amd, 1258 .nmi_safe = true, 1259 }; 1260 1261 struct microcode_ops * __init init_amd_microcode(void) 1262 { 1263 struct cpuinfo_x86 *c = &boot_cpu_data; 1264 1265 if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) { 1266 pr_warn("AMD CPU family 0x%x not supported\n", c->x86); 1267 return NULL; 1268 } 1269 return µcode_amd_ops; 1270 } 1271 1272 void __exit exit_amd_microcode(void) 1273 { 1274 cleanup(); 1275 } 1276