1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AMD CPU Microcode Update Driver for Linux
4 *
5 * This driver allows to upgrade microcode on F10h AMD
6 * CPUs and later.
7 *
8 * Copyright (C) 2008-2011 Advanced Micro Devices Inc.
9 * 2013-2018 Borislav Petkov <bp@alien8.de>
10 *
11 * Author: Peter Oruba <peter.oruba@amd.com>
12 *
13 * Based on work by:
14 * Tigran Aivazian <aivazian.tigran@gmail.com>
15 *
16 * early loader:
17 * Copyright (C) 2013 Advanced Micro Devices, Inc.
18 *
19 * Author: Jacob Shin <jacob.shin@amd.com>
20 * Fixes: Borislav Petkov <bp@suse.de>
21 */
22 #define pr_fmt(fmt) "microcode: " fmt
23
24 #include <linux/earlycpio.h>
25 #include <linux/firmware.h>
26 #include <linux/bsearch.h>
27 #include <linux/uaccess.h>
28 #include <linux/vmalloc.h>
29 #include <linux/initrd.h>
30 #include <linux/kernel.h>
31 #include <linux/pci.h>
32
33 #include <crypto/sha2.h>
34
35 #include <asm/microcode.h>
36 #include <asm/processor.h>
37 #include <asm/cmdline.h>
38 #include <asm/setup.h>
39 #include <asm/cpu.h>
40 #include <asm/msr.h>
41 #include <asm/tlb.h>
42
43 #include "internal.h"
44
45 struct ucode_patch {
46 struct list_head plist;
47 void *data;
48 unsigned int size;
49 u32 patch_id;
50 u16 equiv_cpu;
51 };
52
53 static LIST_HEAD(microcode_cache);
54
55 #define UCODE_MAGIC 0x00414d44
56 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000
57 #define UCODE_UCODE_TYPE 0x00000001
58
59 #define SECTION_HDR_SIZE 8
60 #define CONTAINER_HDR_SZ 12
61
62 struct equiv_cpu_entry {
63 u32 installed_cpu;
64 u32 fixed_errata_mask;
65 u32 fixed_errata_compare;
66 u16 equiv_cpu;
67 u16 res;
68 } __packed;
69
70 struct microcode_header_amd {
71 u32 data_code;
72 u32 patch_id;
73 u16 mc_patch_data_id;
74 u8 mc_patch_data_len;
75 u8 init_flag;
76 u32 mc_patch_data_checksum;
77 u32 nb_dev_id;
78 u32 sb_dev_id;
79 u16 processor_rev_id;
80 u8 nb_rev_id;
81 u8 sb_rev_id;
82 u8 bios_api_rev;
83 u8 reserved1[3];
84 u32 match_reg[8];
85 } __packed;
86
87 struct microcode_amd {
88 struct microcode_header_amd hdr;
89 unsigned int mpb[];
90 };
91
92 static struct equiv_cpu_table {
93 unsigned int num_entries;
94 struct equiv_cpu_entry *entry;
95 } equiv_table;
96
97 union cpuid_1_eax {
98 struct {
99 __u32 stepping : 4,
100 model : 4,
101 family : 4,
102 __reserved0 : 4,
103 ext_model : 4,
104 ext_fam : 8,
105 __reserved1 : 4;
106 };
107 __u32 full;
108 };
109
110 /*
111 * This points to the current valid container of microcode patches which we will
112 * save from the initrd/builtin before jettisoning its contents. @mc is the
113 * microcode patch we found to match.
114 */
115 struct cont_desc {
116 struct microcode_amd *mc;
117 u32 psize;
118 u8 *data;
119 size_t size;
120 };
121
122 /*
123 * Microcode patch container file is prepended to the initrd in cpio
124 * format. See Documentation/arch/x86/microcode.rst
125 */
126 static const char
127 ucode_path[] __maybe_unused = "kernel/x86/microcode/AuthenticAMD.bin";
128
129 /*
130 * This is CPUID(1).EAX on the BSP. It is used in two ways:
131 *
132 * 1. To ignore the equivalence table on Zen1 and newer.
133 *
134 * 2. To match which patches to load because the patch revision ID
135 * already contains the f/m/s for which the microcode is destined
136 * for.
137 */
138 static u32 bsp_cpuid_1_eax __ro_after_init;
139
140 static bool sha_check = true;
141
142 struct patch_digest {
143 u32 patch_id;
144 u8 sha256[SHA256_DIGEST_SIZE];
145 };
146
147 #include "amd_shas.c"
148
cmp_id(const void * key,const void * elem)149 static int cmp_id(const void *key, const void *elem)
150 {
151 struct patch_digest *pd = (struct patch_digest *)elem;
152 u32 patch_id = *(u32 *)key;
153
154 if (patch_id == pd->patch_id)
155 return 0;
156 else if (patch_id < pd->patch_id)
157 return -1;
158 else
159 return 1;
160 }
161
cpuid_to_ucode_rev(unsigned int val)162 static u32 cpuid_to_ucode_rev(unsigned int val)
163 {
164 union zen_patch_rev p = {};
165 union cpuid_1_eax c;
166
167 c.full = val;
168
169 p.stepping = c.stepping;
170 p.model = c.model;
171 p.ext_model = c.ext_model;
172 p.ext_fam = c.ext_fam;
173
174 return p.ucode_rev;
175 }
176
need_sha_check(u32 cur_rev)177 static bool need_sha_check(u32 cur_rev)
178 {
179 if (!cur_rev) {
180 cur_rev = cpuid_to_ucode_rev(bsp_cpuid_1_eax);
181 pr_info_once("No current revision, generating the lowest one: 0x%x\n", cur_rev);
182 }
183
184 switch (cur_rev >> 8) {
185 case 0x80012: return cur_rev <= 0x800126f; break;
186 case 0x80082: return cur_rev <= 0x800820f; break;
187 case 0x83010: return cur_rev <= 0x830107c; break;
188 case 0x86001: return cur_rev <= 0x860010e; break;
189 case 0x86081: return cur_rev <= 0x8608108; break;
190 case 0x87010: return cur_rev <= 0x8701034; break;
191 case 0x8a000: return cur_rev <= 0x8a0000a; break;
192 case 0xa0010: return cur_rev <= 0xa00107a; break;
193 case 0xa0011: return cur_rev <= 0xa0011da; break;
194 case 0xa0012: return cur_rev <= 0xa001243; break;
195 case 0xa0082: return cur_rev <= 0xa00820e; break;
196 case 0xa1011: return cur_rev <= 0xa101153; break;
197 case 0xa1012: return cur_rev <= 0xa10124e; break;
198 case 0xa1081: return cur_rev <= 0xa108109; break;
199 case 0xa2010: return cur_rev <= 0xa20102f; break;
200 case 0xa2012: return cur_rev <= 0xa201212; break;
201 case 0xa4041: return cur_rev <= 0xa404109; break;
202 case 0xa5000: return cur_rev <= 0xa500013; break;
203 case 0xa6012: return cur_rev <= 0xa60120a; break;
204 case 0xa7041: return cur_rev <= 0xa704109; break;
205 case 0xa7052: return cur_rev <= 0xa705208; break;
206 case 0xa7080: return cur_rev <= 0xa708009; break;
207 case 0xa70c0: return cur_rev <= 0xa70C009; break;
208 case 0xaa001: return cur_rev <= 0xaa00116; break;
209 case 0xaa002: return cur_rev <= 0xaa00218; break;
210 case 0xb0021: return cur_rev <= 0xb002146; break;
211 case 0xb1010: return cur_rev <= 0xb101046; break;
212 case 0xb2040: return cur_rev <= 0xb204031; break;
213 case 0xb4040: return cur_rev <= 0xb404031; break;
214 case 0xb6000: return cur_rev <= 0xb600031; break;
215 case 0xb7000: return cur_rev <= 0xb700031; break;
216 default: break;
217 }
218
219 pr_info("You should not be seeing this. Please send the following couple of lines to x86-<at>-kernel.org\n");
220 pr_info("CPUID(1).EAX: 0x%x, current revision: 0x%x\n", bsp_cpuid_1_eax, cur_rev);
221 return true;
222 }
223
verify_sha256_digest(u32 patch_id,u32 cur_rev,const u8 * data,unsigned int len)224 static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsigned int len)
225 {
226 struct patch_digest *pd = NULL;
227 u8 digest[SHA256_DIGEST_SIZE];
228 struct sha256_state s;
229 int i;
230
231 if (x86_family(bsp_cpuid_1_eax) < 0x17)
232 return true;
233
234 if (!need_sha_check(cur_rev))
235 return true;
236
237 if (!sha_check)
238 return true;
239
240 pd = bsearch(&patch_id, phashes, ARRAY_SIZE(phashes), sizeof(struct patch_digest), cmp_id);
241 if (!pd) {
242 pr_err("No sha256 digest for patch ID: 0x%x found\n", patch_id);
243 return false;
244 }
245
246 sha256_init(&s);
247 sha256_update(&s, data, len);
248 sha256_final(&s, digest);
249
250 if (memcmp(digest, pd->sha256, sizeof(digest))) {
251 pr_err("Patch 0x%x SHA256 digest mismatch!\n", patch_id);
252
253 for (i = 0; i < SHA256_DIGEST_SIZE; i++)
254 pr_cont("0x%x ", digest[i]);
255 pr_info("\n");
256
257 return false;
258 }
259
260 return true;
261 }
262
get_patch_level(void)263 static u32 get_patch_level(void)
264 {
265 u32 rev, dummy __always_unused;
266
267 native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
268
269 return rev;
270 }
271
ucode_rev_to_cpuid(unsigned int val)272 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
273 {
274 union zen_patch_rev p;
275 union cpuid_1_eax c;
276
277 p.ucode_rev = val;
278 c.full = 0;
279
280 c.stepping = p.stepping;
281 c.model = p.model;
282 c.ext_model = p.ext_model;
283 c.family = 0xf;
284 c.ext_fam = p.ext_fam;
285
286 return c;
287 }
288
find_equiv_id(struct equiv_cpu_table * et,u32 sig)289 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig)
290 {
291 unsigned int i;
292
293 /* Zen and newer do not need an equivalence table. */
294 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
295 return 0;
296
297 if (!et || !et->num_entries)
298 return 0;
299
300 for (i = 0; i < et->num_entries; i++) {
301 struct equiv_cpu_entry *e = &et->entry[i];
302
303 if (sig == e->installed_cpu)
304 return e->equiv_cpu;
305 }
306 return 0;
307 }
308
309 /*
310 * Check whether there is a valid microcode container file at the beginning
311 * of @buf of size @buf_size.
312 */
verify_container(const u8 * buf,size_t buf_size)313 static bool verify_container(const u8 *buf, size_t buf_size)
314 {
315 u32 cont_magic;
316
317 if (buf_size <= CONTAINER_HDR_SZ) {
318 pr_debug("Truncated microcode container header.\n");
319 return false;
320 }
321
322 cont_magic = *(const u32 *)buf;
323 if (cont_magic != UCODE_MAGIC) {
324 pr_debug("Invalid magic value (0x%08x).\n", cont_magic);
325 return false;
326 }
327
328 return true;
329 }
330
331 /*
332 * Check whether there is a valid, non-truncated CPU equivalence table at the
333 * beginning of @buf of size @buf_size.
334 */
verify_equivalence_table(const u8 * buf,size_t buf_size)335 static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
336 {
337 const u32 *hdr = (const u32 *)buf;
338 u32 cont_type, equiv_tbl_len;
339
340 if (!verify_container(buf, buf_size))
341 return false;
342
343 /* Zen and newer do not need an equivalence table. */
344 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
345 return true;
346
347 cont_type = hdr[1];
348 if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
349 pr_debug("Wrong microcode container equivalence table type: %u.\n",
350 cont_type);
351 return false;
352 }
353
354 buf_size -= CONTAINER_HDR_SZ;
355
356 equiv_tbl_len = hdr[2];
357 if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
358 buf_size < equiv_tbl_len) {
359 pr_debug("Truncated equivalence table.\n");
360 return false;
361 }
362
363 return true;
364 }
365
366 /*
367 * Check whether there is a valid, non-truncated microcode patch section at the
368 * beginning of @buf of size @buf_size.
369 *
370 * On success, @sh_psize returns the patch size according to the section header,
371 * to the caller.
372 */
__verify_patch_section(const u8 * buf,size_t buf_size,u32 * sh_psize)373 static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize)
374 {
375 u32 p_type, p_size;
376 const u32 *hdr;
377
378 if (buf_size < SECTION_HDR_SIZE) {
379 pr_debug("Truncated patch section.\n");
380 return false;
381 }
382
383 hdr = (const u32 *)buf;
384 p_type = hdr[0];
385 p_size = hdr[1];
386
387 if (p_type != UCODE_UCODE_TYPE) {
388 pr_debug("Invalid type field (0x%x) in container file section header.\n",
389 p_type);
390 return false;
391 }
392
393 if (p_size < sizeof(struct microcode_header_amd)) {
394 pr_debug("Patch of size %u too short.\n", p_size);
395 return false;
396 }
397
398 *sh_psize = p_size;
399
400 return true;
401 }
402
403 /*
404 * Check whether the passed remaining file @buf_size is large enough to contain
405 * a patch of the indicated @sh_psize (and also whether this size does not
406 * exceed the per-family maximum). @sh_psize is the size read from the section
407 * header.
408 */
__verify_patch_size(u32 sh_psize,size_t buf_size)409 static unsigned int __verify_patch_size(u32 sh_psize, size_t buf_size)
410 {
411 u8 family = x86_family(bsp_cpuid_1_eax);
412 u32 max_size;
413
414 if (family >= 0x15)
415 return min_t(u32, sh_psize, buf_size);
416
417 #define F1XH_MPB_MAX_SIZE 2048
418 #define F14H_MPB_MAX_SIZE 1824
419
420 switch (family) {
421 case 0x10 ... 0x12:
422 max_size = F1XH_MPB_MAX_SIZE;
423 break;
424 case 0x14:
425 max_size = F14H_MPB_MAX_SIZE;
426 break;
427 default:
428 WARN(1, "%s: WTF family: 0x%x\n", __func__, family);
429 return 0;
430 }
431
432 if (sh_psize > min_t(u32, buf_size, max_size))
433 return 0;
434
435 return sh_psize;
436 }
437
438 /*
439 * Verify the patch in @buf.
440 *
441 * Returns:
442 * negative: on error
443 * positive: patch is not for this family, skip it
444 * 0: success
445 */
verify_patch(const u8 * buf,size_t buf_size,u32 * patch_size)446 static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
447 {
448 u8 family = x86_family(bsp_cpuid_1_eax);
449 struct microcode_header_amd *mc_hdr;
450 unsigned int ret;
451 u32 sh_psize;
452 u16 proc_id;
453 u8 patch_fam;
454
455 if (!__verify_patch_section(buf, buf_size, &sh_psize))
456 return -1;
457
458 /*
459 * The section header length is not included in this indicated size
460 * but is present in the leftover file length so we need to subtract
461 * it before passing this value to the function below.
462 */
463 buf_size -= SECTION_HDR_SIZE;
464
465 /*
466 * Check if the remaining buffer is big enough to contain a patch of
467 * size sh_psize, as the section claims.
468 */
469 if (buf_size < sh_psize) {
470 pr_debug("Patch of size %u truncated.\n", sh_psize);
471 return -1;
472 }
473
474 ret = __verify_patch_size(sh_psize, buf_size);
475 if (!ret) {
476 pr_debug("Per-family patch size mismatch.\n");
477 return -1;
478 }
479
480 *patch_size = sh_psize;
481
482 mc_hdr = (struct microcode_header_amd *)(buf + SECTION_HDR_SIZE);
483 if (mc_hdr->nb_dev_id || mc_hdr->sb_dev_id) {
484 pr_err("Patch-ID 0x%08x: chipset-specific code unsupported.\n", mc_hdr->patch_id);
485 return -1;
486 }
487
488 proc_id = mc_hdr->processor_rev_id;
489 patch_fam = 0xf + (proc_id >> 12);
490 if (patch_fam != family)
491 return 1;
492
493 return 0;
494 }
495
mc_patch_matches(struct microcode_amd * mc,u16 eq_id)496 static bool mc_patch_matches(struct microcode_amd *mc, u16 eq_id)
497 {
498 /* Zen and newer do not need an equivalence table. */
499 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
500 return ucode_rev_to_cpuid(mc->hdr.patch_id).full == bsp_cpuid_1_eax;
501 else
502 return eq_id == mc->hdr.processor_rev_id;
503 }
504
505 /*
506 * This scans the ucode blob for the proper container as we can have multiple
507 * containers glued together. Returns the equivalence ID from the equivalence
508 * table or 0 if none found.
509 * Returns the amount of bytes consumed while scanning. @desc contains all the
510 * data we're going to use in later stages of the application.
511 */
parse_container(u8 * ucode,size_t size,struct cont_desc * desc)512 static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc)
513 {
514 struct equiv_cpu_table table;
515 size_t orig_size = size;
516 u32 *hdr = (u32 *)ucode;
517 u16 eq_id;
518 u8 *buf;
519
520 if (!verify_equivalence_table(ucode, size))
521 return 0;
522
523 buf = ucode;
524
525 table.entry = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ);
526 table.num_entries = hdr[2] / sizeof(struct equiv_cpu_entry);
527
528 /*
529 * Find the equivalence ID of our CPU in this table. Even if this table
530 * doesn't contain a patch for the CPU, scan through the whole container
531 * so that it can be skipped in case there are other containers appended.
532 */
533 eq_id = find_equiv_id(&table, bsp_cpuid_1_eax);
534
535 buf += hdr[2] + CONTAINER_HDR_SZ;
536 size -= hdr[2] + CONTAINER_HDR_SZ;
537
538 /*
539 * Scan through the rest of the container to find where it ends. We do
540 * some basic sanity-checking too.
541 */
542 while (size > 0) {
543 struct microcode_amd *mc;
544 u32 patch_size;
545 int ret;
546
547 ret = verify_patch(buf, size, &patch_size);
548 if (ret < 0) {
549 /*
550 * Patch verification failed, skip to the next container, if
551 * there is one. Before exit, check whether that container has
552 * found a patch already. If so, use it.
553 */
554 goto out;
555 } else if (ret > 0) {
556 goto skip;
557 }
558
559 mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE);
560 if (mc_patch_matches(mc, eq_id)) {
561 desc->psize = patch_size;
562 desc->mc = mc;
563 }
564
565 skip:
566 /* Skip patch section header too: */
567 buf += patch_size + SECTION_HDR_SIZE;
568 size -= patch_size + SECTION_HDR_SIZE;
569 }
570
571 out:
572 /*
573 * If we have found a patch (desc->mc), it means we're looking at the
574 * container which has a patch for this CPU so return 0 to mean, @ucode
575 * already points to the proper container. Otherwise, we return the size
576 * we scanned so that we can advance to the next container in the
577 * buffer.
578 */
579 if (desc->mc) {
580 desc->data = ucode;
581 desc->size = orig_size - size;
582
583 return 0;
584 }
585
586 return orig_size - size;
587 }
588
589 /*
590 * Scan the ucode blob for the proper container as we can have multiple
591 * containers glued together.
592 */
scan_containers(u8 * ucode,size_t size,struct cont_desc * desc)593 static void scan_containers(u8 *ucode, size_t size, struct cont_desc *desc)
594 {
595 while (size) {
596 size_t s = parse_container(ucode, size, desc);
597 if (!s)
598 return;
599
600 /* catch wraparound */
601 if (size >= s) {
602 ucode += s;
603 size -= s;
604 } else {
605 return;
606 }
607 }
608 }
609
__apply_microcode_amd(struct microcode_amd * mc,u32 * cur_rev,unsigned int psize)610 static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev,
611 unsigned int psize)
612 {
613 unsigned long p_addr = (unsigned long)&mc->hdr.data_code;
614
615 if (!verify_sha256_digest(mc->hdr.patch_id, *cur_rev, (const u8 *)p_addr, psize))
616 return false;
617
618 native_wrmsrl(MSR_AMD64_PATCH_LOADER, p_addr);
619
620 if (x86_family(bsp_cpuid_1_eax) == 0x17) {
621 unsigned long p_addr_end = p_addr + psize - 1;
622
623 invlpg(p_addr);
624
625 /*
626 * Flush next page too if patch image is crossing a page
627 * boundary.
628 */
629 if (p_addr >> PAGE_SHIFT != p_addr_end >> PAGE_SHIFT)
630 invlpg(p_addr_end);
631 }
632
633 /* verify patch application was successful */
634 *cur_rev = get_patch_level();
635 if (*cur_rev != mc->hdr.patch_id)
636 return false;
637
638 return true;
639 }
640
641
get_builtin_microcode(struct cpio_data * cp)642 static bool get_builtin_microcode(struct cpio_data *cp)
643 {
644 char fw_name[36] = "amd-ucode/microcode_amd.bin";
645 u8 family = x86_family(bsp_cpuid_1_eax);
646 struct firmware fw;
647
648 if (IS_ENABLED(CONFIG_X86_32))
649 return false;
650
651 if (family >= 0x15)
652 snprintf(fw_name, sizeof(fw_name),
653 "amd-ucode/microcode_amd_fam%02hhxh.bin", family);
654
655 if (firmware_request_builtin(&fw, fw_name)) {
656 cp->size = fw.size;
657 cp->data = (void *)fw.data;
658 return true;
659 }
660
661 return false;
662 }
663
find_blobs_in_containers(struct cpio_data * ret)664 static bool __init find_blobs_in_containers(struct cpio_data *ret)
665 {
666 struct cpio_data cp;
667 bool found;
668
669 if (!get_builtin_microcode(&cp))
670 cp = find_microcode_in_initrd(ucode_path);
671
672 found = cp.data && cp.size;
673 if (found)
674 *ret = cp;
675
676 return found;
677 }
678
679 /*
680 * Early load occurs before we can vmalloc(). So we look for the microcode
681 * patch container file in initrd, traverse equivalent cpu table, look for a
682 * matching microcode patch, and update, all in initrd memory in place.
683 * When vmalloc() is available for use later -- on 64-bit during first AP load,
684 * and on 32-bit during save_microcode_in_initrd() -- we can call
685 * load_microcode_amd() to save equivalent cpu table and microcode patches in
686 * kernel heap memory.
687 */
load_ucode_amd_bsp(struct early_load_data * ed,unsigned int cpuid_1_eax)688 void __init load_ucode_amd_bsp(struct early_load_data *ed, unsigned int cpuid_1_eax)
689 {
690 struct cont_desc desc = { };
691 struct microcode_amd *mc;
692 struct cpio_data cp = { };
693 char buf[4];
694 u32 rev;
695
696 if (cmdline_find_option(boot_command_line, "microcode.amd_sha_check", buf, 4)) {
697 if (!strncmp(buf, "off", 3)) {
698 sha_check = false;
699 pr_warn_once("It is a very very bad idea to disable the blobs SHA check!\n");
700 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
701 }
702 }
703
704 bsp_cpuid_1_eax = cpuid_1_eax;
705
706 rev = get_patch_level();
707 ed->old_rev = rev;
708
709 /* Needed in load_microcode_amd() */
710 ucode_cpu_info[0].cpu_sig.sig = cpuid_1_eax;
711
712 if (!find_blobs_in_containers(&cp))
713 return;
714
715 scan_containers(cp.data, cp.size, &desc);
716
717 mc = desc.mc;
718 if (!mc)
719 return;
720
721 /*
722 * Allow application of the same revision to pick up SMT-specific
723 * changes even if the revision of the other SMT thread is already
724 * up-to-date.
725 */
726 if (ed->old_rev > mc->hdr.patch_id)
727 return;
728
729 if (__apply_microcode_amd(mc, &rev, desc.psize))
730 ed->new_rev = rev;
731 }
732
patch_cpus_equivalent(struct ucode_patch * p,struct ucode_patch * n,bool ignore_stepping)733 static inline bool patch_cpus_equivalent(struct ucode_patch *p,
734 struct ucode_patch *n,
735 bool ignore_stepping)
736 {
737 /* Zen and newer hardcode the f/m/s in the patch ID */
738 if (x86_family(bsp_cpuid_1_eax) >= 0x17) {
739 union cpuid_1_eax p_cid = ucode_rev_to_cpuid(p->patch_id);
740 union cpuid_1_eax n_cid = ucode_rev_to_cpuid(n->patch_id);
741
742 if (ignore_stepping) {
743 p_cid.stepping = 0;
744 n_cid.stepping = 0;
745 }
746
747 return p_cid.full == n_cid.full;
748 } else {
749 return p->equiv_cpu == n->equiv_cpu;
750 }
751 }
752
753 /*
754 * a small, trivial cache of per-family ucode patches
755 */
cache_find_patch(struct ucode_cpu_info * uci,u16 equiv_cpu)756 static struct ucode_patch *cache_find_patch(struct ucode_cpu_info *uci, u16 equiv_cpu)
757 {
758 struct ucode_patch *p;
759 struct ucode_patch n;
760
761 n.equiv_cpu = equiv_cpu;
762 n.patch_id = uci->cpu_sig.rev;
763
764 list_for_each_entry(p, µcode_cache, plist)
765 if (patch_cpus_equivalent(p, &n, false))
766 return p;
767
768 return NULL;
769 }
770
patch_newer(struct ucode_patch * p,struct ucode_patch * n)771 static inline int patch_newer(struct ucode_patch *p, struct ucode_patch *n)
772 {
773 /* Zen and newer hardcode the f/m/s in the patch ID */
774 if (x86_family(bsp_cpuid_1_eax) >= 0x17) {
775 union zen_patch_rev zp, zn;
776
777 zp.ucode_rev = p->patch_id;
778 zn.ucode_rev = n->patch_id;
779
780 if (zn.stepping != zp.stepping)
781 return -1;
782
783 return zn.rev > zp.rev;
784 } else {
785 return n->patch_id > p->patch_id;
786 }
787 }
788
update_cache(struct ucode_patch * new_patch)789 static void update_cache(struct ucode_patch *new_patch)
790 {
791 struct ucode_patch *p;
792 int ret;
793
794 list_for_each_entry(p, µcode_cache, plist) {
795 if (patch_cpus_equivalent(p, new_patch, true)) {
796 ret = patch_newer(p, new_patch);
797 if (ret < 0)
798 continue;
799 else if (!ret) {
800 /* we already have the latest patch */
801 kfree(new_patch->data);
802 kfree(new_patch);
803 return;
804 }
805
806 list_replace(&p->plist, &new_patch->plist);
807 kfree(p->data);
808 kfree(p);
809 return;
810 }
811 }
812 /* no patch found, add it */
813 list_add_tail(&new_patch->plist, µcode_cache);
814 }
815
free_cache(void)816 static void free_cache(void)
817 {
818 struct ucode_patch *p, *tmp;
819
820 list_for_each_entry_safe(p, tmp, µcode_cache, plist) {
821 __list_del(p->plist.prev, p->plist.next);
822 kfree(p->data);
823 kfree(p);
824 }
825 }
826
find_patch(unsigned int cpu)827 static struct ucode_patch *find_patch(unsigned int cpu)
828 {
829 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
830 u16 equiv_id = 0;
831
832 uci->cpu_sig.rev = get_patch_level();
833
834 if (x86_family(bsp_cpuid_1_eax) < 0x17) {
835 equiv_id = find_equiv_id(&equiv_table, uci->cpu_sig.sig);
836 if (!equiv_id)
837 return NULL;
838 }
839
840 return cache_find_patch(uci, equiv_id);
841 }
842
reload_ucode_amd(unsigned int cpu)843 void reload_ucode_amd(unsigned int cpu)
844 {
845 u32 rev, dummy __always_unused;
846 struct microcode_amd *mc;
847 struct ucode_patch *p;
848
849 p = find_patch(cpu);
850 if (!p)
851 return;
852
853 mc = p->data;
854
855 rev = get_patch_level();
856 if (rev < mc->hdr.patch_id) {
857 if (__apply_microcode_amd(mc, &rev, p->size))
858 pr_info_once("reload revision: 0x%08x\n", rev);
859 }
860 }
861
collect_cpu_info_amd(int cpu,struct cpu_signature * csig)862 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
863 {
864 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
865 struct ucode_patch *p;
866
867 csig->sig = cpuid_eax(0x00000001);
868 csig->rev = get_patch_level();
869
870 /*
871 * a patch could have been loaded early, set uci->mc so that
872 * mc_bp_resume() can call apply_microcode()
873 */
874 p = find_patch(cpu);
875 if (p && (p->patch_id == csig->rev))
876 uci->mc = p->data;
877
878 return 0;
879 }
880
apply_microcode_amd(int cpu)881 static enum ucode_state apply_microcode_amd(int cpu)
882 {
883 struct cpuinfo_x86 *c = &cpu_data(cpu);
884 struct microcode_amd *mc_amd;
885 struct ucode_cpu_info *uci;
886 struct ucode_patch *p;
887 enum ucode_state ret;
888 u32 rev;
889
890 BUG_ON(raw_smp_processor_id() != cpu);
891
892 uci = ucode_cpu_info + cpu;
893
894 p = find_patch(cpu);
895 if (!p)
896 return UCODE_NFOUND;
897
898 rev = uci->cpu_sig.rev;
899
900 mc_amd = p->data;
901 uci->mc = p->data;
902
903 /* need to apply patch? */
904 if (rev > mc_amd->hdr.patch_id) {
905 ret = UCODE_OK;
906 goto out;
907 }
908
909 if (!__apply_microcode_amd(mc_amd, &rev, p->size)) {
910 pr_err("CPU%d: update failed for patch_level=0x%08x\n",
911 cpu, mc_amd->hdr.patch_id);
912 return UCODE_ERROR;
913 }
914
915 rev = mc_amd->hdr.patch_id;
916 ret = UCODE_UPDATED;
917
918 out:
919 uci->cpu_sig.rev = rev;
920 c->microcode = rev;
921
922 /* Update boot_cpu_data's revision too, if we're on the BSP: */
923 if (c->cpu_index == boot_cpu_data.cpu_index)
924 boot_cpu_data.microcode = rev;
925
926 return ret;
927 }
928
load_ucode_amd_ap(unsigned int cpuid_1_eax)929 void load_ucode_amd_ap(unsigned int cpuid_1_eax)
930 {
931 unsigned int cpu = smp_processor_id();
932
933 ucode_cpu_info[cpu].cpu_sig.sig = cpuid_1_eax;
934 apply_microcode_amd(cpu);
935 }
936
install_equiv_cpu_table(const u8 * buf,size_t buf_size)937 static size_t install_equiv_cpu_table(const u8 *buf, size_t buf_size)
938 {
939 u32 equiv_tbl_len;
940 const u32 *hdr;
941
942 if (!verify_equivalence_table(buf, buf_size))
943 return 0;
944
945 hdr = (const u32 *)buf;
946 equiv_tbl_len = hdr[2];
947
948 /* Zen and newer do not need an equivalence table. */
949 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
950 goto out;
951
952 equiv_table.entry = vmalloc(equiv_tbl_len);
953 if (!equiv_table.entry) {
954 pr_err("failed to allocate equivalent CPU table\n");
955 return 0;
956 }
957
958 memcpy(equiv_table.entry, buf + CONTAINER_HDR_SZ, equiv_tbl_len);
959 equiv_table.num_entries = equiv_tbl_len / sizeof(struct equiv_cpu_entry);
960
961 out:
962 /* add header length */
963 return equiv_tbl_len + CONTAINER_HDR_SZ;
964 }
965
free_equiv_cpu_table(void)966 static void free_equiv_cpu_table(void)
967 {
968 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
969 return;
970
971 vfree(equiv_table.entry);
972 memset(&equiv_table, 0, sizeof(equiv_table));
973 }
974
cleanup(void)975 static void cleanup(void)
976 {
977 free_equiv_cpu_table();
978 free_cache();
979 }
980
981 /*
982 * Return a non-negative value even if some of the checks failed so that
983 * we can skip over the next patch. If we return a negative value, we
984 * signal a grave error like a memory allocation has failed and the
985 * driver cannot continue functioning normally. In such cases, we tear
986 * down everything we've used up so far and exit.
987 */
verify_and_add_patch(u8 family,u8 * fw,unsigned int leftover,unsigned int * patch_size)988 static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
989 unsigned int *patch_size)
990 {
991 struct microcode_header_amd *mc_hdr;
992 struct ucode_patch *patch;
993 u16 proc_id;
994 int ret;
995
996 ret = verify_patch(fw, leftover, patch_size);
997 if (ret)
998 return ret;
999
1000 patch = kzalloc(sizeof(*patch), GFP_KERNEL);
1001 if (!patch) {
1002 pr_err("Patch allocation failure.\n");
1003 return -EINVAL;
1004 }
1005
1006 patch->data = kmemdup(fw + SECTION_HDR_SIZE, *patch_size, GFP_KERNEL);
1007 if (!patch->data) {
1008 pr_err("Patch data allocation failure.\n");
1009 kfree(patch);
1010 return -EINVAL;
1011 }
1012 patch->size = *patch_size;
1013
1014 mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE);
1015 proc_id = mc_hdr->processor_rev_id;
1016
1017 INIT_LIST_HEAD(&patch->plist);
1018 patch->patch_id = mc_hdr->patch_id;
1019 patch->equiv_cpu = proc_id;
1020
1021 pr_debug("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
1022 __func__, patch->patch_id, proc_id);
1023
1024 /* ... and add to cache. */
1025 update_cache(patch);
1026
1027 return 0;
1028 }
1029
1030 /* Scan the blob in @data and add microcode patches to the cache. */
__load_microcode_amd(u8 family,const u8 * data,size_t size)1031 static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, size_t size)
1032 {
1033 u8 *fw = (u8 *)data;
1034 size_t offset;
1035
1036 offset = install_equiv_cpu_table(data, size);
1037 if (!offset)
1038 return UCODE_ERROR;
1039
1040 fw += offset;
1041 size -= offset;
1042
1043 if (*(u32 *)fw != UCODE_UCODE_TYPE) {
1044 pr_err("invalid type field in container file section header\n");
1045 free_equiv_cpu_table();
1046 return UCODE_ERROR;
1047 }
1048
1049 while (size > 0) {
1050 unsigned int crnt_size = 0;
1051 int ret;
1052
1053 ret = verify_and_add_patch(family, fw, size, &crnt_size);
1054 if (ret < 0)
1055 return UCODE_ERROR;
1056
1057 fw += crnt_size + SECTION_HDR_SIZE;
1058 size -= (crnt_size + SECTION_HDR_SIZE);
1059 }
1060
1061 return UCODE_OK;
1062 }
1063
_load_microcode_amd(u8 family,const u8 * data,size_t size)1064 static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t size)
1065 {
1066 enum ucode_state ret;
1067
1068 /* free old equiv table */
1069 free_equiv_cpu_table();
1070
1071 ret = __load_microcode_amd(family, data, size);
1072 if (ret != UCODE_OK)
1073 cleanup();
1074
1075 return ret;
1076 }
1077
load_microcode_amd(u8 family,const u8 * data,size_t size)1078 static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size)
1079 {
1080 struct cpuinfo_x86 *c;
1081 unsigned int nid, cpu;
1082 struct ucode_patch *p;
1083 enum ucode_state ret;
1084
1085 ret = _load_microcode_amd(family, data, size);
1086 if (ret != UCODE_OK)
1087 return ret;
1088
1089 for_each_node_with_cpus(nid) {
1090 cpu = cpumask_first(cpumask_of_node(nid));
1091 c = &cpu_data(cpu);
1092
1093 p = find_patch(cpu);
1094 if (!p)
1095 continue;
1096
1097 if (c->microcode >= p->patch_id)
1098 continue;
1099
1100 ret = UCODE_NEW;
1101 }
1102
1103 return ret;
1104 }
1105
save_microcode_in_initrd(void)1106 static int __init save_microcode_in_initrd(void)
1107 {
1108 struct cpuinfo_x86 *c = &boot_cpu_data;
1109 struct cont_desc desc = { 0 };
1110 unsigned int cpuid_1_eax;
1111 enum ucode_state ret;
1112 struct cpio_data cp;
1113
1114 if (microcode_loader_disabled() || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10)
1115 return 0;
1116
1117 cpuid_1_eax = native_cpuid_eax(1);
1118
1119 if (!find_blobs_in_containers(&cp))
1120 return -EINVAL;
1121
1122 scan_containers(cp.data, cp.size, &desc);
1123 if (!desc.mc)
1124 return -EINVAL;
1125
1126 ret = _load_microcode_amd(x86_family(cpuid_1_eax), desc.data, desc.size);
1127 if (ret > UCODE_UPDATED)
1128 return -EINVAL;
1129
1130 return 0;
1131 }
1132 early_initcall(save_microcode_in_initrd);
1133
1134 /*
1135 * AMD microcode firmware naming convention, up to family 15h they are in
1136 * the legacy file:
1137 *
1138 * amd-ucode/microcode_amd.bin
1139 *
1140 * This legacy file is always smaller than 2K in size.
1141 *
1142 * Beginning with family 15h, they are in family-specific firmware files:
1143 *
1144 * amd-ucode/microcode_amd_fam15h.bin
1145 * amd-ucode/microcode_amd_fam16h.bin
1146 * ...
1147 *
1148 * These might be larger than 2K.
1149 */
request_microcode_amd(int cpu,struct device * device)1150 static enum ucode_state request_microcode_amd(int cpu, struct device *device)
1151 {
1152 char fw_name[36] = "amd-ucode/microcode_amd.bin";
1153 struct cpuinfo_x86 *c = &cpu_data(cpu);
1154 enum ucode_state ret = UCODE_NFOUND;
1155 const struct firmware *fw;
1156
1157 if (force_minrev)
1158 return UCODE_NFOUND;
1159
1160 if (c->x86 >= 0x15)
1161 snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
1162
1163 if (request_firmware_direct(&fw, (const char *)fw_name, device)) {
1164 pr_debug("failed to load file %s\n", fw_name);
1165 goto out;
1166 }
1167
1168 ret = UCODE_ERROR;
1169 if (!verify_container(fw->data, fw->size))
1170 goto fw_release;
1171
1172 ret = load_microcode_amd(c->x86, fw->data, fw->size);
1173
1174 fw_release:
1175 release_firmware(fw);
1176
1177 out:
1178 return ret;
1179 }
1180
microcode_fini_cpu_amd(int cpu)1181 static void microcode_fini_cpu_amd(int cpu)
1182 {
1183 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
1184
1185 uci->mc = NULL;
1186 }
1187
1188 static struct microcode_ops microcode_amd_ops = {
1189 .request_microcode_fw = request_microcode_amd,
1190 .collect_cpu_info = collect_cpu_info_amd,
1191 .apply_microcode = apply_microcode_amd,
1192 .microcode_fini_cpu = microcode_fini_cpu_amd,
1193 .nmi_safe = true,
1194 };
1195
init_amd_microcode(void)1196 struct microcode_ops * __init init_amd_microcode(void)
1197 {
1198 struct cpuinfo_x86 *c = &boot_cpu_data;
1199
1200 if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) {
1201 pr_warn("AMD CPU family 0x%x not supported\n", c->x86);
1202 return NULL;
1203 }
1204 return µcode_amd_ops;
1205 }
1206
exit_amd_microcode(void)1207 void __exit exit_amd_microcode(void)
1208 {
1209 cleanup();
1210 }
1211