Xen project Mailing List

Re: [Xen-devel] [PATCH 2/2] x86/microcode: Do not upload microcode if CPUs are offline

From: "Raj, Ashok" <ashok.raj@xxxxxxxxx>

Date: Fri, 13 Apr 2018 10:57:46 -0700

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Ashok Raj <ashok.raj@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx, Borislav Petkov <bp@xxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Chao Gao <chao.gao@xxxxxxxxx>

Delivery-date: Fri, 13 Apr 2018 17:58:04 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Jan + Boris On Fri, Apr 13, 2018 at 09:57:25AM -0600, Jan Beulich wrote: > >>> On 30.03.18 at 08:59, <chao.gao@xxxxxxxxx> wrote: > > This patch is to backport the patch below from linux kernel. > > > > commit 30ec26da9967d0d785abc24073129a34c3211777 > > Author: Ashok Raj <ashok.raj@xxxxxxxxx> > > Date: Wed Feb 28 11:28:43 2018 +0100 > > > > x86/microcode: Do not upload microcode if CPUs are offline > > > > Avoid loading microcode if any of the CPUs are offline, and issue a > > warning. Having different microcode revisions on the system at any > > time > > is outright dangerous. > > I'm afraid I don't fully agree - not applying an ucode update to the online > CPUs because some are offline isn't any better. Plus (while updating) > there's always going to be some discrepancy between ucode versions. > As long as we apply updates while bringing a CPU online, I think we're fine. This is the safest option. Microcode is considered part of the cpu. We don't allow cpus with different capabilities in the same system.. yes they might work, but not something we allow. In general we recommend early update. Earliest the best. - BIOS update (difficult to deploy, but some microcodes have to be done this way.) - early update from initrd.. almost same as #1, since we apply at earliest chance that's the closest and most recommended method. - late update. Before this procedure of stopping all cpus, we did have a time when some are updated and some werent uptodate yet. This synchronized update is precicely to get as close as possible to updating all of them. > > Also please consider valid cases you make not work anymore, like someone > having brought offline all sibling hyperthreads, with each core still having > one thread active. In that case an ucode update will implicitly update all > offline threads as well. Of cource we can tweak this to be much better, there are other ideas, but this is an effort to keep this simple, and also address microcode requirements post spectre for some processors. In the grand scheme of things although its interesting to allow such updates we think it may not be best practice. We want to get this working right first before getting fancy. Cheers, Ashok _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.