1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * AMD CPU Microcode Update Driver for Linux
4 *
5 * This driver allows to upgrade microcode on F10h AMD
6 * CPUs and later.
7 *
8 * Copyright (C) 2008-2011 Advanced Micro Devices Inc.
9 * 2013-2018 Borislav Petkov <[email protected]>
10 *
11 * Author: Peter Oruba <[email protected]>
12 *
13 * Based on work by:
14 * Tigran Aivazian <[email protected]>
15 *
16 * early loader:
17 * Copyright (C) 2013 Advanced Micro Devices, Inc.
18 *
19 * Author: Jacob Shin <[email protected]>
20 * Fixes: Borislav Petkov <[email protected]>
21 */
22 #define pr_fmt(fmt) "microcode: " fmt
23
24 #include <linux/earlycpio.h>
25 #include <linux/firmware.h>
26 #include <linux/bsearch.h>
27 #include <linux/uaccess.h>
28 #include <linux/vmalloc.h>
29 #include <linux/initrd.h>
30 #include <linux/kernel.h>
31 #include <linux/pci.h>
32
33 #include <crypto/sha2.h>
34
35 #include <asm/microcode.h>
36 #include <asm/processor.h>
37 #include <asm/cmdline.h>
38 #include <asm/setup.h>
39 #include <asm/cpu.h>
40 #include <asm/msr.h>
41 #include <asm/tlb.h>
42
43 #include "internal.h"
44
45 struct ucode_patch {
46 struct list_head plist;
47 void *data;
48 unsigned int size;
49 u32 patch_id;
50 u16 equiv_cpu;
51 };
52
53 static LIST_HEAD(microcode_cache);
54
55 #define UCODE_MAGIC 0x00414d44
56 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000
57 #define UCODE_UCODE_TYPE 0x00000001
58
59 #define SECTION_HDR_SIZE 8
60 #define CONTAINER_HDR_SZ 12
61
62 struct equiv_cpu_entry {
63 u32 installed_cpu;
64 u32 fixed_errata_mask;
65 u32 fixed_errata_compare;
66 u16 equiv_cpu;
67 u16 res;
68 } __packed;
69
70 struct microcode_header_amd {
71 u32 data_code;
72 u32 patch_id;
73 u16 mc_patch_data_id;
74 u8 mc_patch_data_len;
75 u8 init_flag;
76 u32 mc_patch_data_checksum;
77 u32 nb_dev_id;
78 u32 sb_dev_id;
79 u16 processor_rev_id;
80 u8 nb_rev_id;
81 u8 sb_rev_id;
82 u8 bios_api_rev;
83 u8 reserved1[3];
84 u32 match_reg[8];
85 } __packed;
86
87 struct microcode_amd {
88 struct microcode_header_amd hdr;
89 unsigned int mpb[];
90 };
91
92 static struct equiv_cpu_table {
93 unsigned int num_entries;
94 struct equiv_cpu_entry *entry;
95 } equiv_table;
96
97 union zen_patch_rev {
98 struct {
99 __u32 rev : 8,
100 stepping : 4,
101 model : 4,
102 __reserved : 4,
103 ext_model : 4,
104 ext_fam : 8;
105 };
106 __u32 ucode_rev;
107 };
108
109 union cpuid_1_eax {
110 struct {
111 __u32 stepping : 4,
112 model : 4,
113 family : 4,
114 __reserved0 : 4,
115 ext_model : 4,
116 ext_fam : 8,
117 __reserved1 : 4;
118 };
119 __u32 full;
120 };
121
122 /*
123 * This points to the current valid container of microcode patches which we will
124 * save from the initrd/builtin before jettisoning its contents. @mc is the
125 * microcode patch we found to match.
126 */
127 struct cont_desc {
128 struct microcode_amd *mc;
129 u32 psize;
130 u8 *data;
131 size_t size;
132 };
133
134 /*
135 * Microcode patch container file is prepended to the initrd in cpio
136 * format. See Documentation/arch/x86/microcode.rst
137 */
138 static const char
139 ucode_path[] __maybe_unused = "kernel/x86/microcode/AuthenticAMD.bin";
140
141 /*
142 * This is CPUID(1).EAX on the BSP. It is used in two ways:
143 *
144 * 1. To ignore the equivalence table on Zen1 and newer.
145 *
146 * 2. To match which patches to load because the patch revision ID
147 * already contains the f/m/s for which the microcode is destined
148 * for.
149 */
150 static u32 bsp_cpuid_1_eax __ro_after_init;
151
152 static bool sha_check = true;
153
154 struct patch_digest {
155 u32 patch_id;
156 u8 sha256[SHA256_DIGEST_SIZE];
157 };
158
159 #include "amd_shas.c"
160
cmp_id(const void * key,const void * elem)161 static int cmp_id(const void *key, const void *elem)
162 {
163 struct patch_digest *pd = (struct patch_digest *)elem;
164 u32 patch_id = *(u32 *)key;
165
166 if (patch_id == pd->patch_id)
167 return 0;
168 else if (patch_id < pd->patch_id)
169 return -1;
170 else
171 return 1;
172 }
173
need_sha_check(u32 cur_rev)174 static bool need_sha_check(u32 cur_rev)
175 {
176 switch (cur_rev >> 8) {
177 case 0x80012: return cur_rev <= 0x800126f; break;
178 case 0x80082: return cur_rev <= 0x800820f; break;
179 case 0x83010: return cur_rev <= 0x830107c; break;
180 case 0x86001: return cur_rev <= 0x860010e; break;
181 case 0x86081: return cur_rev <= 0x8608108; break;
182 case 0x87010: return cur_rev <= 0x8701034; break;
183 case 0x8a000: return cur_rev <= 0x8a0000a; break;
184 case 0xa0010: return cur_rev <= 0xa00107a; break;
185 case 0xa0011: return cur_rev <= 0xa0011da; break;
186 case 0xa0012: return cur_rev <= 0xa001243; break;
187 case 0xa0082: return cur_rev <= 0xa00820e; break;
188 case 0xa1011: return cur_rev <= 0xa101153; break;
189 case 0xa1012: return cur_rev <= 0xa10124e; break;
190 case 0xa1081: return cur_rev <= 0xa108109; break;
191 case 0xa2010: return cur_rev <= 0xa20102f; break;
192 case 0xa2012: return cur_rev <= 0xa201212; break;
193 case 0xa4041: return cur_rev <= 0xa404109; break;
194 case 0xa5000: return cur_rev <= 0xa500013; break;
195 case 0xa6012: return cur_rev <= 0xa60120a; break;
196 case 0xa7041: return cur_rev <= 0xa704109; break;
197 case 0xa7052: return cur_rev <= 0xa705208; break;
198 case 0xa7080: return cur_rev <= 0xa708009; break;
199 case 0xa70c0: return cur_rev <= 0xa70C009; break;
200 case 0xaa001: return cur_rev <= 0xaa00116; break;
201 case 0xaa002: return cur_rev <= 0xaa00218; break;
202 case 0xb0021: return cur_rev <= 0xb002146; break;
203 case 0xb1010: return cur_rev <= 0xb101046; break;
204 case 0xb2040: return cur_rev <= 0xb204031; break;
205 case 0xb4040: return cur_rev <= 0xb404031; break;
206 case 0xb6000: return cur_rev <= 0xb600031; break;
207 case 0xb7000: return cur_rev <= 0xb700031; break;
208 default: break;
209 }
210
211 pr_info("You should not be seeing this. Please send the following couple of lines to x86-<at>-kernel.org\n");
212 pr_info("CPUID(1).EAX: 0x%x, current revision: 0x%x\n", bsp_cpuid_1_eax, cur_rev);
213 return true;
214 }
215
verify_sha256_digest(u32 patch_id,u32 cur_rev,const u8 * data,unsigned int len)216 static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsigned int len)
217 {
218 struct patch_digest *pd = NULL;
219 u8 digest[SHA256_DIGEST_SIZE];
220 struct sha256_state s;
221 int i;
222
223 if (x86_family(bsp_cpuid_1_eax) < 0x17)
224 return true;
225
226 if (!need_sha_check(cur_rev))
227 return true;
228
229 if (!sha_check)
230 return true;
231
232 pd = bsearch(&patch_id, phashes, ARRAY_SIZE(phashes), sizeof(struct patch_digest), cmp_id);
233 if (!pd) {
234 pr_err("No sha256 digest for patch ID: 0x%x found\n", patch_id);
235 return false;
236 }
237
238 sha256_init(&s);
239 sha256_update(&s, data, len);
240 sha256_final(&s, digest);
241
242 if (memcmp(digest, pd->sha256, sizeof(digest))) {
243 pr_err("Patch 0x%x SHA256 digest mismatch!\n", patch_id);
244
245 for (i = 0; i < SHA256_DIGEST_SIZE; i++)
246 pr_cont("0x%x ", digest[i]);
247 pr_info("\n");
248
249 return false;
250 }
251
252 return true;
253 }
254
get_patch_level(void)255 static u32 get_patch_level(void)
256 {
257 u32 rev, dummy __always_unused;
258
259 native_rdmsr(MSR_AMD64_PATCH_LEVEL, rev, dummy);
260
261 return rev;
262 }
263
ucode_rev_to_cpuid(unsigned int val)264 static union cpuid_1_eax ucode_rev_to_cpuid(unsigned int val)
265 {
266 union zen_patch_rev p;
267 union cpuid_1_eax c;
268
269 p.ucode_rev = val;
270 c.full = 0;
271
272 c.stepping = p.stepping;
273 c.model = p.model;
274 c.ext_model = p.ext_model;
275 c.family = 0xf;
276 c.ext_fam = p.ext_fam;
277
278 return c;
279 }
280
find_equiv_id(struct equiv_cpu_table * et,u32 sig)281 static u16 find_equiv_id(struct equiv_cpu_table *et, u32 sig)
282 {
283 unsigned int i;
284
285 /* Zen and newer do not need an equivalence table. */
286 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
287 return 0;
288
289 if (!et || !et->num_entries)
290 return 0;
291
292 for (i = 0; i < et->num_entries; i++) {
293 struct equiv_cpu_entry *e = &et->entry[i];
294
295 if (sig == e->installed_cpu)
296 return e->equiv_cpu;
297 }
298 return 0;
299 }
300
301 /*
302 * Check whether there is a valid microcode container file at the beginning
303 * of @buf of size @buf_size.
304 */
verify_container(const u8 * buf,size_t buf_size)305 static bool verify_container(const u8 *buf, size_t buf_size)
306 {
307 u32 cont_magic;
308
309 if (buf_size <= CONTAINER_HDR_SZ) {
310 pr_debug("Truncated microcode container header.\n");
311 return false;
312 }
313
314 cont_magic = *(const u32 *)buf;
315 if (cont_magic != UCODE_MAGIC) {
316 pr_debug("Invalid magic value (0x%08x).\n", cont_magic);
317 return false;
318 }
319
320 return true;
321 }
322
323 /*
324 * Check whether there is a valid, non-truncated CPU equivalence table at the
325 * beginning of @buf of size @buf_size.
326 */
verify_equivalence_table(const u8 * buf,size_t buf_size)327 static bool verify_equivalence_table(const u8 *buf, size_t buf_size)
328 {
329 const u32 *hdr = (const u32 *)buf;
330 u32 cont_type, equiv_tbl_len;
331
332 if (!verify_container(buf, buf_size))
333 return false;
334
335 /* Zen and newer do not need an equivalence table. */
336 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
337 return true;
338
339 cont_type = hdr[1];
340 if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
341 pr_debug("Wrong microcode container equivalence table type: %u.\n",
342 cont_type);
343 return false;
344 }
345
346 buf_size -= CONTAINER_HDR_SZ;
347
348 equiv_tbl_len = hdr[2];
349 if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
350 buf_size < equiv_tbl_len) {
351 pr_debug("Truncated equivalence table.\n");
352 return false;
353 }
354
355 return true;
356 }
357
358 /*
359 * Check whether there is a valid, non-truncated microcode patch section at the
360 * beginning of @buf of size @buf_size.
361 *
362 * On success, @sh_psize returns the patch size according to the section header,
363 * to the caller.
364 */
__verify_patch_section(const u8 * buf,size_t buf_size,u32 * sh_psize)365 static bool __verify_patch_section(const u8 *buf, size_t buf_size, u32 *sh_psize)
366 {
367 u32 p_type, p_size;
368 const u32 *hdr;
369
370 if (buf_size < SECTION_HDR_SIZE) {
371 pr_debug("Truncated patch section.\n");
372 return false;
373 }
374
375 hdr = (const u32 *)buf;
376 p_type = hdr[0];
377 p_size = hdr[1];
378
379 if (p_type != UCODE_UCODE_TYPE) {
380 pr_debug("Invalid type field (0x%x) in container file section header.\n",
381 p_type);
382 return false;
383 }
384
385 if (p_size < sizeof(struct microcode_header_amd)) {
386 pr_debug("Patch of size %u too short.\n", p_size);
387 return false;
388 }
389
390 *sh_psize = p_size;
391
392 return true;
393 }
394
395 /*
396 * Check whether the passed remaining file @buf_size is large enough to contain
397 * a patch of the indicated @sh_psize (and also whether this size does not
398 * exceed the per-family maximum). @sh_psize is the size read from the section
399 * header.
400 */
__verify_patch_size(u32 sh_psize,size_t buf_size)401 static bool __verify_patch_size(u32 sh_psize, size_t buf_size)
402 {
403 u8 family = x86_family(bsp_cpuid_1_eax);
404 u32 max_size;
405
406 if (family >= 0x15)
407 goto ret;
408
409 #define F1XH_MPB_MAX_SIZE 2048
410 #define F14H_MPB_MAX_SIZE 1824
411
412 switch (family) {
413 case 0x10 ... 0x12:
414 max_size = F1XH_MPB_MAX_SIZE;
415 break;
416 case 0x14:
417 max_size = F14H_MPB_MAX_SIZE;
418 break;
419 default:
420 WARN(1, "%s: WTF family: 0x%x\n", __func__, family);
421 return false;
422 }
423
424 if (sh_psize > max_size)
425 return false;
426
427 ret:
428 /* Working with the whole buffer so < is ok. */
429 return sh_psize <= buf_size;
430 }
431
432 /*
433 * Verify the patch in @buf.
434 *
435 * Returns:
436 * negative: on error
437 * positive: patch is not for this family, skip it
438 * 0: success
439 */
verify_patch(const u8 * buf,size_t buf_size,u32 * patch_size)440 static int verify_patch(const u8 *buf, size_t buf_size, u32 *patch_size)
441 {
442 u8 family = x86_family(bsp_cpuid_1_eax);
443 struct microcode_header_amd *mc_hdr;
444 u32 sh_psize;
445 u16 proc_id;
446 u8 patch_fam;
447
448 if (!__verify_patch_section(buf, buf_size, &sh_psize))
449 return -1;
450
451 /*
452 * The section header length is not included in this indicated size
453 * but is present in the leftover file length so we need to subtract
454 * it before passing this value to the function below.
455 */
456 buf_size -= SECTION_HDR_SIZE;
457
458 /*
459 * Check if the remaining buffer is big enough to contain a patch of
460 * size sh_psize, as the section claims.
461 */
462 if (buf_size < sh_psize) {
463 pr_debug("Patch of size %u truncated.\n", sh_psize);
464 return -1;
465 }
466
467 if (!__verify_patch_size(sh_psize, buf_size)) {
468 pr_debug("Per-family patch size mismatch.\n");
469 return -1;
470 }
471
472 *patch_size = sh_psize;
473
474 mc_hdr = (struct microcode_header_amd *)(buf + SECTION_HDR_SIZE);
475 if (mc_hdr->nb_dev_id || mc_hdr->sb_dev_id) {
476 pr_err("Patch-ID 0x%08x: chipset-specific code unsupported.\n", mc_hdr->patch_id);
477 return -1;
478 }
479
480 proc_id = mc_hdr->processor_rev_id;
481 patch_fam = 0xf + (proc_id >> 12);
482 if (patch_fam != family)
483 return 1;
484
485 return 0;
486 }
487
mc_patch_matches(struct microcode_amd * mc,u16 eq_id)488 static bool mc_patch_matches(struct microcode_amd *mc, u16 eq_id)
489 {
490 /* Zen and newer do not need an equivalence table. */
491 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
492 return ucode_rev_to_cpuid(mc->hdr.patch_id).full == bsp_cpuid_1_eax;
493 else
494 return eq_id == mc->hdr.processor_rev_id;
495 }
496
497 /*
498 * This scans the ucode blob for the proper container as we can have multiple
499 * containers glued together.
500 *
501 * Returns the amount of bytes consumed while scanning. @desc contains all the
502 * data we're going to use in later stages of the application.
503 */
parse_container(u8 * ucode,size_t size,struct cont_desc * desc)504 static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc)
505 {
506 struct equiv_cpu_table table;
507 size_t orig_size = size;
508 u32 *hdr = (u32 *)ucode;
509 u16 eq_id;
510 u8 *buf;
511
512 if (!verify_equivalence_table(ucode, size))
513 return 0;
514
515 buf = ucode;
516
517 table.entry = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ);
518 table.num_entries = hdr[2] / sizeof(struct equiv_cpu_entry);
519
520 /*
521 * Find the equivalence ID of our CPU in this table. Even if this table
522 * doesn't contain a patch for the CPU, scan through the whole container
523 * so that it can be skipped in case there are other containers appended.
524 */
525 eq_id = find_equiv_id(&table, bsp_cpuid_1_eax);
526
527 buf += hdr[2] + CONTAINER_HDR_SZ;
528 size -= hdr[2] + CONTAINER_HDR_SZ;
529
530 /*
531 * Scan through the rest of the container to find where it ends. We do
532 * some basic sanity-checking too.
533 */
534 while (size > 0) {
535 struct microcode_amd *mc;
536 u32 patch_size;
537 int ret;
538
539 ret = verify_patch(buf, size, &patch_size);
540 if (ret < 0) {
541 /*
542 * Patch verification failed, skip to the next container, if
543 * there is one. Before exit, check whether that container has
544 * found a patch already. If so, use it.
545 */
546 goto out;
547 } else if (ret > 0) {
548 goto skip;
549 }
550
551 mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE);
552 if (mc_patch_matches(mc, eq_id)) {
553 desc->psize = patch_size;
554 desc->mc = mc;
555 }
556
557 skip:
558 /* Skip patch section header too: */
559 buf += patch_size + SECTION_HDR_SIZE;
560 size -= patch_size + SECTION_HDR_SIZE;
561 }
562
563 out:
564 /*
565 * If we have found a patch (desc->mc), it means we're looking at the
566 * container which has a patch for this CPU so return 0 to mean, @ucode
567 * already points to the proper container. Otherwise, we return the size
568 * we scanned so that we can advance to the next container in the
569 * buffer.
570 */
571 if (desc->mc) {
572 desc->data = ucode;
573 desc->size = orig_size - size;
574
575 return 0;
576 }
577
578 return orig_size - size;
579 }
580
581 /*
582 * Scan the ucode blob for the proper container as we can have multiple
583 * containers glued together.
584 */
scan_containers(u8 * ucode,size_t size,struct cont_desc * desc)585 static void scan_containers(u8 *ucode, size_t size, struct cont_desc *desc)
586 {
587 while (size) {
588 size_t s = parse_container(ucode, size, desc);
589 if (!s)
590 return;
591
592 /* catch wraparound */
593 if (size >= s) {
594 ucode += s;
595 size -= s;
596 } else {
597 return;
598 }
599 }
600 }
601
__apply_microcode_amd(struct microcode_amd * mc,u32 * cur_rev,unsigned int psize)602 static bool __apply_microcode_amd(struct microcode_amd *mc, u32 *cur_rev,
603 unsigned int psize)
604 {
605 unsigned long p_addr = (unsigned long)&mc->hdr.data_code;
606
607 if (!verify_sha256_digest(mc->hdr.patch_id, *cur_rev, (const u8 *)p_addr, psize))
608 return false;
609
610 native_wrmsrl(MSR_AMD64_PATCH_LOADER, p_addr);
611
612 if (x86_family(bsp_cpuid_1_eax) == 0x17) {
613 unsigned long p_addr_end = p_addr + psize - 1;
614
615 invlpg(p_addr);
616
617 /*
618 * Flush next page too if patch image is crossing a page
619 * boundary.
620 */
621 if (p_addr >> PAGE_SHIFT != p_addr_end >> PAGE_SHIFT)
622 invlpg(p_addr_end);
623 }
624
625 /* verify patch application was successful */
626 *cur_rev = get_patch_level();
627 if (*cur_rev != mc->hdr.patch_id)
628 return false;
629
630 return true;
631 }
632
get_builtin_microcode(struct cpio_data * cp)633 static bool get_builtin_microcode(struct cpio_data *cp)
634 {
635 char fw_name[36] = "amd-ucode/microcode_amd.bin";
636 u8 family = x86_family(bsp_cpuid_1_eax);
637 struct firmware fw;
638
639 if (IS_ENABLED(CONFIG_X86_32))
640 return false;
641
642 if (family >= 0x15)
643 snprintf(fw_name, sizeof(fw_name),
644 "amd-ucode/microcode_amd_fam%02hhxh.bin", family);
645
646 if (firmware_request_builtin(&fw, fw_name)) {
647 cp->size = fw.size;
648 cp->data = (void *)fw.data;
649 return true;
650 }
651
652 return false;
653 }
654
find_blobs_in_containers(struct cpio_data * ret)655 static bool __init find_blobs_in_containers(struct cpio_data *ret)
656 {
657 struct cpio_data cp;
658 bool found;
659
660 if (!get_builtin_microcode(&cp))
661 cp = find_microcode_in_initrd(ucode_path);
662
663 found = cp.data && cp.size;
664 if (found)
665 *ret = cp;
666
667 return found;
668 }
669
670 /*
671 * Early load occurs before we can vmalloc(). So we look for the microcode
672 * patch container file in initrd, traverse equivalent cpu table, look for a
673 * matching microcode patch, and update, all in initrd memory in place.
674 * When vmalloc() is available for use later -- on 64-bit during first AP load,
675 * and on 32-bit during save_microcode_in_initrd() -- we can call
676 * load_microcode_amd() to save equivalent cpu table and microcode patches in
677 * kernel heap memory.
678 */
load_ucode_amd_bsp(struct early_load_data * ed,unsigned int cpuid_1_eax)679 void __init load_ucode_amd_bsp(struct early_load_data *ed, unsigned int cpuid_1_eax)
680 {
681 struct cont_desc desc = { };
682 struct microcode_amd *mc;
683 struct cpio_data cp = { };
684 char buf[4];
685 u32 rev;
686
687 if (cmdline_find_option(boot_command_line, "microcode.amd_sha_check", buf, 4)) {
688 if (!strncmp(buf, "off", 3)) {
689 sha_check = false;
690 pr_warn_once("It is a very very bad idea to disable the blobs SHA check!\n");
691 add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK);
692 }
693 }
694
695 bsp_cpuid_1_eax = cpuid_1_eax;
696
697 rev = get_patch_level();
698 ed->old_rev = rev;
699
700 /* Needed in load_microcode_amd() */
701 ucode_cpu_info[0].cpu_sig.sig = cpuid_1_eax;
702
703 if (!find_blobs_in_containers(&cp))
704 return;
705
706 scan_containers(cp.data, cp.size, &desc);
707
708 mc = desc.mc;
709 if (!mc)
710 return;
711
712 /*
713 * Allow application of the same revision to pick up SMT-specific
714 * changes even if the revision of the other SMT thread is already
715 * up-to-date.
716 */
717 if (ed->old_rev > mc->hdr.patch_id)
718 return;
719
720 if (__apply_microcode_amd(mc, &rev, desc.psize))
721 ed->new_rev = rev;
722 }
723
patch_cpus_equivalent(struct ucode_patch * p,struct ucode_patch * n,bool ignore_stepping)724 static inline bool patch_cpus_equivalent(struct ucode_patch *p,
725 struct ucode_patch *n,
726 bool ignore_stepping)
727 {
728 /* Zen and newer hardcode the f/m/s in the patch ID */
729 if (x86_family(bsp_cpuid_1_eax) >= 0x17) {
730 union cpuid_1_eax p_cid = ucode_rev_to_cpuid(p->patch_id);
731 union cpuid_1_eax n_cid = ucode_rev_to_cpuid(n->patch_id);
732
733 if (ignore_stepping) {
734 p_cid.stepping = 0;
735 n_cid.stepping = 0;
736 }
737
738 return p_cid.full == n_cid.full;
739 } else {
740 return p->equiv_cpu == n->equiv_cpu;
741 }
742 }
743
744 /*
745 * a small, trivial cache of per-family ucode patches
746 */
cache_find_patch(struct ucode_cpu_info * uci,u16 equiv_cpu)747 static struct ucode_patch *cache_find_patch(struct ucode_cpu_info *uci, u16 equiv_cpu)
748 {
749 struct ucode_patch *p;
750 struct ucode_patch n;
751
752 n.equiv_cpu = equiv_cpu;
753 n.patch_id = uci->cpu_sig.rev;
754
755 WARN_ON_ONCE(!n.patch_id);
756
757 list_for_each_entry(p, µcode_cache, plist)
758 if (patch_cpus_equivalent(p, &n, false))
759 return p;
760
761 return NULL;
762 }
763
patch_newer(struct ucode_patch * p,struct ucode_patch * n)764 static inline int patch_newer(struct ucode_patch *p, struct ucode_patch *n)
765 {
766 /* Zen and newer hardcode the f/m/s in the patch ID */
767 if (x86_family(bsp_cpuid_1_eax) >= 0x17) {
768 union zen_patch_rev zp, zn;
769
770 zp.ucode_rev = p->patch_id;
771 zn.ucode_rev = n->patch_id;
772
773 if (zn.stepping != zp.stepping)
774 return -1;
775
776 return zn.rev > zp.rev;
777 } else {
778 return n->patch_id > p->patch_id;
779 }
780 }
781
update_cache(struct ucode_patch * new_patch)782 static void update_cache(struct ucode_patch *new_patch)
783 {
784 struct ucode_patch *p;
785 int ret;
786
787 list_for_each_entry(p, µcode_cache, plist) {
788 if (patch_cpus_equivalent(p, new_patch, true)) {
789 ret = patch_newer(p, new_patch);
790 if (ret < 0)
791 continue;
792 else if (!ret) {
793 /* we already have the latest patch */
794 kfree(new_patch->data);
795 kfree(new_patch);
796 return;
797 }
798
799 list_replace(&p->plist, &new_patch->plist);
800 kfree(p->data);
801 kfree(p);
802 return;
803 }
804 }
805 /* no patch found, add it */
806 list_add_tail(&new_patch->plist, µcode_cache);
807 }
808
free_cache(void)809 static void free_cache(void)
810 {
811 struct ucode_patch *p, *tmp;
812
813 list_for_each_entry_safe(p, tmp, µcode_cache, plist) {
814 __list_del(p->plist.prev, p->plist.next);
815 kfree(p->data);
816 kfree(p);
817 }
818 }
819
find_patch(unsigned int cpu)820 static struct ucode_patch *find_patch(unsigned int cpu)
821 {
822 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
823 u16 equiv_id = 0;
824
825 uci->cpu_sig.rev = get_patch_level();
826
827 if (x86_family(bsp_cpuid_1_eax) < 0x17) {
828 equiv_id = find_equiv_id(&equiv_table, uci->cpu_sig.sig);
829 if (!equiv_id)
830 return NULL;
831 }
832
833 return cache_find_patch(uci, equiv_id);
834 }
835
reload_ucode_amd(unsigned int cpu)836 void reload_ucode_amd(unsigned int cpu)
837 {
838 u32 rev, dummy __always_unused;
839 struct microcode_amd *mc;
840 struct ucode_patch *p;
841
842 p = find_patch(cpu);
843 if (!p)
844 return;
845
846 mc = p->data;
847
848 rev = get_patch_level();
849 if (rev < mc->hdr.patch_id) {
850 if (__apply_microcode_amd(mc, &rev, p->size))
851 pr_info_once("reload revision: 0x%08x\n", rev);
852 }
853 }
854
collect_cpu_info_amd(int cpu,struct cpu_signature * csig)855 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
856 {
857 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
858 struct ucode_patch *p;
859
860 csig->sig = cpuid_eax(0x00000001);
861 csig->rev = get_patch_level();
862
863 /*
864 * a patch could have been loaded early, set uci->mc so that
865 * mc_bp_resume() can call apply_microcode()
866 */
867 p = find_patch(cpu);
868 if (p && (p->patch_id == csig->rev))
869 uci->mc = p->data;
870
871 return 0;
872 }
873
apply_microcode_amd(int cpu)874 static enum ucode_state apply_microcode_amd(int cpu)
875 {
876 struct cpuinfo_x86 *c = &cpu_data(cpu);
877 struct microcode_amd *mc_amd;
878 struct ucode_cpu_info *uci;
879 struct ucode_patch *p;
880 enum ucode_state ret;
881 u32 rev;
882
883 BUG_ON(raw_smp_processor_id() != cpu);
884
885 uci = ucode_cpu_info + cpu;
886
887 p = find_patch(cpu);
888 if (!p)
889 return UCODE_NFOUND;
890
891 rev = uci->cpu_sig.rev;
892
893 mc_amd = p->data;
894 uci->mc = p->data;
895
896 /* need to apply patch? */
897 if (rev > mc_amd->hdr.patch_id) {
898 ret = UCODE_OK;
899 goto out;
900 }
901
902 if (!__apply_microcode_amd(mc_amd, &rev, p->size)) {
903 pr_err("CPU%d: update failed for patch_level=0x%08x\n",
904 cpu, mc_amd->hdr.patch_id);
905 return UCODE_ERROR;
906 }
907
908 rev = mc_amd->hdr.patch_id;
909 ret = UCODE_UPDATED;
910
911 out:
912 uci->cpu_sig.rev = rev;
913 c->microcode = rev;
914
915 /* Update boot_cpu_data's revision too, if we're on the BSP: */
916 if (c->cpu_index == boot_cpu_data.cpu_index)
917 boot_cpu_data.microcode = rev;
918
919 return ret;
920 }
921
load_ucode_amd_ap(unsigned int cpuid_1_eax)922 void load_ucode_amd_ap(unsigned int cpuid_1_eax)
923 {
924 unsigned int cpu = smp_processor_id();
925
926 ucode_cpu_info[cpu].cpu_sig.sig = cpuid_1_eax;
927 apply_microcode_amd(cpu);
928 }
929
install_equiv_cpu_table(const u8 * buf,size_t buf_size)930 static size_t install_equiv_cpu_table(const u8 *buf, size_t buf_size)
931 {
932 u32 equiv_tbl_len;
933 const u32 *hdr;
934
935 if (!verify_equivalence_table(buf, buf_size))
936 return 0;
937
938 hdr = (const u32 *)buf;
939 equiv_tbl_len = hdr[2];
940
941 /* Zen and newer do not need an equivalence table. */
942 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
943 goto out;
944
945 equiv_table.entry = vmalloc(equiv_tbl_len);
946 if (!equiv_table.entry) {
947 pr_err("failed to allocate equivalent CPU table\n");
948 return 0;
949 }
950
951 memcpy(equiv_table.entry, buf + CONTAINER_HDR_SZ, equiv_tbl_len);
952 equiv_table.num_entries = equiv_tbl_len / sizeof(struct equiv_cpu_entry);
953
954 out:
955 /* add header length */
956 return equiv_tbl_len + CONTAINER_HDR_SZ;
957 }
958
free_equiv_cpu_table(void)959 static void free_equiv_cpu_table(void)
960 {
961 if (x86_family(bsp_cpuid_1_eax) >= 0x17)
962 return;
963
964 vfree(equiv_table.entry);
965 memset(&equiv_table, 0, sizeof(equiv_table));
966 }
967
cleanup(void)968 static void cleanup(void)
969 {
970 free_equiv_cpu_table();
971 free_cache();
972 }
973
974 /*
975 * Return a non-negative value even if some of the checks failed so that
976 * we can skip over the next patch. If we return a negative value, we
977 * signal a grave error like a memory allocation has failed and the
978 * driver cannot continue functioning normally. In such cases, we tear
979 * down everything we've used up so far and exit.
980 */
verify_and_add_patch(u8 family,u8 * fw,unsigned int leftover,unsigned int * patch_size)981 static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
982 unsigned int *patch_size)
983 {
984 struct microcode_header_amd *mc_hdr;
985 struct ucode_patch *patch;
986 u16 proc_id;
987 int ret;
988
989 ret = verify_patch(fw, leftover, patch_size);
990 if (ret)
991 return ret;
992
993 patch = kzalloc(sizeof(*patch), GFP_KERNEL);
994 if (!patch) {
995 pr_err("Patch allocation failure.\n");
996 return -EINVAL;
997 }
998
999 patch->data = kmemdup(fw + SECTION_HDR_SIZE, *patch_size, GFP_KERNEL);
1000 if (!patch->data) {
1001 pr_err("Patch data allocation failure.\n");
1002 kfree(patch);
1003 return -EINVAL;
1004 }
1005 patch->size = *patch_size;
1006
1007 mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE);
1008 proc_id = mc_hdr->processor_rev_id;
1009
1010 INIT_LIST_HEAD(&patch->plist);
1011 patch->patch_id = mc_hdr->patch_id;
1012 patch->equiv_cpu = proc_id;
1013
1014 pr_debug("%s: Adding patch_id: 0x%08x, proc_id: 0x%04x\n",
1015 __func__, patch->patch_id, proc_id);
1016
1017 /* ... and add to cache. */
1018 update_cache(patch);
1019
1020 return 0;
1021 }
1022
1023 /* Scan the blob in @data and add microcode patches to the cache. */
__load_microcode_amd(u8 family,const u8 * data,size_t size)1024 static enum ucode_state __load_microcode_amd(u8 family, const u8 *data, size_t size)
1025 {
1026 u8 *fw = (u8 *)data;
1027 size_t offset;
1028
1029 offset = install_equiv_cpu_table(data, size);
1030 if (!offset)
1031 return UCODE_ERROR;
1032
1033 fw += offset;
1034 size -= offset;
1035
1036 if (*(u32 *)fw != UCODE_UCODE_TYPE) {
1037 pr_err("invalid type field in container file section header\n");
1038 free_equiv_cpu_table();
1039 return UCODE_ERROR;
1040 }
1041
1042 while (size > 0) {
1043 unsigned int crnt_size = 0;
1044 int ret;
1045
1046 ret = verify_and_add_patch(family, fw, size, &crnt_size);
1047 if (ret < 0)
1048 return UCODE_ERROR;
1049
1050 fw += crnt_size + SECTION_HDR_SIZE;
1051 size -= (crnt_size + SECTION_HDR_SIZE);
1052 }
1053
1054 return UCODE_OK;
1055 }
1056
_load_microcode_amd(u8 family,const u8 * data,size_t size)1057 static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t size)
1058 {
1059 enum ucode_state ret;
1060
1061 /* free old equiv table */
1062 free_equiv_cpu_table();
1063
1064 ret = __load_microcode_amd(family, data, size);
1065 if (ret != UCODE_OK)
1066 cleanup();
1067
1068 return ret;
1069 }
1070
load_microcode_amd(u8 family,const u8 * data,size_t size)1071 static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size)
1072 {
1073 struct cpuinfo_x86 *c;
1074 unsigned int nid, cpu;
1075 struct ucode_patch *p;
1076 enum ucode_state ret;
1077
1078 ret = _load_microcode_amd(family, data, size);
1079 if (ret != UCODE_OK)
1080 return ret;
1081
1082 for_each_node_with_cpus(nid) {
1083 cpu = cpumask_first(cpumask_of_node(nid));
1084 c = &cpu_data(cpu);
1085
1086 p = find_patch(cpu);
1087 if (!p)
1088 continue;
1089
1090 if (c->microcode >= p->patch_id)
1091 continue;
1092
1093 ret = UCODE_NEW;
1094 }
1095
1096 return ret;
1097 }
1098
save_microcode_in_initrd(void)1099 static int __init save_microcode_in_initrd(void)
1100 {
1101 unsigned int cpuid_1_eax = native_cpuid_eax(1);
1102 struct cpuinfo_x86 *c = &boot_cpu_data;
1103 struct cont_desc desc = { 0 };
1104 enum ucode_state ret;
1105 struct cpio_data cp;
1106
1107 if (dis_ucode_ldr || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10)
1108 return 0;
1109
1110 if (!find_blobs_in_containers(&cp))
1111 return -EINVAL;
1112
1113 scan_containers(cp.data, cp.size, &desc);
1114 if (!desc.mc)
1115 return -EINVAL;
1116
1117 ret = _load_microcode_amd(x86_family(cpuid_1_eax), desc.data, desc.size);
1118 if (ret > UCODE_UPDATED)
1119 return -EINVAL;
1120
1121 return 0;
1122 }
1123 early_initcall(save_microcode_in_initrd);
1124
1125 /*
1126 * AMD microcode firmware naming convention, up to family 15h they are in
1127 * the legacy file:
1128 *
1129 * amd-ucode/microcode_amd.bin
1130 *
1131 * This legacy file is always smaller than 2K in size.
1132 *
1133 * Beginning with family 15h, they are in family-specific firmware files:
1134 *
1135 * amd-ucode/microcode_amd_fam15h.bin
1136 * amd-ucode/microcode_amd_fam16h.bin
1137 * ...
1138 *
1139 * These might be larger than 2K.
1140 */
request_microcode_amd(int cpu,struct device * device)1141 static enum ucode_state request_microcode_amd(int cpu, struct device *device)
1142 {
1143 char fw_name[36] = "amd-ucode/microcode_amd.bin";
1144 struct cpuinfo_x86 *c = &cpu_data(cpu);
1145 enum ucode_state ret = UCODE_NFOUND;
1146 const struct firmware *fw;
1147
1148 if (force_minrev)
1149 return UCODE_NFOUND;
1150
1151 if (c->x86 >= 0x15)
1152 snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
1153
1154 if (request_firmware_direct(&fw, (const char *)fw_name, device)) {
1155 pr_debug("failed to load file %s\n", fw_name);
1156 goto out;
1157 }
1158
1159 ret = UCODE_ERROR;
1160 if (!verify_container(fw->data, fw->size))
1161 goto fw_release;
1162
1163 ret = load_microcode_amd(c->x86, fw->data, fw->size);
1164
1165 fw_release:
1166 release_firmware(fw);
1167
1168 out:
1169 return ret;
1170 }
1171
microcode_fini_cpu_amd(int cpu)1172 static void microcode_fini_cpu_amd(int cpu)
1173 {
1174 struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
1175
1176 uci->mc = NULL;
1177 }
1178
1179 static struct microcode_ops microcode_amd_ops = {
1180 .request_microcode_fw = request_microcode_amd,
1181 .collect_cpu_info = collect_cpu_info_amd,
1182 .apply_microcode = apply_microcode_amd,
1183 .microcode_fini_cpu = microcode_fini_cpu_amd,
1184 .nmi_safe = true,
1185 };
1186
init_amd_microcode(void)1187 struct microcode_ops * __init init_amd_microcode(void)
1188 {
1189 struct cpuinfo_x86 *c = &boot_cpu_data;
1190
1191 if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) {
1192 pr_warn("AMD CPU family 0x%x not supported\n", c->x86);
1193 return NULL;
1194 }
1195 return µcode_amd_ops;
1196 }
1197
exit_amd_microcode(void)1198 void __exit exit_amd_microcode(void)
1199 {
1200 cleanup();
1201 }
1202