AMD CPUs Are Safe For Late-Loading Microcode, Will No Longer Taint The Linux Kernel
Late loading of CPU microcode on Intel processors has been called "dangerous" due to synchronization issues on CPUs with SMT / Hyper Threading, the potential for disappearing model specific registers (MSRs) with updated microcode, machine check handling issues, and interrupt handling issues.
"Late loading is done when the system is fully operational and running real workloads. Late loading behavior depends on what the base patch on the CPU is before upgrading to the new patch.
This is true for Intel CPUs.
Consider, for example, a CPU has patch level 1 and the update is to patch level 3.
Between patch1 and patch3, patch2 might have deprecated a software-visible feature.
This is unacceptable if software is even potentially using that feature. For instance, say MSR_X is no longer available after an update, accessing that MSR will cause a #GP fault.
Basically there is no way to declare a new microcode update suitable for late-loading. This is another one of the problems that caused late loading to be not enabled by default."
The Linux kernel microcode documentation lays out all of the details on late-loading for those interested.
Sent out today by Borislav Petkov of AMD is a declaration that microcode late-loading is safe on AMD systems and to no longer taint the Linux kernel in such an event.
"Late loading on AMD does not have the concurrency issues described above: when loading is attempted on T0, the T1 is quiesced and does not execute instructions. Therefore, even if a higher priority interrupt or a fault happens, the whole core will see it either before the microcode patch has been applied or after. In either case, T0 and T1 will have the same microcode revision and nothing intermediate."
So with this pending patch, the CPU microcode updating on late-loading will only trigger a kernel taint for non-AMD systems. Ideally though all CPU microcode updates should be early-loaded during boot time.
8 Comments
