git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Tue, 17 Oct 2023 21:24:16 +0000 (23:24 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 7 Mar 2025 15:45:54 +0000 (16:45 +0100)
commit	fba6e6fcabf31b2d996de2205f6bfd347b32ac5f
tree	c6f0df1245021add210421643eee4c34ee3313ad	tree \| snapshot
parent	287a86b4a4cbe51ed394bf0c3832be948498cabb	commit \| diff

x86/microcode: Prepare for minimal revision check

commit 9407bda845dd19756e276d4f3abc15a20777ba45 upstream

Applying microcode late can be fatal for the running kernel when the
update changes functionality which is in use already in a non-compatible
way, e.g. by removing a CPUID bit.

There is no way for admins which do not have access to the vendors deep
technical support to decide whether late loading of such a microcode is
safe or not.

Intel has added a new field to the microcode header which tells the
minimal microcode revision which is required to be active in the CPU in
order to be safe.

Provide infrastructure for handling this in the core code and a command
line switch which allows to enforce it.

If the update is considered safe the kernel is not tainted and the annoying
warning message not emitted. If it's enforced and the currently loaded
microcode revision is not safe for late loading then the load is aborted.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20231017211724.079611170@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| blame \| history
arch/x86/Kconfig		diff \| blob \| blame \| history
arch/x86/kernel/cpu/microcode/amd.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/microcode/core.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/microcode/intel.c		diff \| blob \| blame \| history
arch/x86/kernel/cpu/microcode/internal.h		diff \| blob \| blame \| history