FS#59841 - [intel-ucode] package microcode in /usr/lib/firmware/intel-ucode/

Attached to Project: Arch Linux
Opened by nl6720 (nl6720) - Tuesday, 28 August 2018, 07:56 GMT
Last edited by Christian Hesse (eworm) - Monday, 03 September 2018, 06:53 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Christian Hesse (eworm)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
The intel-ucode package only has the initramfs image for early loading. Please also package the firmware files in /usr/lib/firmware/intel-ucode/ . This should allow to update the CPU microcode without rebooting.
See "Late loading" in https://www.kernel.org/doc/Documentation/x86/microcode.txt .


Additional info:
* package version(s)
* config and/or log files etc.
intel-ucode 20180807.a-1


Steps to reproduce:
This task depends upon

Closed by  Christian Hesse (eworm)
Monday, 03 September 2018, 06:53 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Early loading is used as intended.
Comment by loqs (loqs) - Tuesday, 28 August 2018, 10:48 GMT
The microcode from the intel-ucode-with-caveats directory is not suitable for late loading it can be included but excluded from late loading by adding an extension such as .early

install -D -m0644 -t "${pkgdir}"/usr/lib/firmware/intel-ucode intel-ucode/*
cd intel-ucode-with-caveats
for microcode in *;do
install -D -m0644 -T $microcode "${pkgdir}"/usr/lib/firmware/intel-ucode/$microcode.early
done
Comment by Jan de Groot (JGC) - Tuesday, 28 August 2018, 11:11 GMT
What's the whole point of placing it there if it can't be loaded late?

Intel microcode updates need a reboot. Applying it without reboot is recipe for crashes and weird bugs.
Comment by loqs (loqs) - Tuesday, 28 August 2018, 11:19 GMT
The microcode from the intel-ucode directory of the source .tgz can be late loaded. Late loading is more risky which is why I would suggest removing from linux-firmware

# Trigger a microcode reload for configurations not using early updates
install -d "${pkgdir}/usr/lib/tmpfiles.d"
echo 'w /sys/devices/system/cpu/microcode/reload - - - - 1' \
>"${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"

Then the system administrator can decide if they want to trigger a late reload for Intel or AMD microcode.
Comment by loqs (loqs) - Tuesday, 28 August 2018, 11:25 GMT
As to why place it there I originally had it placed there from a PKGBUILD where the ucode initrds are generated on install.
Comment by nl6720 (nl6720) - Tuesday, 28 August 2018, 14:12 GMT
From releasenote in microcode-20180807.tgz:
-- intel-ucode-with-caveats/ --
This directory holds microcode that might need special handling.
BDX-ML microcode is provided in directory, because it need special commits in
the Linux kernel, otherwise, updating it might result in unexpected system
behavior.
OS vendors must ensure that the late loader patches (provided in
linux-kernel-patches\) are included in the distribution before packaging the
BDX-ML microcode for late-loading.


Anyone willing to check if the 14 patches are included in linux 4.18.5.arch1-1 & linux-lts 4.14.67-1 ? If they are, it should be safe to package the files (1 file currently) from intel-ucode-with-caveats to /usr/lib/firmware/intel-ucode/ .
Comment by loqs (loqs) - Tuesday, 28 August 2018, 17:03 GMT
I hope this demonstrate the commits are in 4.18.5 and were backported from 4.16 to 4.14.67

$ cat /tmp/linux-kernel-patches/commits
3f1f576a195aa266813cbd4ca70291deb61e0129
1008c52c09dcb23d93f8e0ea83a6246265d2cce0
42ca8082e260dcfd8afa2afa6ec1940b9d41724c
854857f5944c59a881ff607b37ed9ed41d031a3b
c182d2b7d0ca48e0d6ff16f7d883161238c447ed
91df9fdf51492aec9fed6b4cbd33160886740f47
30ec26da9967d0d785abc24073129a34c3211777
d8c3b52c00a05036e0a6b315b4b17921a7b67997
cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117
a5321aec6412b20b5ad15db2d6b916c05349dbff
2613f36ed965d0e5a595a1d931fd3b480e82d6fd
bb8c13d61a629276a162c1d2b1a20a815cbcfbb7
09e182d17e8891dd73baba961a0f5a82e9274c97
84749d83758af6576552046b215b9b7f37f9556b

$ while read -r name; do echo ${name}; git tag v4.18.5 --contains ${name}; done < /tmp/linux-kernel-patches/commits
3f1f576a195aa266813cbd4ca70291deb61e0129
v4.18.5
1008c52c09dcb23d93f8e0ea83a6246265d2cce0
v4.18.5
42ca8082e260dcfd8afa2afa6ec1940b9d41724c
v4.18.5
854857f5944c59a881ff607b37ed9ed41d031a3b
v4.18.5
c182d2b7d0ca48e0d6ff16f7d883161238c447ed
v4.18.5
91df9fdf51492aec9fed6b4cbd33160886740f47
v4.18.5
30ec26da9967d0d785abc24073129a34c3211777
v4.18.5
d8c3b52c00a05036e0a6b315b4b17921a7b67997
v4.18.5
cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117
v4.18.5
a5321aec6412b20b5ad15db2d6b916c05349dbff
v4.18.5
2613f36ed965d0e5a595a1d931fd3b480e82d6fd
v4.18.5
bb8c13d61a629276a162c1d2b1a20a815cbcfbb7
v4.18.5
09e182d17e8891dd73baba961a0f5a82e9274c97
v4.18.5
84749d83758af6576552046b215b9b7f37f9556b
v4.18.5

$ git checkout v4.14.67
HEAD is now at f4c88459f7c9 Linux 4.14.67

$ while read -r name; do echo ${name}; git log --oneline --grep ${name}; done < /tmp/linux-kernel-patches/commits
3f1f576a195aa266813cbd4ca70291deb61e0129
962e6b2d1665 x86/microcode: Propagate return value from updating functions
1008c52c09dcb23d93f8e0ea83a6246265d2cce0
00ba4bcf4b92 x86/CPU: Add a microcode loader callback
42ca8082e260dcfd8afa2afa6ec1940b9d41724c
35da0d504a98 x86/CPU: Check CPU feature bits after microcode upgrade
854857f5944c59a881ff607b37ed9ed41d031a3b
22cc8816d013 x86/microcode: Get rid of struct apply_microcode_ctx
c182d2b7d0ca48e0d6ff16f7d883161238c447ed
170f8ec16c22 x86/microcode/intel: Check microcode revision before updating sibling threads
91df9fdf51492aec9fed6b4cbd33160886740f47
1707112c82fa x86/microcode/intel: Writeback and invalidate caches before updating microcode
30ec26da9967d0d785abc24073129a34c3211777
e87c2b553a35 x86/microcode: Do not upload microcode if CPUs are offline
d8c3b52c00a05036e0a6b315b4b17921a7b67997
d2725848230d x86/microcode/intel: Look into the patch cache first
cfb52a5a09c8ae3a1dafb44ce549fde5b69e8117
509df2b865f1 x86/microcode: Request microcode on the BSP
a5321aec6412b20b5ad15db2d6b916c05349dbff
b0b1ac38e018 x86/microcode: Synchronize late microcode loading
2613f36ed965d0e5a595a1d931fd3b480e82d6fd
c81d7069dcd6 x86/microcode: Attempt late loading only when new microcode is present
bb8c13d61a629276a162c1d2b1a20a815cbcfbb7
8413a3a63d37 x86/microcode: Fix CPU synchronization routine
09e182d17e8891dd73baba961a0f5a82e9274c97
922e5129eb01 x86/microcode: Do not exit early from __reload_late()
84749d83758af6576552046b215b9b7f37f9556b
7c6bcaac737f x86/microcode/intel: Save microcode patch unconditionally
Comment by Christian Hesse (eworm) - Monday, 03 September 2018, 06:52 GMT
Intel Haswell and Broadwell CPUs have a features called TSX. This has a design flaw, and the feature is disabled by microcode update. This has to be done early as kernel crashes hard if feature is removed at runtime.
So late loading of Intel ucode is not supported. Possibly it works for some CPUs, but not for all. No idea if later updates suffer similar issues for other errata.
Note this is not related to the caveats thing in source tree. To be on the safe side we do early loading for all Intel ucode.

Loading...