Bug #13891
closed
ucodeadm cannot handle latest Intel microcode
100%
Description
The latest Intel microcode from https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases contains an update file for 06-6a-05 (Xeon Scalable Gen3) which is generates an invalid header error from ucodeadm. Also, ucodeadm is not built with CTF, but having fixed that:
% pfexec dtrace -n 'pid$target::ucode_header_validate_intel:entry{print(*args[0])}' -c './ucodeadm -i -R /tmp intel-06-6a-05'
dtrace: description 'pid$target::ucode_header_validate_intel:entry' matched 1 probe
ucodeadm: intel-06-6a-05: File header is invalid
dtrace: pid 22391 exited with status 3
CPU ID FUNCTION:NAME
23 97033 ucode_header_validate_intel:entry ucode_header_intel_t {
uint32_t uh_header_ver = 0x1
uint32_t uh_rev = 0xc0002f0
uint32_t uh_date = 0x3082021
uint32_t uh_signature = 0x606a5
uint32_t uh_checksum = 0xf6b24822
uint32_t uh_loader_ver = 0x1
uint32_t uh_proc_flags = 0x87
uint32_t uh_body_size = 0x453d0
uint32_t uh_total_size = 0x45400
uint32_t [3] uh_reserved = [ 0, 0, 0 ]
}
Related issues
Updated by Andy Fiddaman almost 2 years ago
This seems because we have an arbitrary limit on microcode size of 128KiB, and this particular file has a total size of 0x45400 (277 KiB)
A quick survey across all of the microcode files shows that the two new 06-60-a5 and 06-60-a6 files are larger than others at 277 KiB, the previous biggest being 127KiB.
% for f in *; do mdb -fe '::typedef -r ../../ucodeadm; 0::print ucode_header_intel_t uh_signature; 0::print -d ucode_header_intel_t uh_total_size' $f | paste - - done | sort -tt +4 -n | tail -15 uh_signature = 0x906ec uh_total_size = 0t103424 uh_signature = 0x906ed uh_total_size = 0t103424 uh_signature = 0x806e9 uh_total_size = 0t104448 uh_signature = 0x806eb uh_total_size = 0t104448 uh_signature = 0x806ec uh_total_size = 0t104448 uh_signature = 0x906e9 uh_total_size = 0t104448 uh_signature = 0x906eb uh_total_size = 0t104448 uh_signature = 0x406e3 uh_total_size = 0t105472 uh_signature = 0x506e3 uh_total_size = 0t105472 uh_signature = 0x806c1 uh_total_size = 0t109568 uh_signature = 0x706e5 uh_total_size = 0t110592 uh_signature = 0x80665 uh_total_size = 0t130048 uh_signature = 0x80665 uh_total_size = 0t130048 uh_signature = 0x606a5 uh_total_size = 0t283648 uh_signature = 0x606a6 uh_total_size = 0t283648
Updated by Andy Fiddaman almost 2 years ago
- Status changed from New to In Progress
- Assignee set to Andy Fiddaman
- Difficulty changed from Medium to Bite-size
Updated by Andy Fiddaman almost 2 years ago
Having adjusted the maximum allowed size:
% ./ucodeadm -i -R . intel-06-6a-05 % echo $? 0 % ls -ltr total 3131 -r--r--r-- 5 af other 277K Jun 21 13:54 000606A5-80 -r--r--r-- 5 af other 277K Jun 21 13:54 000606A5-04 -r--r--r-- 5 af other 277K Jun 21 13:54 000606A5-02 -r--r--r-- 5 af other 277K Jun 21 13:54 000606A5-01
Updated by Andy Fiddaman almost 2 years ago
Picking a new maximum size just above the size of the current largest microcode blob means that we may need to further increase the size in the future, but I don't think that the Intel microcode will increase for the current generations and if the protection afforded by this maximum size is to be at all useful it needs to properly constrain firmware sizes.
However, it's likely that we'll need to revisit this at some point in the future.
Updated by Electric Monk almost 2 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit ada023d26fbb04273c643d7c7fade1b24da764fb
commit ada023d26fbb04273c643d7c7fade1b24da764fb
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date: 2021-06-23T22:05:39.000Z
13891 ucodeadm cannot handle latest Intel microcode
Reviewed by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@joyent.com>
Updated by Andy Fiddaman almost 2 years ago
- Related to Bug #13900: Update Intel microcode to 20210608 added