Project

General

Profile

Actions

Bug #13891

closed

ucodeadm cannot handle latest Intel microcode

Added by Andy Fiddaman 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

The latest Intel microcode from https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases contains an update file for 06-6a-05 (Xeon Scalable Gen3) which is generates an invalid header error from ucodeadm. Also, ucodeadm is not built with CTF, but having fixed that:

% pfexec dtrace -n 'pid$target::ucode_header_validate_intel:entry{print(*args[0])}' -c './ucodeadm -i -R /tmp intel-06-6a-05'
dtrace: description 'pid$target::ucode_header_validate_intel:entry' matched 1 probe
ucodeadm: intel-06-6a-05: File header is invalid
dtrace: pid 22391 exited with status 3
CPU     ID                    FUNCTION:NAME
 23  97033 ucode_header_validate_intel:entry ucode_header_intel_t {
    uint32_t uh_header_ver = 0x1
    uint32_t uh_rev = 0xc0002f0
    uint32_t uh_date = 0x3082021
    uint32_t uh_signature = 0x606a5
    uint32_t uh_checksum = 0xf6b24822
    uint32_t uh_loader_ver = 0x1
    uint32_t uh_proc_flags = 0x87
    uint32_t uh_body_size = 0x453d0
    uint32_t uh_total_size = 0x45400
    uint32_t [3] uh_reserved = [ 0, 0, 0 ]
}


Related issues

Related to illumos gate - Bug #13900: Update Intel microcode to 20210608ClosedAndy Fiddaman

Actions
Actions #1

Updated by Andy Fiddaman 4 months ago

This seems because we have an arbitrary limit on microcode size of 128KiB, and this particular file has a total size of 0x45400 (277 KiB)

A quick survey across all of the microcode files shows that the two new 06-60-a5 and 06-60-a6 files are larger than others at 277 KiB, the previous biggest being 127KiB.

% for f in *; do
mdb -fe '::typedef -r ../../ucodeadm; 0::print ucode_header_intel_t uh_signature; 0::print -d ucode_header_intel_t uh_total_size' $f | paste - -
done | sort -tt +4 -n | tail -15
uh_signature = 0x906ec  uh_total_size = 0t103424
uh_signature = 0x906ed  uh_total_size = 0t103424
uh_signature = 0x806e9  uh_total_size = 0t104448
uh_signature = 0x806eb  uh_total_size = 0t104448
uh_signature = 0x806ec  uh_total_size = 0t104448
uh_signature = 0x906e9  uh_total_size = 0t104448
uh_signature = 0x906eb  uh_total_size = 0t104448
uh_signature = 0x406e3  uh_total_size = 0t105472
uh_signature = 0x506e3  uh_total_size = 0t105472
uh_signature = 0x806c1  uh_total_size = 0t109568
uh_signature = 0x706e5  uh_total_size = 0t110592
uh_signature = 0x80665  uh_total_size = 0t130048
uh_signature = 0x80665  uh_total_size = 0t130048
uh_signature = 0x606a5  uh_total_size = 0t283648
uh_signature = 0x606a6  uh_total_size = 0t283648
Actions #2

Updated by Andy Fiddaman 4 months ago

  • Status changed from New to In Progress
  • Assignee set to Andy Fiddaman
  • Difficulty changed from Medium to Bite-size
Actions #3

Updated by Andy Fiddaman 4 months ago

Having adjusted the maximum allowed size:

% ./ucodeadm -i -R . intel-06-6a-05
% echo $?
0
% ls -ltr
total 3131
-r--r--r--   5 af       other       277K Jun 21 13:54 000606A5-80
-r--r--r--   5 af       other       277K Jun 21 13:54 000606A5-04
-r--r--r--   5 af       other       277K Jun 21 13:54 000606A5-02
-r--r--r--   5 af       other       277K Jun 21 13:54 000606A5-01
Actions #4

Updated by Electric Monk 4 months ago

  • Gerrit CR set to 1559
Actions #5

Updated by Andy Fiddaman 4 months ago

Picking a new maximum size just above the size of the current largest microcode blob means that we may need to further increase the size in the future, but I don't think that the Intel microcode will increase for the current generations and if the protection afforded by this maximum size is to be at all useful it needs to properly constrain firmware sizes.

However, it's likely that we'll need to revisit this at some point in the future.

Actions #6

Updated by Electric Monk 4 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit ada023d26fbb04273c643d7c7fade1b24da764fb

commit  ada023d26fbb04273c643d7c7fade1b24da764fb
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date:   2021-06-23T22:05:39.000Z

    13891 ucodeadm cannot handle latest Intel microcode
    Reviewed by: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions #7

Updated by Andy Fiddaman 4 months ago

  • Related to Bug #13900: Update Intel microcode to 20210608 added
Actions

Also available in: Atom PDF