On Fri, 19 Sep 2014, Borislav Petkov wrote: > On Fri, Sep 19, 2014 at 07:54:14AM -0500, Chuck Ebbert wrote: > > 2) Don't allow a late update if TSX is still enabled on those > > processors. > > Yeah, so the use case I have in mind is when a long-running machine > wants to apply microcode and this microcode disables CPUID bits and > instructions. And the machine cannot be rebooted. > > I guess in that case we would have to issue a warning only on the > affected processors that a rebooted is mandatory and fail the update... > Maybe something like that.
Well, in this case we'd have to (on Intel, but AMD is likely the same): 1. offline a "guinea pig" group of "cpus", i.e. an entire "microcode update unit" that doesn't include the BSP. This is going to be a pain, as what composes a "microcode update unit" is not set in stone, and could change in a future microarch. 2. apply the update to one of the "guinea pig" "cpus" (which will update all "cpus" in the same "microcode update unit"). 3. sanity check. 4a. abort the update run if something nasty happened, leaving the "guinea pig" "cpus" locked offline until the next reboot. Warn the user. 4b. online the "guinea pig" "cpus" if the update looks good, and proceed to update the rest of the "cpus" in the system. We need this dance because we cannot roll-back a microcode update in the general case. To me, it looks way too complicated to be worth the effort. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/