Re: [PATCH v3 3/5] x86/microcode: Avoid any chance of MCE's during microcode update

From: Borislav Petkov
Date: Wed Aug 17 2022 - 04:09:27 EST


On Wed, Aug 17, 2022 at 09:58:03AM +0200, Ingo Molnar wrote:
> Also, Boris tells me that writing 0x0 to MSR_IA32_MCG_STATUS
> apparently shuts the platform down - which is not ideal...

Right, if you get an MCE raised while MCIP=0, the machine shuts down.

And frankly, I can't think of a good solution to this whole issue:

- with current hw, if you get an MCE and MCIP=0 -> shutdown

- in the future, even if you change the hardware to block MCEs from
being detected while the microcode update runs, what happens if a CPU
encounters a hw error during that update?

You raise it immediately after? What if there are multiple MCEs? Not
unheard of on a big machine...

Worse, what happens if there's a bitflip in the memory where the
to-be-updated microcode patch is?

You report the error afterwards?

Just thinking about this makes me real nervous.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette