From 321550859f3bd64f547d0b4e9fbd97bd539ef47c Mon Sep 17 00:00:00 2001 From: Boris Ostrovsky Date: Thu, 27 Mar 2025 19:05:03 -0400 Subject: x86/microcode/AMD: Clean the cache if update did not load microcode If microcode did not get loaded there is no reason to keep it in the cache. Moreover, if loading failed it will not be possible to load an earlier version of microcode since the failed revision will always be selected from the cache on the next reload attempt. Since the failed revisions is not easily available at this point just clean the whole cache. It will be rebuilt later if needed. Signed-off-by: Boris Ostrovsky Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20250327230503.1850368-3-boris.ostrovsky@oracle.com --- arch/x86/kernel/cpu/microcode/amd.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'arch/x86/kernel/cpu/microcode/amd.c') diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index b61028cf5c8a..57bd61f9c69b 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -1171,11 +1171,18 @@ static void microcode_fini_cpu_amd(int cpu) uci->mc = NULL; } +static void finalize_late_load_amd(int result) +{ + if (result) + cleanup(); +} + static struct microcode_ops microcode_amd_ops = { .request_microcode_fw = request_microcode_amd, .collect_cpu_info = collect_cpu_info_amd, .apply_microcode = apply_microcode_amd, .microcode_fini_cpu = microcode_fini_cpu_amd, + .finalize_late_load = finalize_late_load_amd, .nmi_safe = true, }; -- cgit v1.2.3 From c0a62eadb6fd158e4d6d4d47d806109e7ae32e8b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 28 Apr 2025 11:30:06 -0700 Subject: x86/microcode/AMD: Use sha256() instead of init/update/final Just call sha256() instead of doing the init/update/final sequence. No functional changes. Signed-off-by: Eric Biggers Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/20250428183006.782501-1-ebiggers@kernel.org --- arch/x86/kernel/cpu/microcode/amd.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'arch/x86/kernel/cpu/microcode/amd.c') diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 57bd61f9c69b..b2bbfc4ef3dc 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -211,7 +211,6 @@ static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsi { struct patch_digest *pd = NULL; u8 digest[SHA256_DIGEST_SIZE]; - struct sha256_state s; int i; if (x86_family(bsp_cpuid_1_eax) < 0x17 || @@ -230,9 +229,7 @@ static bool verify_sha256_digest(u32 patch_id, u32 cur_rev, const u8 *data, unsi return false; } - sha256_init(&s); - sha256_update(&s, data, len); - sha256_final(&s, digest); + sha256(data, len, digest); if (memcmp(digest, pd->sha256, sizeof(digest))) { pr_err("Patch 0x%x SHA256 digest mismatch!\n", patch_id); -- cgit v1.2.3