Re: [PATCH v3 1/5] x86/microcode/intel: Check against CPU signature before saving microcode
From: Borislav Petkov
Date: Wed Aug 24 2022 - 15:28:13 EST
On Tue, Aug 23, 2022 at 11:13:13AM +0000, Ashok Raj wrote:
> > > patch1:
> > > fms3 <--- header FMS
> > > ...
> > > ext_sig:
> > > fms1
> > > fms2
> > >
> > > patch2: new
> > > fms2 <--- header FMS
> > >
> > > Current code takes only fms3 and checks with patch2 fms2.
> >
> > So, find_matching_signature() does all the signatures matching and
> > scanning already. If anything, that function should tell its callers
> > whether the patch it is looking at - the fms2 one - should replace the
> > current one or not.
> >
> > I.e., all the logic to say how strong a patch match is, should be
> > concentrated there. And then the caller will do the according action.
>
> I updated the commit log accordingly. Basically find_matching_signature()
> is only intended to find a CPU's sig/pf against a microcode image and not
> intended to compare between two different images.
Err, what?
find_matching_signature() looks at fmt3 - your example above - and then
goes and looks at ext_sig. Also your example above.
So you can teach that function to say with a *separate* return value
"replace current patch with this new patch because this new patch is a
better fit."
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette