1
2018-02-05, iucode_tool v2.3.1
2
* iucode_tool: fix filter by revision parser on ILP32
4
2018-01-28, iucode_tool v2.3
6
* iucode_tool(8): document changes to ucode filtering
7
* iucode_tool: support selecting by ucode revision
8
Add a third (and optional) parameter to microcode selection filters, to
9
select microcodes by revision. The revision can be prefixed by the
10
operators eq: (equal to), lt: (less than), or gt: (greater than).
11
The revision numbering is signed, but in order to be more user friendly,
12
since we display revisions as unsigned values in hex, we accept the
13
range -INT32_MAX to +UINT32_MAX, and convert it to int32_t.
14
* iucode_tool: add function to parse signed 32-bit integers
15
Add parse_s32e(), based on parse_u32(). It will be used to parse
16
microcode revisions in the command line, so it has an extension
17
that accepts something like 0xfffffffe as an alias for -2.
18
* iucode_tool: optimize detection of base10 numeric names
19
* iucode_tool: better handle offline/non-continuous topology
20
* iucode_tool(8): document changes to --scan-system
21
* iucode_tool: select scan-system strategy change at runtime
22
Instead of selecting the scan-system strategy at compile time, enhance the
23
long-version of the --scan-system option to take an optional argument, and
24
select the strategy. Available strategies are: 0 (auto), 1 (fast), and 2
25
(exact). Fast uses just the cpuid instruction and activates all steppings.
26
Exact will query all processors using the kernel cpuid driver. Auto (the
27
default) is currently the same as fast. The short option -S is equivalent
28
to --scan-system=auto. This way, we don't break backwards command line
29
behavior, and something like "iucode_tool -Sl" will still work. In
30
--scan-system=exact mode, when a /dev/cpu/#/cpuid scan fails, it will use
31
the result from the cpuid instruction and also add every other stepping for
32
any signatures found before the failure.
33
* gitignore: rearrange, and ignore backup and vim swap files
34
* iucode_tool: move scan_system_processor() one layer down
35
* iucode_tool: do not scan-system while parsing
36
Instead of processing -s and -S/--scan-system while parsing, queue all
37
filters so that we can call scan_system_processors() later. This was the
38
only complex operation that was being carried out while parsing the command
39
line. This change ensures that global options such as -q and -v, that are
40
not supposed to be sensitive to their position in the command line, will
42
* iucode_tool: add two command-line parser helpers
43
* intel_microcode.h: document intel_ucode_status_t sources
44
* update copyright dates to 2018
46
2017-08-28, iucode_tool v2.2
48
* README: update for mixed dat and bin Intel releases
49
* configure: fix handling of --without-foo/--disable-bar
50
* intel_microcode: fast-track intel_ucode_compare(a, a)
51
* iucode_tool: fix microcode count when selecting extended signatures
52
* iucode_tool: rename and document some xx_xtsdeduplist* functions
53
* configure: support libargp as an alternative to glibc argp
54
* intel_microcode: do not request inlining for is_zero_checksum()
55
* iucode_tool: use fprintf(stdout) instead of printf()
56
* intel_microcode: declare intel_ucode_errstr() as const
57
* iucode_tool: ensure printf %x args are unsigned
58
* README: add an example of microcode with multiple sigs
59
* configure: add --enable-extend-flags to change default build flags
60
Add a way to not completely override the C/CPP/LDFLAGS configure.ac
62
* configure: default build to hardened -O3 PIE with lots of warnings
63
Override the autoconf default CFLAGS, CPPFLAGS and LDFLAGS for a more
64
optimized, hardened build by default. Also, print the value of these
65
variables in configure output. The standard methods to override the
66
default CFLAGS, CPPFLAGS and LDFLAGS in configure still work, and will
67
bypass the new defaults. Linux distros that override these on every build
68
should not see any changes. Should the compiler not be detected as
69
gcc-compatible, no change to CFLAGS/CPPFLAGS/LDFLAGS will be made. Note
70
that clang is explicitly supported, and works just fine. The build will
71
default to a baseline of "-O3 -g" and will attempt to selectively enable
72
several warning options, and several hardening options. configure will
73
attempt to detect the set of compiler and linker driver flags that would
74
work. Caveats: autoconf 2.69 and automake 1.13 or later are now
76
* configure: whitespace fixes and minor cosmetic fixes
78
2017-02-15, iucode_tool v2.1.2
80
* iucode_tool: compare payloads of similar (not just duplicate) MCUs
81
Within the same signature, if two microcodes have the same revision,
82
and can be installed on the same processor, their payload contents
83
ought to be the same. However, we would only compare the payloads of
84
microcodes with the exactly same processor flags mask, which is not
85
enough. Fix it. Note: this issue not present in Intel-issued
86
microcode seen in the field.
87
* iucode_tool: skip small files as if empty in the -tr loader
88
Make the recovery loader behave the same for empty files and files
89
that are too small to contain any microcode: report that there were no
90
microcodes found in the file, and skip the file.
91
* intel-microcode: validade xx_intel_ucode_check_uc() parameters
92
* iucode_tool: silence a harmless -Wmissing-field-initializers warning
94
2017-01-11, iucode_tool v2.1.1
96
* intel_microcode, iucode_tool: enhance microcode scan API
97
* intel_microcode: harden intel_ucode_scan_for_microcode()
98
* intel_microcode, iucode_tool: no more magic 1024 constants
99
* intel_microcode: forbid unknown buffer sizes in
100
intel_ucode_check_microcode()
101
* intel_microcode, iucode_tool: track buffer sizes when iterating
102
* intel_microcode: fix heap buffer overflow on -tr loader
104
When the last microcode region ends at exactly the end of the data
105
file, intel_ucode_scan_for_microcode() would read data past the end of
106
the memory buffer. This is usually harmless. Unfortunately, should
107
there be a valid microcode exactly after the memory buffer,
108
iucode_tool will misbehave *badly*. It is extremely unlikely that the
109
harmful misbehavior could be triggered by accident -- at least when
110
iucode_tool is linked to glibc -- due to glibc's memory allocator
111
implementation details. Also, it is not believed to be possible for
112
this bug to trigger in a harmful manner when only one datafile is
113
being processed. However, it might be possible for an attacker to
114
trigger the issue using a number of specially crafted data files, and
115
it might also require tricking the user into using a specially crafted
116
command line. Should the worst happen, iucode_tool may be convinced
117
to corrupt its heap, and possibly the libc's heap control data
118
structures, which could result in code execution, depending on the
119
libc's internals. The harmless version of this bug is trivially
120
triggered by using the -tr (recovery) loader on any file that ends
121
with a valid microcode, such as any file that only contains valid
122
microcode. This issue was detected by gcc's address sanitizer.
123
* update copyright dates to 2017
124
* spelling fixes to comments, messages and docs
126
2016-11-10, iucode_tool v2.1
128
* iucode_tool: alternative bug workaround for the early initramfs
129
Implement a less hackish workaround to ensure the microcode file data
130
will be aligned to a 16-byte boundary from the start of the early
131
initramfs: instead of extending the microcode data filename with NULs,
132
add a suitably sized empty directory entry to the initramfs cpio
133
archive right before it (an empty file entry, or a hardlink entry
134
would also have worked). We control the size of this "padding" entry
135
by the length of its name, without any embedded NULs hacks. The
136
increase in cpio metadata size caused by an extra cpio member header
137
entry is always going to be absorbed by the padding at the end of the
138
cpio archive at a 512 byte or 1024 byte block size: the file size of
139
the resulting early initramfs is not changed. For --mini-earlyfs
140
mode, which is tailored to what the kernel cares about and minimal
141
size, we use the older workaround which results in a smaller archive
142
at a 16-byte block size.
143
* iucode_tool: cosmetic error path cleanup for write_cpio_header()
144
* iucode_tool(8): document --mini-earlyfw and --normal-earlyfw
145
* iucode_tool: add command line option to minimize early initramfs size
146
A minimized early initramfs has a block size of 16 bytes, and doesn't
147
contain parent directories.
148
* iucode_tool: prepare for early-initramfs size minimization
149
Enhance the low-level cpio header/trailer output functions to take
150
runtime parameters instead of compile-time constants for: cpio block
151
size and whether to include parent directories. While at it, constify
152
parameters on the changed functions where possible.
153
* iucode_tool: xx_write_cpio_hdrentry can assume dword-alignment
154
* iucode_tool: generate reproducible early initramfs
155
Instead of embedding the current time in the early initramfs, use the
156
latest date found among the microcodes that are going to be included
157
in that initramfs. While at it, fix an year 2038 issue which would
158
result in a corrupted initramfs cpio archive. The microcode ordering
159
inside the initramfs was already stabilized by iucode_tool release
160
v2.0. This change is a contribution to the Reproducible Builds effort
161
captained by the Debian project.
162
* Add new CONTRIBUTING text file:
163
Add a CONTRIBUTING text file with some details about how to submit bug
164
reports, report security issues, and request new features.
165
* Makefile.am: ship CONTRIBUTING in the tarball
166
* intel_microcode: add intel_ucode_getdate_bcd() function
167
* intel_microcode: move is_valid_bcd() earlier in the file
168
* README: remove feeds as means to get latest microcode
169
Intel is not updating every processor model's download feeds with the
170
latest microcode package anymore. Do not suggest using them to locate
171
the latest microcode data pack anymore.
172
* configure, iucode_tool: define bug report address
173
* intel_microcode: constify and restyle prototypes
174
* iucode_tool: constify function parameters
176
2016-09-12, iucode_tool v2.0
178
* README: update for pf_mask change in output
179
* ChangeLog: fix typos
180
* iucode_tool(8): reduce usage of pf_mask in manpage
181
* iucode_tool(8): document iucode-tool microcode ids
182
* iucode_tool: don't str_append_ucode_id() on every microcode
183
* iucode_tool: ensure IUCODE_MAX_MCU_FILE_SIZE is sane
184
* iucode_tool: limit verbosity level to 5
185
* iucode_tool: reorder malloc calls in load_intel_microcode_dat()
186
* iucode_tool: increase first microcode data size guess to 2MiB
187
* iucode_tool: fix -h help text for --scan-system
188
* iucode_tool: limit cpio member size to 4GiB
189
* iucode_tool(8): update for new -s/-S interaction
190
Update manpage now that --scan-system can be overridden by -s !<sig>
191
* iucode_tool: allow override of --scan-system results
192
Process --scan-system in-line with -s, so that a later -s !<sig> can
193
override signature filters added by --scan-system. To reproduce the
194
earlier behavior, have --scan-system as the last option.
195
* iucode_tool: complain of large sigs and masks for -s option
196
Detect and report as an error (instead of silently truncating to
197
32-bits) CPU signatures and processor flags masks in the command line
198
when they are too large.
199
* iucode_tool: retry on EINTR during writes
200
Instead of aborting with an "interrupted system call" error during
201
writes, retry the operation. This is already done for reads.
202
* iucode_tool, intel_microcode: fix config.h include order
203
The autoconf config header must be included before any C library
204
headers, or it won't have the desired effects.
205
This change activates large file support on 32-bit targets.
206
* iucode_tool: support very large output files on 32bit
207
* iucode_tool: use LFS-safe typecast for 32-bit
208
* iucode_tool: add exception threshold to disable .dat fast parser
209
If the fast-path parser fails too many times to handle the .dat file
210
being processed, disable it for the remaining of that file.
211
* iucode_tool: add fast-path to .dat loader
212
Add a limited parser to the .dat loader, and use it as a fast path.
213
This fast-path parser is capable of dealing with all currently
214
released Intel .dat files ~40% faster than the better (strtoul-based)
215
slow path. The fast-path defers to the slow path anything it cannot
217
* iucode_tool: use fgets_unlocked to parse .dat files
218
* iucode_tool: detect large values in .dat files
219
Detect as invalid any values that won't fit in 32 bits when parsing
220
Intel .dat files, instead of silently truncating them to 32 bits.
221
Note that these files would eventually fail to load for other reasons,
222
such as invalid checksums.
223
* iucode_tool: add helper to parse uint32_t values
224
* iucode_tool: detect invalid NULs in .dat format loader
225
Detect and reject files with embedded NULs when attempting to load
226
using the text .dat format, since any NULs will cause everything after
227
them in the same line to be discarded (due to the use of fgets() to
228
parse the file). This effectively means every line must end with a
229
newline ('\n') EOL marker, except for the last one in the data file.
230
* intel_microcode: use the same type for internal microcode sizes
231
* intel_microcode: don't drop const qualifiers from pointers
232
* iucode_tool: use unsigned types for cpio header writing
233
* iucode_tool: fix cosmetic issues in scan_and_pack_microcodes
234
* intel_microcode: silence harmless sign-conversion
235
* intel_microcode: remove undesired sign conversions
236
* iucode_tool: avoid implicit promotion to signed in is_in_date_range()
237
* iucode_tool: use defensive coding in load_intel_microcode_bin
238
* iucode_tool: ensure fileno(stdin) did not fail
239
Fixes: Coverity CID 163302 (false positive, failure requires broken
241
* iucode_tool: avoid signed bit constants
242
* iucode_tool: (cosmetic comment fixes) it is errno, not errno()
243
* iucode_tool: avoid conversions for constant line buffer size
244
* iucode-tool: flush output files to permanent storage
245
Use fdatasync() to flush output files to permanent storage before
246
close(). For --write-named-to, --write-all-named-to, and
247
--write-firmware, also fsync() the parent directory after all files
248
have been written. These changes cause a severe performance
249
degradation, but without them we cannot detect write errors on close,
250
and that can end up corrupting a file important for system boot since
251
the write error would be undetectable to a shell script.
252
* configure.ac: default to dist-xz and enable warnings
253
Enable automake warnings, and switch the "make dist" target to xz
254
compression, as that's what is being used for the signed release
256
* configure.ac: update autotools minimum versions
257
Update the minimum autoconf version to 2.69, and automake to 1.11.
258
Older versions are not supported, and might or might not work.
259
This is only relevant when not using the pre-built configure script
260
shipped in the iucode_tool distribution tarballs.
261
* iucode_tool: use print_warn() when we do not write to a file
262
When there is nothing to output to a file, we don't touch it (i.e. we
263
do not overwrite it with an empty result). Use print_warn() to report
264
that to the user as a warning, instead of print_msg().
265
* iucode_tool: fix minor issue on warning message
266
* iucode_tool: widen bundle id output to three digits
267
* iucode_tool: change pf mask to pf_mask on output
268
* iucode_tool: indent selected microcode output
269
Indent the selected microcode output (for --list) so that it matches
270
the output of --list-all.
271
* iucode_tool: change first column of --list output to gid/id
272
Change the output format of --list output to use the gid/id notation
273
(the same used by --list-all and also by any error messages and by
274
most verbose debug or status messages) to identify the selected
275
microcodes. This is vastly more useful than a monotonically
276
increasing number that is not usable anywhere else.
277
* iucode_tool: demote debug output about bundle assignment
278
Now that we will output bundle assignment messages for --list (and not
279
just --list-all), demote status/debug output about bundle assignment,
280
so that it matches the same verbosity level of other messages from the
281
same function. While at it, change the status message to better match
283
* iucode_tool: output bundle assignment for --list-* when not quiet
284
Output the bundle assignment headers already used for --list-all also
285
for --list. Suppress that output for both --list-all and --list when
287
* iucode_tool(8): document new sorting order
288
Microcode sorting order is now stabilized by a secondary key (pf_mask)
289
* iucode_tool: refactor and improve uclist_merge_signature()
290
Refactor uclist_merge_signature() into something much easier to
291
understand. The refactored code sorts the uclist by cpuid (ascending
292
order) and pf_mask (descending order), which stabilizes the sorting
293
order. The pf_masks are sorted in descending order to ensure it will
294
find supersets first as it walks the list. Downgrade mode is (still)
295
limited by not being able to change pf_masks, so partially
296
"superseded" (in the downgrade mode sense) entries will be left over
297
in the selected microcode list when unavoidable.
299
2016-06-04, iucode_tool v1.6.1
301
* iucode_tool: append microcode bundles to linked list in O(1)
302
* iucode_tool: stop allocating twice the required memory for a bundle
303
* iucode_tool: don't close input files twice
304
load_intel_microcode() would cause fds to be closed twice. iucode_tool
305
is not multi-threaded and isn't otherwise affected by this bug, but
306
unfortunately there is a free() call between the first and second
307
close(). When running iucode_tool under some sort of malloc
308
instrumentation insane enough to open file descriptors on free()
309
inside the instrumented process' context, or indirectly linked to a
310
multi-threaded glibc module/plugin that could do the same, bad things
312
* iucode_tool(8): minor fix to a comment
313
* iucode_tool(8): update Linux notes for up to v4.6
314
* iucode_tool: constify argp parser information
316
2016-05-14, iucode_tool v1.6
318
* iucode_tool: fix failsafe for --enable-cpuid-device
319
Further fixes for --scan-system when iucode_tool is compiled with the
320
non-default configure/build-time option --enable-cpuid-device mode.
321
Do not disable the failsafe mode when either /dev/cpu/*/cpuid cannot be
322
opened, or an unexpected error happens during the cpuid scan. Note that
323
we still consider the scan result valid when there are offline nodes.
324
Also, adjust the error and status/debug messages so that proper feedback
325
(through a warning) is given to the user when the scan fails.
326
* iucode_tool: report out-of-memory error during cpuid scan
327
* iucode_tool(8): document warning when downgrade mode fails
328
* iucode_tool: warn of shadowed microcode in downgrade mode
329
Warn when downgrading is impossible due to pf_mask shadowing: this
330
happens when a pf_mask set loaded earlier has a higher microcode
331
revision than a pf_mask subset loaded later for the same signature.
332
* iucode_tool: introduce print_warn()
333
Note: this changes the single "WARNING" in iucode_tool to "warning"
334
* iucode_tool: don't snprintf just to printf something
335
* iucode_tool: silence gcc warnings in -flto mode
336
* iucode_tool: use pfm for pf_mask in structures
337
* iucode_tool: fix another downgrade+loose date filter corner case
338
Fix a corner case for the second pass of the loose date filter in
339
downgrade mode: while late-merging an earlier microcode (in load order)
340
whose pf_mask is either the same as, or a superset of, a later microcode
341
(in load order) but with a same-or-higher revision, it would erroneously
342
remove the later microcode (i.e. act as if download mode was not
345
2016-04-30, iucode_tool v1.5.2
347
* README: update technical details and correct two mistakes
348
Mixed-stepping configurations are possible, and there was an off-by-one
349
error in the platform flags mask table.
350
* iucode_tool(8): fix manpage text for --scan-system
351
Fix the iucode_tool(8) manpage text to not imply we will scan every
352
processor in the system, as that depends on configure (compile-time)
353
options, and it isn't the default behavior since version 1.2.
354
* iucode_tool: don't assume single signature for multi-socket
355
When not scanning every processor using the kernel cpuid device, add all
356
possible steppings for the signature of the running processor.
358
2016-02-13, iucode_tool v1.5.1
360
* update copyright dates to 2016
361
* iucode_tool: drop incorrect use of likely() in uclist_merge_signature()
362
* iucode_tool(8): document downgrade mode limitations
363
* iucode_tool: fix unimportant memory leaks for valgrind
364
Fix two memory leaks at the program exit path for valgrind builds. This
365
ensures "valgrind --leak-check=full --show-leak-kinds=all" output has no
366
known false positives. For non-valgrind builds, we simply don't bother to
367
free any heap memory in the exit path, as it would be just a waste of CPU
369
* iucode_tool: look harder for superseded entries
370
When we replace an entry that has the same pf_mask, it is necessary to
371
look for entries that became obsolete. In non-downgrade mode, we might
372
have skipped a few revisions, and might have merged microcode that is a
373
proper subset, but has an intermediary revision between ours and the
374
one we're replacing. In downgrade mode, the revision doesn't matter so
375
it is even easier to have proper subset entries around that became
377
* iucode_tool: discard late outdated merge for loose date filter
378
When in downgrade mode, during the second pass of the loose date
379
filter, we would merge microcode that is a proper subset (and has the
380
same revision) of already merged microcode. This is harmless, but it
381
would waste space in the output. It is unlikely that this bug would
382
ever happen with real microcode updates.
383
* iucode_tool: fix downgrade mode when loose date-filtering
384
Downgrade mode was broken for the loose mode of date filtering. Due to
385
this bug, a microcode selected by the loose date filter might be
386
preferred over one that was loaded later.
387
* iucode_tool: fix infinite loop bug on non-disjoint pf_masks
388
In the specific case where two microcodes for the same CPU signature
389
had non-disjoint pf_masks, and neither pf_mask was contained in the
390
other, the code would loop forever when it attempted to add the second
391
microcode to the list of selected microcodes. Fortunately, Intel never
392
published a public microcode update that could trigger this codepath.
393
This issue exists in every released version of iucode_tool to date.
394
* iucode_tool: cosmetic changes to load_intel_microcode()
395
* iucode_tool: make uclist_add_signature() slightly faster
396
Change uclist_add_signature() to stop looking for duplicates at the
397
first match. This is slightly faster when processing several files
398
with many duplicates, but it changes same-sig same-revision internal
399
ordering from earliest first to latest first. This change to the
400
sorting order only change the order in which do_write_named() will
401
create the per-microcode data files. Also, trigger microcode opaque
402
data comparison on the pointer to the duplicate being non-NULL, instead
403
of testing for res == EEXIST. Note that this is not fixing an existing
404
bug, the old code was correct.
405
* iucode_tool: cosmetic fixes for uclist_add_signature()
407
2015-10-16, iucode_tool v1.5
409
* New --write-all-named-to option:
410
+ iucode_tool(8): document the new --write-all-named-to option.
411
+ iucode_tool: add a --write-all-named-to option, which works like
412
--write-named-to, but instead of operating on selected microcode, it
413
operates on every revision of every microcode. Exact duplicates are
414
skipped, keyed on INTEL_UCLE_DUPSIG. This avoids the need to always
415
enable --overwrite mode. This is the only way to write out every
416
revision of a microcode.
417
+ iucode_tool: add a new flag, INTEL_UCLE_DUPSIG, and use it to track
418
duplicate signatures when they are added to all_microcodes. Only the
419
first copy of that exact microcode (signature+pfm+revision) will not
420
have INTEL_UCLE_DUPSIG set, in *load* order, regardless of downgrade
422
* intel_microcode.c: remove lots of unlikely() use, as the premise that
423
it is most often called on valid microcode is no longer valid due to
425
* iucode_tool(8): fix parameter of --write-named-to. The manpage text
426
was incorrectly naming the parameter of the option --write-named-to to
427
be a file. It is a directory, as documented for the short version of
428
the same option (-W).
429
* iucode_tool(8): add two examples for the recovery loader (-tr): how to
430
use it to load microcode from an early initramfs, and also how to use
431
it to update an Arch-linux style separate early initramfs.
432
* Changelog: correct the indentation of older Changelog entries.
433
* Changelog: switch back to a "raw" changelog style. Writing user-level
434
documentation is a much better use of time than simplifying Changelogs.
436
2015-10-03, iucode_tool v1.4
438
* Implement a microcode recover mode (-tr) for the binary loader,
439
which searches for valid microcode(s) inside a generic (binary)
440
data file of unknown format
441
+ Do not store an empty microcode bundle for further processing,
442
even if the low-level loader didn't return an error status (this
443
is for future-proofing, currently all of them return errors)
444
+ Report unaligned microcode as an internal error in the iterator
445
functions as well as in intel_ucode_check_microcode(), but add
446
a private function to allow for microcode checking without
447
alignment restrictions
448
+ Add intel_ucode_scan_for_microcode() to search for valid micro-
449
code(s) inside a memory buffer, regardless of alignment
450
+ Factor out microcode checksumming into is_zero_checksum(), and
451
change it to avoid unaligned dword reads. This avoids a long
452
time gcc -O3 loop vectorizing optimization issue which is still
454
* Notify the user when we fail to find any microcode in a data file
455
when the low-level loader returns ENOENT, and continue processing
457
* Report empty data files using ENOENT instead of EINVAL in the
458
low-level loader functions. This is can happen to non-empty files
459
in the -tr and -td loaders, as well as when reading an empty file
460
from stdin, FIFO, pipe, character device, etc.
461
* In -vv mode, print a message before reading a file, and also when
462
skipping empty files or reading a directory
463
* Fix spelling of default-firmware-dir option in configure,
464
thanks to Timo Gurr for the report and fix
465
* Minor cosmetic fixes:
466
+ Typo fix: replace "interator" with "iterator" everywhere
467
+ Add comment about not closing a fd in fix_fds() should it
468
be copied elsewhere, fix by Imran Zaman
469
+ Add comment that one must not close(fd) after fdopendir(fd)
470
succeeded. Both human programmers and static checkers get
471
confused over this one and mistake it for leak
472
* Replace "deselect" with "unselect" in the manpage text
474
2015-05-24, iucode_tool v1.3
476
* Reopen stdin/stdout/stderr file descriptors using /dev/null if any
477
of them are closed at program start. Before this change, it was
478
not safe to call iucode_tool with stdout and/or stderr closed
479
* Ignore multiple attempts to read microcode data from stdin, as all
480
data will have been read by the first attempt
481
* Enforce a maximum of UINT_MAX data files. The number of microcodes
482
per data file is also limited to UINT_MAX (actually, less than that
483
due to other limits). Use "unsigned int" instead of "unsigned long
484
int" for variables related to these (such as microcode group id and
486
* Document in the manpage the arbitrary maximum limit of 1GiB worth of
487
binary data per microcode data file. The other limits are too large
488
to bother documenting
489
* Microcode data file loader fixes and enhancements:
490
+ Detect and report stream IO errors while reading .dat files
491
+ Detect and report IO errors from fdstat() at the beginning
492
of the binary microcode loader
493
+ Print the line number when reporting .dat parsing errors
494
+ Allow comments after valid data for .dat files, previously they
495
had to be on a line of their own
496
+ Rework the .dat parser to make it less convoluted, and optimize it
497
for the exact .dat file layout Intel has been using in the last 15
500
+ Silence unused parameter warning on --disable-cpuid-device build
501
+ Silence unused function warning on --disable-valgrind-build build
502
+ configure.ac: minor updates: add AC_COPYRIGHT; move AC_PREREQ
503
before AC_INIT; remove commented-out AM_MAINTAINER_MODE
504
* Reorder fields to pack some structs on 64 bits
505
* Reorder some struct fields for better cache locality
507
2015-03-29, iucode_tool v1.2.1
509
* Update README and NEWS to mention the new project home
510
location at GitLab, due to gitorious.org's planned shutdown
511
at the end of 2015-05
512
* Manpage fixes and enhancements:
513
+ Minor typography/groff fixes
514
+ Format long examples into multi-line format
515
+ Add examples for --scan-system, -s and --write-earlyfw
516
+ Minor changes to the other examples
517
+ Document iucode_tool use of stdout and stderr
518
+ Document that iucode_tool ignores the loader version microcode
519
metadata field entirely
520
+ Document the use of the "0x" and "0" prefixes to denote hexadecimal
521
and octal bases for the signature and pf_mask parameters of the -s
523
* Flush stdout before writing to stderr. We want stdout/stderr output
524
to be correctly interleaved when buffering is in effect due to stdout
526
* Flush stdout right after do_process_microcodes() is called, so that
527
iucode_tool will output the result of --list and --list-all at that
529
* Minor argp parser fixes
530
+ Don't include EOL in argp_error() strings
531
+ Surround incorrect parameters with single quotes in parser error
533
* Report internal errors (EINVAL) from uclist_add_signature() as
534
such. While at it, cosmetic fix the same error message for
535
uclist_merge_signature()
537
2015-02-14, iucode_tool v1.2
539
* Documentation updates:
540
+ README: correct the /lib/firmware example to not remove execute
541
permissions from the /lib/firmware/intel-ucode directory, and
542
enhance the text to make it clear those are examples of fixing the
543
permissions and may need to be adjusted
544
+ README: enhance the README text and update it to the post-Haswell
545
microcode update reality. Also, add a table of pf flags and
546
masks, to make the text easier to understand and stop using tabs
548
+ iucode_tool(8): update Linux notes to match reality as of kernel
549
3.18. Also reword and improve the overall text
550
* iucode_tool: use the cpuid instruction (via gcc's cpuid.h) directly
551
to implement --scan-system. This assumes there is only one
552
signature per x86/x86-64 system, which is a safe assumption at this
553
time. One can have processors with distinct pf flags and the same
554
signature in a x86/x86-64 multi-processor system, so --scan-system
555
will match any pf_mask. When compile-time configured with
556
--enable-cpuid-device (disabled by default), iucode-tool will use
557
the cpuid instruction directly and also scan every processor using
558
the kernel cpuid device. This fixes an scalability issue in systems
561
2014-10-28, iucode_tool v1.1.1
563
* Fix issues found by the Coverity static checker:
564
+ CID 72165: An off-by-one error caused an out-of-bounds write to a
565
buffer while loading large microcode data files in ASCII format
566
(will not be triggered by the data files currently issued by Intel)
567
+ CID 72163: The code could attempt to close an already closed file
568
descriptor in certain conditions when processing directories
569
+ CID 72161: Stop memory leak in error path when loading microcode
571
+ CID 72159, 72164, 72166, 72167, 72168, 72169: Cosmetic issues
572
that could not cause problems at runtime.
574
2014-09-09, iucode_tool v1.1
576
* Don't output duplicates for microcodes with extended signatures
577
to the same file or to the kernel
578
* When writing an early initramfs, pad its trailer with zeros to
579
the next 1024-byte boundary. This is done so that the next
580
initramfs segment will be better aligned, just in case. The
581
entire cpio metadata overhead is now exactly 1024 bytes
582
* Manpage style fixes: use iucode_tool consistently, groff formatting
583
* Refuse to load ridiculously large data files (limit set to 1GiB)
585
2014-08-12, iucode_tool v1.0.3
587
* Add a work-around for a Linux kernel bug on the early initramfs
588
microcode update support. The work-around appends non-standard NUL
589
padding to the file name inside the cpio archive, so as to have the
590
the microcode data 16-byte-aligned to the start of the file
591
* Document file alignment requirements for the early initramfs
593
* Properly check microcode metadata date to be valid packed BCD in
595
* Do not assume a non-zero microcode Total Size field to be valid, it
596
is valid only when the Data Size field is non-zero. Fortunately,
597
Intel always set reserved fields to zero on released microcode, so
598
this bug was never (and is unlikely to ever be) triggered
599
* Fix several cosmetic and minor code issues
600
* minor corrections, enhancements and style fixes to the manpage
602
2014-05-10, iucode_tool v1.0.2
604
* Mention iucode-tool's new home at gitorious in documentation.
605
* Warn user when --scan-system fails due to errors such as a lack
606
of permission to access the cpuid devices
607
* Use the libc optimized memcmp() to compare microcode
608
* Minor manpage updates
609
* --strict-checks now verifies that the microcode update date
610
is not utterly insane
612
2013-12-14, iucode_tool v1.0.1
614
* Fix several cosmetic code issues
616
+ Make it clear that the output order of microcodes is not stabilized
617
+ Make it clear that iucode_tool always break links when writing a
618
data file, and that it doesn't replace files atomically, so they
619
can get corrupted/lost if iucode-tool is interrupted while writing.
620
+ Reword several notes for better readability
621
* Use openat() when loading from a directory
622
* Use openat() when creating files in a directory
624
2013-05-25, iucode_tool v1.0
626
* Add verbose title to manpage iucode_tool(8)
627
* Add support to write an early initramfs archive for Linux v3.9.
628
This early initramfs archive will need to be prepended to the
629
regular initramfs to allow the kernel to load the microcode
632
2013-03-28, iucode_tool v0.9
634
* Document missing -W, --write-named option in iucode_tool(8)
636
* Print the number of unique signatures in verbose mode
637
* Add loose date-based filtering (--loose-date-filtering option),
638
which is useful when trying to select microcode for very old
640
* Skip empty files and directories instead of aborting with an
642
* Add an option to default to an empty selection (-s!)
643
* Ensure that microcodes with the same metadata have the same
644
opaque data (payload) when in --strict-checks mode (default)
645
* Update copyright notices and manpage date
647
2012-08-26, iucode_tool v0.8.3
649
* Fix regression introduced in 0.8.2 that caused all microcodes
650
to be selected by --scan-system on a box with unsupported
651
processors (e.g. non-Intel)
652
* Update README: Intel has some microcode update information in
653
some public processor specification update documents
655
2012-07-28, iucode_tool v0.8.2
657
* Update documentation and manpages for the new microcode
658
update interface in Linux v3.6.
659
* Fail safe when --scan-system cannot access the cpuid driver:
660
instead of not selecting anything, still select all microcodes
661
if no other microcode selection option was used.
662
* Move NEWS to ChangeLog
664
2012-07-24, iucode_tool v0.8.1
666
* Updates to the iucode_tool(8) manpage, disclosing the
667
need for the cpuid driver for iucode_tool --scan-system,
668
and more details about the sysfs microcode reload
670
* Output an error message if --scan-system could not find
671
any cpuid nodes in sysfs.
673
2012-06-07, iucode_tool v0.8
675
* First release to the general public. Please refer to
676
the README file for the irrelevant details, and to the
677
manpage for the relevant details.