Received: by 10.223.185.116 with SMTP id b49csp3446982wrg; Sun, 25 Feb 2018 23:25:02 -0800 (PST) X-Google-Smtp-Source: AH8x225BpdUqE8MriIXmcJ/Aqkyr87YYsooI7g1+yM9WmGSk44G9JybAFOf1mtoiH+W01LrJqBdh X-Received: by 2002:a17:902:788e:: with SMTP id q14-v6mr9774057pll.396.1519629902638; Sun, 25 Feb 2018 23:25:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519629902; cv=none; d=google.com; s=arc-20160816; b=WJY0Jlmd3ySVIj8r2Ra4qfANDJJ15rUzYd0ClitW25JLBIAgEC7QOkiFTb2+Rjl5j1 f4m6Z8GsVNwgVfLjccJhW7ZVvbgHRj6iqqNr9im9Hksmo8inGMxUvOYJaLGrN39HELTd +oNfR/BAMSc7pSOXffMdoW4DK8tuecUij0rDzDeWNYYaxBxuLFF12zH5x438Fm3Lacke /Z4mzV8dkryhp0CfTD1lSsS+NDt7AV4O5au2f1c/6hV356KJU0Or9ZFMdLXWnwcJshNY 1pozCcOFsojxpY0YOsCntIWaw7A1rLuMhVV3SALHWTMcBMy+S2GYxFNYwswz49/5VBHV hzuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=vvbUMGmZfp0SGptYcIWzpFmbqE45qUlmbovRBPwWHfQ=; b=QzLql+oYmtJ78Jksl0CCXPuXl8X20QeGApVsqApKKD3xGElSd1bso6y9iQDI6C+Rqn rfq33u5/TAns5dC7zFtKuL3tXc9rTd6LSMQkH/p+AGMqDG5+7yZiE/3+1MouOMOUi6Qy nh5PedrrDGL6w0YR1IRLdvN+DKzwD4kqE/D4llO019GR4cpD8XljSm0cskYxMcSgoWNh dsh8JcXjO3+wsLS4da7I38w+9JtP0g37sRoNRR6lLXFe74tGzLy9NHAUavG8JCm+f+Kn L+55BjT3jvwoTmG56c3ftpwkCKTqhcLwL7rVr60nYxYdMxJw9P3gmv4JRo2NjKuTUjk6 Bkhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Q3Zi+3A/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 73si5440647pfu.71.2018.02.25.23.24.48; Sun, 25 Feb 2018 23:25:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Q3Zi+3A/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752110AbeBZHYI (ORCPT + 99 others); Mon, 26 Feb 2018 02:24:08 -0500 Received: from mail-it0-f67.google.com ([209.85.214.67]:33765 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751310AbeBZHYF (ORCPT ); Mon, 26 Feb 2018 02:24:05 -0500 Received: by mail-it0-f67.google.com with SMTP id w19so7011840ite.0; Sun, 25 Feb 2018 23:24:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vvbUMGmZfp0SGptYcIWzpFmbqE45qUlmbovRBPwWHfQ=; b=Q3Zi+3A/t+z6ceQthbEWtrxSJ41DSJ9DC4j1LAgext0xiuHP2vX5DpXtLZ310GzmXR c2zekXBoKiQwH6nGeNbXoiow157Xu7Z0H/DB4BxnXrvobF1d9blEmM5929juFCAA46R4 ph+XwL2ieCQs1B8pTUN4dgtkqU81TuhthhWj0u7qkARXB2J22SCDQz+rmL+J+xddPTuw lldxDPJwRyHJJykIP2mmxeYN0e8VYDeFWXf3X+MimMsUF0WI9t3S1rzlUqiFZxPtCrdM N98e9ES2ViIKlK1u/6P70j7JKTCF/Ev2qfi1NZpyaoClZ4Lw53XoSQreovX04UzYmnuO 795g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vvbUMGmZfp0SGptYcIWzpFmbqE45qUlmbovRBPwWHfQ=; b=Be3OJvyMqgBTyTNC9ZVbnFLCWYOVTOoB4ybMP9fujYzv7wVDHEitg9agCu/khzyxTv EXdV9Wgv5KH2zkVVrWHqhDe1EZOPyNEjKq3NCzGb4BOBsIfksSBeE7kIcGOgsjNCkbak 1kWwknXpa6k1FjOlaPAlfJ3I5FDlqMQztm4qjV1JHO3CKhvZkMvJFJ1RUkMhski1vDVT m7/HXarKpJ/2nupVBVk4nCiftICU0HBZM+GVoXcAH0XP9eilDMDj5HcV84EZsmAJe02J jOMyThFmia3fHfSfsQ/d/V1lWcWTp67KNsHpUbZt0N9Zv95ED/vU0ViZsOzCqkoM8ARa CpNw== X-Gm-Message-State: APf1xPAY+UUyUeFqCDWFu1I33J996o+VtiHlLP/WGpTOhi1Hp5n6DCIV 3ocDEdvWpSjZOZgWEJ+zzYrKIQ== X-Received: by 10.36.107.147 with SMTP id v141mr673763itc.38.1519629844173; Sun, 25 Feb 2018 23:24:04 -0800 (PST) Received: from localhost.localdomain ([203.205.141.123]) by smtp.googlemail.com with ESMTPSA id w125sm4990825itb.31.2018.02.25.23.24.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 25 Feb 2018 23:24:03 -0800 (PST) From: Wanpeng Li X-Google-Original-From: Wanpeng Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= Subject: [PATCH] KVM: X86: Allow userspace to define the microcode version Date: Mon, 26 Feb 2018 15:23:58 +0800 Message-Id: <1519629838-4898-1-git-send-email-wanpengli@tencent.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wanpeng Li Linux (among the others) has checks to make sure that certain features aren't enabled on a certain family/model/stepping if the microcode version isn't greater than or equal to a known good version. By exposing the real microcode version, we're preventing buggy guests that don't check that they are running virtualized (i.e., they should trust the hypervisor) from disabling features that are effectively not buggy. Suggested-by: Filippo Sironi Cc: Paolo Bonzini Cc: Radim Krčmář Signed-off-by: Wanpeng Li --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/x86.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 938d453..6e13f2f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -507,6 +507,7 @@ struct kvm_vcpu_arch { u64 smi_count; bool tpr_access_reporting; u64 ia32_xss; + u32 microcode_version; /* * Paging state of the vcpu diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1a3ed81..cc51c61 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -2247,7 +2247,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) switch (msr) { case MSR_AMD64_NB_CFG: - case MSR_IA32_UCODE_REV: case MSR_IA32_UCODE_WRITE: case MSR_VM_HSAVE_PA: case MSR_AMD64_PATCH_LOADER: @@ -2255,6 +2254,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_AMD64_DC_CFG: break; + case MSR_IA32_UCODE_REV: + if (msr_info->host_initiated) + vcpu->arch.microcode_version = data >> 32; + break; case MSR_EFER: return set_efer(vcpu, data); case MSR_K7_HWCR: @@ -2550,7 +2553,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = 0; break; case MSR_IA32_UCODE_REV: - msr_info->data = 0x100000000ULL; + msr_info->data = (u64)vcpu->arch.microcode_version << 32; break; case MSR_MTRRcap: case 0x200 ... 0x2ff: @@ -8232,6 +8235,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vcpu->arch.regs_dirty = ~0; vcpu->arch.ia32_xss = 0; + vcpu->arch.microcode_version = 0x1; kvm_x86_ops->vcpu_reset(vcpu, init_event); } -- 2.7.4