Received: by 10.223.185.116 with SMTP id b49csp3566655wrg; Mon, 26 Feb 2018 02:09:27 -0800 (PST) X-Google-Smtp-Source: AH8x2262eG83Oml4OJzMHwSvbJXgZO079kcdpUFOyn3nQzQULtRrbyd/MdO+E8LxZYzv2WuFT6a8 X-Received: by 10.98.163.67 with SMTP id s64mr10113242pfe.67.1519639767716; Mon, 26 Feb 2018 02:09:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519639767; cv=none; d=google.com; s=arc-20160816; b=JcY2Bb02hgI04rfSRRgwJiung5SCiYftJm+W/CsDAi1MlrKCuf/sDxmvxVz8m7/Da6 jrh1sS4SR9Fi1G/bfzZOcsnnXuFWP7q6uTaoS9BdVPWB7vbJx6GcHOhTSUZtbIZj5O/m D9v9s3qMowWKpQldG0NhutsQaJOYeqUURJk9e4AokjZJVqqsfoes8ft7HYgXTLRpeTpt oX7+wTChnkm9ypkU3W8XULt0Rt74oFmgrqhUocSLOVDUw2o++q0VFyl5VgBENsub/7oJ SPE7f0LAcxx11WNd796BD2xVEKC+bMsT3X+bn9SOgeq8ALil/IssbzN6BvjEjThTWzmA 1U5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=4JnKvJ+FLPrsCTDhQ5lHS0doX+AzQRft0D4mqbrWgj4=; b=g/eBsxUsr/nXjS97rvx/YsA9kBZHrGao9vIYnETOJFo7gPeG+zyK45ZJYlvmNB/dbn 17f8PJhiROPxaaayYmkxmQUbFi0JPX57IK1vztNkVwJnOBUmrlJujR0lNXwVPTlPX8TS l36HS6q9YI7yBH6Puu4/afT86xDOL6ZTDMhjfmrQ3lL32H/ORGpgpfptRq/xpnYBa4nw SZDS5m8cI0yBeX1YBsKKtH3AlWK1mWKcYTIEG1IwfQX/79wZzEiGBMabxc9tUCUhK2b5 FQRnPwOTGe7W/x3n7dNnpQAdOTNSm6vNFwixB5wP2D1EbVaAq6k8A4XEzXSG+w64TE3h VQdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=BDMXm8Vk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 38-v6si6525241pln.397.2018.02.26.02.09.13; Mon, 26 Feb 2018 02:09:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=BDMXm8Vk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752336AbeBZKIY (ORCPT + 99 others); Mon, 26 Feb 2018 05:08:24 -0500 Received: from mail-oi0-f65.google.com ([209.85.218.65]:39467 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751022AbeBZKIR (ORCPT ); Mon, 26 Feb 2018 05:08:17 -0500 Received: by mail-oi0-f65.google.com with SMTP id t185so10199038oif.6; Mon, 26 Feb 2018 02:08:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=4JnKvJ+FLPrsCTDhQ5lHS0doX+AzQRft0D4mqbrWgj4=; b=BDMXm8Vk0Lcr/uKeDyji8akFyIkBXQXWSMjze5bGlo4iRTVmKbj8BrIY2ucyKDl/Wk e6su+OeAi3b1lc57Nrd8rtW8/ozK0tpY19tAZUZEqUjuJa/2stmR2aHGfsvaHCMaOhLf fUqZMaYuWz9GEoCQ1LEnzSomVp6sqmO4lfrn+DNaOJZZ/VU932lwozEsYaCUF8SehCqR gsGbmgcBortKldDYLUwhltwgeaLvzj6/wIHbOu1HHLTGkKN5HRrWCGb0VtuIpUdCJCrt d04q2ejtwVG/5DdQ9tmOcyJMhEQHhhko2dvrFyQB49XTgTrShl50XgxWJM948RYrnhyj n/VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=4JnKvJ+FLPrsCTDhQ5lHS0doX+AzQRft0D4mqbrWgj4=; b=U/KK8dEeEqNFCt8OvuyB95u4lTLOHmz260vr6PlIbm5LnsncGwUFo3JzM8sMOCw+F+ XG1o+XR2pTx8vEEWW1xt6Lao4PimsjEL5s6nNIODMWsDnyiB90RFlz9K4I5EebaR0aG7 xKU+uIeTf1fI0Oj1Q2fb/r6WpaC6aThpLE4xNqnk8jE80Z/bIyhlfdGXfIJa43dLJYWi mT6ZEtDH3he6EVYkqIYiCmji6WIa6Wlg7qNbQfV1OnNY4FjAF53aCv8BZdnACEN2wAr0 9zoroIAjmhifbcF1JQZ4Yb2OtbDtTWugnQK8PsprunrpLXaXycjBiInqyiTGPohLh70b SG6g== X-Gm-Message-State: APf1xPBkjnnGKFX545EQvlE1Vmnd33BrPXNSwUboW0I3myhQKLyF/tWc usubpNSx3Qy6a0NvibEElV4UHv2sd+wJC8i4boU= X-Received: by 10.202.56.68 with SMTP id f65mr6497382oia.74.1519639695357; Mon, 26 Feb 2018 02:08:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.208.10 with HTTP; Mon, 26 Feb 2018 02:08:14 -0800 (PST) In-Reply-To: <1f6d0e8e-6d76-4262-9e8b-f8b1f23d8248@default> References: <1f6d0e8e-6d76-4262-9e8b-f8b1f23d8248@default> From: Wanpeng Li Date: Mon, 26 Feb 2018 18:08:14 +0800 Message-ID: Subject: Re: [PATCH] KVM: X86: Allow userspace to define the microcode version To: Liran Alon Cc: Radim Krcmar , Paolo Bonzini , LKML , kvm Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-02-26 17:26 GMT+08:00 Liran Alon : > > ----- kernellwp@gmail.com wrote: > >> From: Wanpeng Li >> >> Linux (among the others) has checks to make sure that certain features >> >> aren't enabled on a certain family/model/stepping if the microcode >> version >> isn't greater than or equal to a known good version. >> >> By exposing the real microcode version, we're preventing buggy guests >> that >> don't check that they are running virtualized (i.e., they should trust >> the >> hypervisor) from disabling features that are effectively not buggy. >> >> Suggested-by: Filippo Sironi >> Cc: Paolo Bonzini >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >> Signed-off-by: Wanpeng Li >> --- >> arch/x86/include/asm/kvm_host.h | 1 + >> arch/x86/kvm/x86.c | 8 ++++++-- >> 2 files changed, 7 insertions(+), 2 deletions(-) >> >> diff --git a/arch/x86/include/asm/kvm_host.h >> b/arch/x86/include/asm/kvm_host.h >> index 938d453..6e13f2f 100644 >> --- a/arch/x86/include/asm/kvm_host.h >> +++ b/arch/x86/include/asm/kvm_host.h >> @@ -507,6 +507,7 @@ struct kvm_vcpu_arch { >> u64 smi_count; >> bool tpr_access_reporting; >> u64 ia32_xss; >> + u32 microcode_version; >> >> /* >> * Paging state of the vcpu >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 1a3ed81..cc51c61 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -2247,7 +2247,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, >> struct msr_data *msr_info) >> >> switch (msr) { >> case MSR_AMD64_NB_CFG: >> - case MSR_IA32_UCODE_REV: >> case MSR_IA32_UCODE_WRITE: >> case MSR_VM_HSAVE_PA: >> case MSR_AMD64_PATCH_LOADER: >> @@ -2255,6 +2254,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, >> struct msr_data *msr_info) >> case MSR_AMD64_DC_CFG: >> break; >> >> + case MSR_IA32_UCODE_REV: >> + if (msr_info->host_initiated) >> + vcpu->arch.microcode_version =3D data >> 32; >> + break; >> case MSR_EFER: >> return set_efer(vcpu, data); >> case MSR_K7_HWCR: >> @@ -2550,7 +2553,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, >> struct msr_data *msr_info) >> msr_info->data =3D 0; >> break; >> case MSR_IA32_UCODE_REV: >> - msr_info->data =3D 0x100000000ULL; >> + msr_info->data =3D (u64)vcpu->arch.microcode_version << 32= ; >> break; >> case MSR_MTRRcap: >> case 0x200 ... 0x2ff: >> @@ -8232,6 +8235,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool >> init_event) >> vcpu->arch.regs_dirty =3D ~0; >> >> vcpu->arch.ia32_xss =3D 0; >> + vcpu->arch.microcode_version =3D 0x1; >> >> kvm_x86_ops->vcpu_reset(vcpu, init_event); >> } >> -- >> 2.7.4 > > I think you need to add MSR_IA32_UCODE_REV to emulated_msrs[] > to allow for proper live-migration of this MSR value. Good catch, will do in v2. Regards, Wanpeng Li