Received: by 10.223.185.116 with SMTP id b49csp3573781wrg; Mon, 26 Feb 2018 02:18:47 -0800 (PST) X-Google-Smtp-Source: AG47ELvFSkbVCaqlsHaTwBfMYihlRiIqILSwFALfGxuIyZxqiijQ5Jm4Zm2dH538n1Q5fAhsJJ9X X-Received: by 2002:a17:902:be14:: with SMTP id r20-v6mr4666943pls.172.1519640327069; Mon, 26 Feb 2018 02:18:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519640327; cv=none; d=google.com; s=arc-20160816; b=OttD/ufuQvZABnzIVyPN/bY9HCwxJJA70HEdGY7NAmfVqPMRYa0xPE3DXXJY3Rqibb b9aoaoVWrL5QE41gw43Ty1Uzs0alQ1qKQsGlHl3F/fSgCs2ecL74L84bmvzexphSwS1S U/pqpC/4BVE30S5lWCqQGexGEG+B5gM9UhAS5Yoa/8Fc4P0gcAnY2saFp/vW1gxNpJ9y WMxbN+sLF6VIUeAlS8aFhmTW9CfYXxS8edJkt4IDFzoXZtH4qKqdy+sOTfStk1I022lw jSADKRqpzcbJ6Tb5IsnPUC3qcdAR5iW8pJQ3x9XUjw0fcvyxlYYp9prLABPK7fvenv5x Ydow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=4Wr9HYQEtIQjpcGkzZql7i47i9C/vMDEUqe8srApfco=; b=ppFcrKMUG8C42SZBLuec96i1MnTn8YZlKjQ6nl0osstu3TUlRHsW+jeWSpo6yHjDtq W9UmxxU7SAktg9WbjVQ9CEgNUvb42syGFfihlj29h28//ZMECnbzkq3MELRlzsC5zF63 zX78Sci8M0xZbU/3Z8aC5DEuM0t7W/AOIbOsRszCO6kFvw9+Um1+g4rnO6lUIZwocPjn Nb93RCSLGLwr3sAqS18LH/RCpoMpQopyPzv5nV0rBAVwQhw55MDwtPjJZac1fFf5iOpi VYdpBG0w5ff2o7HgDQfkuw47OcceQKKpTUtuh6Itym881ygYZH+GlKAi5bZkR2h3Jy1q r6Iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tF0qNwX7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z14si1675913pgr.410.2018.02.26.02.18.31; Mon, 26 Feb 2018 02:18:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tF0qNwX7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752566AbeBZKRd (ORCPT + 99 others); Mon, 26 Feb 2018 05:17:33 -0500 Received: from mail-it0-f66.google.com ([209.85.214.66]:38796 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751925AbeBZKRb (ORCPT ); Mon, 26 Feb 2018 05:17:31 -0500 Received: by mail-it0-f66.google.com with SMTP id j7so9012149ita.3; Mon, 26 Feb 2018 02:17:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=4Wr9HYQEtIQjpcGkzZql7i47i9C/vMDEUqe8srApfco=; b=tF0qNwX7kHYAmZikOf3zqzg6fI+u9WyYgqxcOTeyLYg2l6q+sq4bdcIGbrEg5u8gm/ nfuqyGNiMNYG3lYT69L8gu6vXTPjlBgVYP198Lf105xslvaa8juP+7E+8dPcCxFFvI0k niQGSYa3Y9x7a18dkTcDLaYsbkK6tUmTFb7OKFsA2dXEIzk6caVifWxTQL5bnkDIoSF9 B3HfFskcv4eTMQ9MFQomvQ8krlGabVo8Wto7d/+ioBkKx5ku3BYBVxCoU50IiNgh3vq6 irg5TIwan7PfimBF9z20siuBwOmXVxudlMCs37DUduq921LY8XFAu8O8rQkuPO34y5Gd r70Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=4Wr9HYQEtIQjpcGkzZql7i47i9C/vMDEUqe8srApfco=; b=rPV1jJBPwJZoOApG2eBRtCu4raAmCsg1bK2oePsaZvfIatF9529PJhEHqrLwx0ZKdT fZ9UVc24YrKicn3Xn/uTvc19Mo1b/CupMKCnneWHFxgUCHTYLypW4g6bJSfRQrQqzqGF FKFS+64a4c2IQmOp/24EMFDJzWxCj9fKFBloEsGar2bniekH1wRhTKMG6l2UrDSf/Y8d y2gOMwiKeEWriEDnUb66Jd40qw6u4gHw5225IjUwMswRG6jFC7qPWMmdGOup0zPoMozo a7CfN9dCjO0Hit01pGbzGha4K/uROjf4i65lHCsn/Pj4U3rirpEZtxeR2OSkar7QKDHS eo5w== X-Gm-Message-State: APf1xPAgCN0uUnRNPAvCXf/ioDgthF7yKxT9qihUoxnDKdvslg/xhMQh 6ywPdV9+0V5zMaElG/FeE6tSZg== X-Received: by 10.36.70.142 with SMTP id j136mr12970746itb.31.1519640250585; Mon, 26 Feb 2018 02:17:30 -0800 (PST) Received: from localhost.localdomain ([203.205.141.123]) by smtp.googlemail.com with ESMTPSA id i21sm5162298itb.18.2018.02.26.02.17.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Feb 2018 02:17:29 -0800 (PST) From: Wanpeng Li X-Google-Original-From: Wanpeng Li To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Liran Alon Subject: [PATCH v2] KVM: X86: Allow userspace to define the microcode version Date: Mon, 26 Feb 2018 18:17:19 +0800 Message-Id: <1519640239-4428-1-git-send-email-wanpengli@tencent.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wanpeng Li Linux (among the others) has checks to make sure that certain features aren't enabled on a certain family/model/stepping if the microcode version isn't greater than or equal to a known good version. By exposing the real microcode version, we're preventing buggy guests that don't check that they are running virtualized (i.e., they should trust the hypervisor) from disabling features that are effectively not buggy. Suggested-by: Filippo Sironi Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Liran Alon Signed-off-by: Wanpeng Li --- v1 -> v2: * add MSR_IA32_UCODE_REV to emulated_msrs arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/x86.c | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 938d453..6e13f2f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -507,6 +507,7 @@ struct kvm_vcpu_arch { u64 smi_count; bool tpr_access_reporting; u64 ia32_xss; + u32 microcode_version; /* * Paging state of the vcpu diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1a3ed81..4ae9517 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1047,6 +1047,7 @@ static u32 emulated_msrs[] = { MSR_SMI_COUNT, MSR_PLATFORM_INFO, MSR_MISC_FEATURES_ENABLES, + MSR_IA32_UCODE_REV, }; static unsigned num_emulated_msrs; @@ -2247,7 +2248,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) switch (msr) { case MSR_AMD64_NB_CFG: - case MSR_IA32_UCODE_REV: case MSR_IA32_UCODE_WRITE: case MSR_VM_HSAVE_PA: case MSR_AMD64_PATCH_LOADER: @@ -2255,6 +2255,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) case MSR_AMD64_DC_CFG: break; + case MSR_IA32_UCODE_REV: + if (msr_info->host_initiated) + vcpu->arch.microcode_version = data >> 32; + break; case MSR_EFER: return set_efer(vcpu, data); case MSR_K7_HWCR: @@ -2550,7 +2554,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) msr_info->data = 0; break; case MSR_IA32_UCODE_REV: - msr_info->data = 0x100000000ULL; + msr_info->data = (u64)vcpu->arch.microcode_version << 32; break; case MSR_MTRRcap: case 0x200 ... 0x2ff: @@ -8232,6 +8236,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vcpu->arch.regs_dirty = ~0; vcpu->arch.ia32_xss = 0; + vcpu->arch.microcode_version = 0x1; kvm_x86_ops->vcpu_reset(vcpu, init_event); } -- 2.7.4