Received: by 10.223.185.116 with SMTP id b49csp3681158wrg;
        Mon, 26 Feb 2018 04:19:52 -0800 (PST)
X-Google-Smtp-Source: AH8x224KjWiDg4uvRCum6lXt/IrrpKB8VVekCC+bG9XJMLDjLat0+LD1qU1p48BGBytqZDs9//mF
X-Received: by 10.99.125.69 with SMTP id m5mr8176774pgn.77.1519647592294;
        Mon, 26 Feb 2018 04:19:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519647592; cv=none;
        d=google.com; s=arc-20160816;
        b=0fqkkUKFgQeJYIwdch1eEtn8K3qtyUeJxa5P5k//mo2rSB74bbZmTKxBuTspkfSN4R
         Zi5QC6ZLkQ36dIjq3soQU9THB2jvaKAoD72nIJb1lbkQ/hIJLlTK+czsUpvtDUd3skz6
         UjgTazbDHQx9piYhh81HfLgMyXdx8wEGCu2tX7JU0oz/WrkbiB0kXGq8rjNkjn+h/1Yt
         r1jY/Aw+nXYuCxhZCd+vp1zz6bacD9n3Ngpz4kA802sq58UAk0ii96sAFH9AWN3fKtuD
         YrwgQwipiqgivlGt+qirhhBgeSOlhkJ+R2f6zMcnhyDBlGpCUSiL9DnjASwO3WDSrRU3
         o8Ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:references:cc:to:from:subject:dkim-signature
         :arc-authentication-results;
        bh=S8Rm5tMXgROkDQkOlmVFSkkUz1DqbZEhksAjL5dLSKA=;
        b=DxYa2LiLSZ/PlzF1FmeLy1JX50ZHq4X/8i7ktcK5Ki3pOKy4AhEVT0CwWAzoWCo9Du
         aSHKNAXgNMCt9Y6gz5g4lVywKN+iuPOr3D6Bkj7zFv3wwloOe1KOIqYH4FFsuwApbsXO
         Pdj6GR/0rQEV4U9xRYYdOZANvxbDGDu7gnjVUjZZurvzbin7Jp+5KSWxIosGyhzRRRNj
         8PLUBovAfwlrswfIar9PL8x7Ucmx2EwsTLXcP/T2c37zWryzb4knIcYm+7ow2/J15uq+
         +AuLXxvyDP7QHcJtEn54HcOMjCD1gN0vprtzrqTnTF/44u1Tt9ze+9XQILo6Qs9U7slw
         2HUg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=J4detk2D;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h91-v6si6657027pld.202.2018.02.26.04.19.38;
        Mon, 26 Feb 2018 04:19:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=J4detk2D;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752948AbeBZMSN (ORCPT <rfc822;linuxbirdgao@gmail.com>
        + 99 others); Mon, 26 Feb 2018 07:18:13 -0500
Received: from mail-wm0-f68.google.com ([74.125.82.68]:51143 "EHLO
        mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752780AbeBZMSL (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Feb 2018 07:18:11 -0500
Received: by mail-wm0-f68.google.com with SMTP id w128so11054788wmw.0;
        Mon, 26 Feb 2018 04:18:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:subject:from:to:cc:references:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=S8Rm5tMXgROkDQkOlmVFSkkUz1DqbZEhksAjL5dLSKA=;
        b=J4detk2DsWnGcUjpTKLrLfW+HmQfHaC/JSjjQ++Ifv2R0d5Ovwv97GNVdmUQX5raP5
         L+FGSpTU1ziGGMyKlDebm27XLtW8tugxyW5W4YBcb3hDuIU8B/WVRXaWVC5pC9z3Eg9E
         ntQjaXwMquTKR+yDymEyqwPvfYiKBixgsLso8gGr1FzxjzCoHT6m0iAmrnkXIlBmDlyN
         cBE48LBjXMHdVsvIr4lssaUgkFDTZ1MbvSexP5DyaeyRmgYrsP7Ras/N0FMZJKx0ZYQT
         EqXDtL6PQubycC5CEsO4PYFX3t30xY0vm+D2H/rZkdAMCdgYYZPmNkozsPr6khcRxqCX
         N0fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:subject:from:to:cc:references:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=S8Rm5tMXgROkDQkOlmVFSkkUz1DqbZEhksAjL5dLSKA=;
        b=NW9jF5X/ECsgQgL80wkaX0+t8uW7JPC1tS5I7R+w/zmsP+IFi7GgP4Kc3mVd3oqpHM
         j+218nv92f5IXlPgeFZAkK2H6fzEYEkKjs8gxkZmCM07mbIHOj4rGmiRfu4Se6tu+jNo
         Y3dd4pKFh8AaSIm4vBQWSJEbif4srZCXf2Rfa+28KowjIoO594gskwbQw/31mzZgu+LQ
         nqQN1haXS/C24Aq3RVXv3oYJRRflV7rSCdJkFlmERhOpQ1YBg8UjLe3RC880LBccgaqn
         vI+53ugmSR9rnueKmUMO+FNN6TjjE7VdWhT8pTuES3n1WYLsEx7cVh0p9H/j6XyUPEAy
         W9ZA==
X-Gm-Message-State: APf1xPAPeurjj+Q4oFDlt23WWGvTUqgCltOEff/PB8/1GeKZYjJTJXjO
        w/2swNKBo9LvnXhImCcYRW8=
X-Received: by 10.80.177.244 with SMTP id n49mr13994811edd.239.1519647489951;
        Mon, 26 Feb 2018 04:18:09 -0800 (PST)
Received: from [192.168.10.165] (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219])
        by smtp.googlemail.com with ESMTPSA id n2sm7764467edl.74.2018.02.26.04.18.07
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 26 Feb 2018 04:18:08 -0800 (PST)
Subject: Re: [PATCH] KVM: X86: Allow userspace to define the microcode version
From:   Paolo Bonzini <pbonzini@redhat.com>
To:     Borislav Petkov <bp@alien8.de>
Cc:     Wanpeng Li <kernellwp@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>, kvm <kvm@vger.kernel.org>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>
References: <20180226094148.GA15539@pd.tnic>
 <CANRm+CzODxLQ4UHgFCnpjABmBUvi9sbw=uyO1xk1dyWgnH86ig@mail.gmail.com>
 <20180226104921.GA4377@pd.tnic>
 <CANRm+Cy+Cr1-AMwM+u20X53=GqY0zfOugFypZcZwyJmnnwNNwA@mail.gmail.com>
 <20180226111630.GB4377@pd.tnic>
 <CANRm+Cxw2-8Cf+6cg_yZC+SD66uNA5RO+ZaoHHmkpHLzjCih=A@mail.gmail.com>
 <20180226113000.GC4377@pd.tnic>
 <CANRm+CzwY2yzKFXF7r=vfqDaHHoHxC221TSBtSHC2XtvkrQxHA@mail.gmail.com>
 <20180226114409.GD4377@pd.tnic>
 <46cecef2-b0fb-b0c2-bbf3-983328d52763@redhat.com>
 <20180226121509.GE4377@pd.tnic>
 <24cd527d-5287-f0be-ffe8-eab341bf1d94@redhat.com>
Message-ID: <3866d359-0ef8-6a99-6254-84890be62b93@redhat.com>
Date:   Mon, 26 Feb 2018 13:18:07 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <24cd527d-5287-f0be-ffe8-eab341bf1d94@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 26/02/2018 13:16, Paolo Bonzini wrote:
> On 26/02/2018 13:15, Borislav Petkov wrote:
>> On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote:
>>> I don't understand how one thing follows from the other.  How are writes
>>> to 0x8B related to having a virtualized microcode loaded (which is a
>>> concept that actually makes no sense at all)?
>>
>> I'm questioning the whole idea. 0x8b is the MSR which gives you the
>> microcode revision. Most CPUs don't even allow writing to it, AFAICT.
>> (SDM says "may prevent writing" on VM transitions.)
>>
>> So how is that host-initiated write to 0x8b is even going to work, in
>> reality? kvm module writes the microcode version in there? How does the
>> admin work around that?
> 
> In this context, "host-initiated" write means written by KVM userspace
> with ioctl(KVM_SET_MSR).  It generally happens only on VM startup, reset
> or live migration.

To be clear, the target of the write is still the vCPU's emulated MSR.

Paolo