Received: by 10.223.185.116 with SMTP id b49csp4399001wrg; Mon, 26 Feb 2018 17:22:15 -0800 (PST) X-Google-Smtp-Source: AH8x227KkEVoRmoWLqTX9THSWjZxHlUX1r/VrEvCP/enadOIB55QOZQtogrI3eGrpBR9t58Tu/kJ X-Received: by 2002:a17:902:2f81:: with SMTP id t1-v6mr12551433plb.290.1519694535141; Mon, 26 Feb 2018 17:22:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519694535; cv=none; d=google.com; s=arc-20160816; b=ur8SPrMZ8Pzx/59QSzIVniGriDH4se1t5QCZMuW2C01yrwpK7HbG28wWEma9bfkKRA Vy1Hnp1G8vjTLAbH9zzY7sPUGhXv+HR93I62eGVuYKqS0DmVtnJTP3IuItnFQm3FYdYp H3jz8nE97VwExU3NHVB3IlI+lWrx18hsUE1kIc5FxkEdysUrFQn3f1tBhsSexxyFqsBc jV17yp2feh8fnUGIFQSM6FTmXNo7pxI0XuLL3+W/CKoucId0DRAMllMKKNJlYCyuVcb9 xq/I924wp6KAPfm2KWcXikfh9k46GBFaH6n2qH5dmqBIr9uFU5QanHJk2Jrjm/FBI0x4 bIVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=WPMe40eiD2HGIviucjReNygqHM86LPu8yB5E0VegbH4=; b=LcO0TiBDVyvQf8csk21qYU+7HtBHWXqu1+vJ2bAMvS+u1LA0feSNSenWtnt/OmmG4W scAEu/kzMqd/Qu0r+BXWVpkiCywgdESOYtvCV+If6SZPNTPJXNyhJLokWTkdqUlUVQjX E0NffbgihpcdjXQSwUR0uOzjKBljFVPI+ufrD4K7+pkR4NPyZ38LFQxgLDFRu2B23sXj KbC7C0Ckci6JMFk5rqQwhMrdcVrullgQOoTCzKyQupEIueA0e+bMTPje22neg+HfJ+tB TCXmYJaF83omXZi4uks3iWkcv7mIisUuHqAUwiTpfqqtcNf5l3hCXNZAfO/GuzaHealI fSxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=hA+5kMLd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q126si2806605pfb.414.2018.02.26.17.22.00; Mon, 26 Feb 2018 17:22:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=hA+5kMLd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751617AbeB0BVU (ORCPT + 99 others); Mon, 26 Feb 2018 20:21:20 -0500 Received: from mail-ot0-f196.google.com ([74.125.82.196]:34268 "EHLO mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751445AbeB0BVS (ORCPT ); Mon, 26 Feb 2018 20:21:18 -0500 Received: by mail-ot0-f196.google.com with SMTP id n74so2336368ota.1; Mon, 26 Feb 2018 17:21:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=WPMe40eiD2HGIviucjReNygqHM86LPu8yB5E0VegbH4=; b=hA+5kMLdBpAlj9BRivuWWWMPKoZ9EgFDi4xVRJq9+ZKQR7tZ0Pvzai+Bj1Lpa2VZgy Vh9ALhUIYYVgUA7caBQs8Q8GydFkhsXUYR3lI/QSf2HRcVKADZraxS4/FUJaOb1mtF6W +jtSmqLlCslUC4qfB76ih5hsAA9S6tcaSdOxy2/bX7XY3YqVHUROlQGfKGDe39ciplDU hau6cz5wYZgL/jwpY12hMf1Jiod5lTOiOX8WggqE4a1qJD83aHOJQKlk913SJiUWMpXd OOVLSC8OM694McxEH4/UjzbCkLGtJRP9SikUcAXd5FnRQkfNt8lJZSoJ/hqbyavagFNF OjIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=WPMe40eiD2HGIviucjReNygqHM86LPu8yB5E0VegbH4=; b=HvC2p6BVcBCOLeSxqXe1LvyZgYrN+G6VbAkUFXiwrWLjLLRLSADRDoTHr72KDfiM8k DJQG0UwLHIbgQZRaQMkTS9VNIHx+E5AuLHe057IAbiggQEC6fJymCx2P0cQxBtjyITaB 5dKez+sH/ffagIPq9phaZFvp16Q1BDrk6Z9AOECDFiaaQSkJm9THlxyJEEwYtsdyJBzx 6f5IfSHBrXC+pdvqCo5D41FZ9K8fpFQR2GBLbSu9YH8Tk3myFyYUUHzugRhX4EG3Jzjz InxQiqcRUx+sLbGkeMakVjeWXz/eF/naL3i5Te+I/0VRaCyW9IOTcKnQ6FP6UcWSotCE FzTg== X-Gm-Message-State: APf1xPAVfnwi3Sbtri9PvW85N1y3cO5EoF/D1IHuyPQ5h3DpYD99pTnH TkUDYsSgzTTjaauFAfi+PSl8JcMUfDqqpL3pMlo= X-Received: by 10.157.83.16 with SMTP id g16mr8740244oth.270.1519694478207; Mon, 26 Feb 2018 17:21:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.208.10 with HTTP; Mon, 26 Feb 2018 17:21:17 -0800 (PST) In-Reply-To: <469812b9-d003-249a-d6d3-de74c24e4146@redhat.com> References: <1519640239-4428-1-git-send-email-wanpengli@tencent.com> <469812b9-d003-249a-d6d3-de74c24e4146@redhat.com> From: Wanpeng Li Date: Tue, 27 Feb 2018 09:21:17 +0800 Message-ID: Subject: Re: [PATCH v2] KVM: X86: Allow userspace to define the microcode version To: Paolo Bonzini Cc: LKML , kvm , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Liran Alon Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-02-26 19:42 GMT+08:00 Paolo Bonzini : > On 26/02/2018 11:17, Wanpeng Li wrote: >> From: Wanpeng Li >> >> Linux (among the others) has checks to make sure that certain features >> aren't enabled on a certain family/model/stepping if the microcode versi= on >> isn't greater than or equal to a known good version. >> >> By exposing the real microcode version, we're preventing buggy guests th= at >> don't check that they are running virtualized (i.e., they should trust t= he >> hypervisor) from disabling features that are effectively not buggy. >> >> Suggested-by: Filippo Sironi >> Cc: Paolo Bonzini >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >> Cc: Liran Alon >> Signed-off-by: Wanpeng Li >> --- >> v1 -> v2: >> * add MSR_IA32_UCODE_REV to emulated_msrs >> >> arch/x86/include/asm/kvm_host.h | 1 + >> arch/x86/kvm/x86.c | 9 +++++++-- >> 2 files changed, 8 insertions(+), 2 deletions(-) >> >> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_= host.h >> index 938d453..6e13f2f 100644 >> --- a/arch/x86/include/asm/kvm_host.h >> +++ b/arch/x86/include/asm/kvm_host.h >> @@ -507,6 +507,7 @@ struct kvm_vcpu_arch { >> u64 smi_count; >> bool tpr_access_reporting; >> u64 ia32_xss; >> + u32 microcode_version; >> >> /* >> * Paging state of the vcpu >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 1a3ed81..4ae9517 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -1047,6 +1047,7 @@ static u32 emulated_msrs[] =3D { >> MSR_SMI_COUNT, >> MSR_PLATFORM_INFO, >> MSR_MISC_FEATURES_ENABLES, >> + MSR_IA32_UCODE_REV, >> }; >> >> static unsigned num_emulated_msrs; >> @@ -2247,7 +2248,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, stru= ct msr_data *msr_info) >> >> switch (msr) { >> case MSR_AMD64_NB_CFG: >> - case MSR_IA32_UCODE_REV: >> case MSR_IA32_UCODE_WRITE: >> case MSR_VM_HSAVE_PA: >> case MSR_AMD64_PATCH_LOADER: >> @@ -2255,6 +2255,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, str= uct msr_data *msr_info) >> case MSR_AMD64_DC_CFG: >> break; >> >> + case MSR_IA32_UCODE_REV: >> + if (msr_info->host_initiated) >> + vcpu->arch.microcode_version =3D data >> 32; > > Please remove the shifts, and add the MSR_IA32_UCODE_REV version to the > "feature MSRs" recently added by Tom Lendacky. Do it in v3, thanks for the review. :) Regards, Wanpeng Li > > Thanks, > > Paolo > >> + break; >> case MSR_EFER: >> return set_efer(vcpu, data); >> case MSR_K7_HWCR: >> @@ -2550,7 +2554,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, stru= ct msr_data *msr_info) >> msr_info->data =3D 0; >> break; >> case MSR_IA32_UCODE_REV: >> - msr_info->data =3D 0x100000000ULL; >> + msr_info->data =3D (u64)vcpu->arch.microcode_version << 32= ; >> break; >> case MSR_MTRRcap: >> case 0x200 ... 0x2ff: >> @@ -8232,6 +8236,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool in= it_event) >> vcpu->arch.regs_dirty =3D ~0; >> >> vcpu->arch.ia32_xss =3D 0; >> + vcpu->arch.microcode_version =3D 0x1; >> >> kvm_x86_ops->vcpu_reset(vcpu, init_event); >> } >> >