Received: by 10.223.185.116 with SMTP id b49csp4744505wrg;
        Tue, 27 Feb 2018 01:43:26 -0800 (PST)
X-Google-Smtp-Source: AH8x225S8MX/L0VdYBg5IXveDzHiXKC6Ft9BoYkqqVn/sZEdMnrF2R3kPez/rBr8z7xJgSdXZlF7
X-Received: by 10.101.64.194 with SMTP id u2mr10928777pgp.280.1519724606193;
        Tue, 27 Feb 2018 01:43:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519724606; cv=none;
        d=google.com; s=arc-20160816;
        b=HRfMxQWLHCRClNV/gsefs2q48xuszK5XVgj8p4f61rDXVvOriuhXKm3XU3vRGkvgvU
         lvEiegRbQqsZ/KlhwC3BfAehBIg7EephEj3KmZDyaWzbuj5i2NI7JOVhizRILUBsaSyE
         fKXRn2xrCSCcfvHLcgV59pyoXPrA0x5P99JJpTekxVnd/su6Q67SfiCqstuNzof0lRJm
         Rok82cghf+wWPddI7ELJVtpg5c5oVjZ1RaxRARs/qXtj0P68dTg/g4zmDIZI198TJes9
         T07a3lpQDGSlAQ81rSljmB/v881vVPCWcCffb68PrFwrrL4OHmXODCVwdw35R1UyXu6A
         OEDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=RG2msRp7aMauUIV7/g11mKjbrx0vLlTu/VZwJNoiWhU=;
        b=GVSHPrra3lkL5jY/GGKsPnrEBSAEjyD+k73L97YTwsa8r3RDlG4059djhun1l/gru+
         YRsIBTm8KPwvBsOHJP/okIDRWctTUefi7abAJjcR4iz8rRk1CL5cPoxFOwaoP5Awgh2V
         z+hhWz5wDXn+3+mA8RsRNaFIzpt0/VXkaJlwdoXx+r2NoK6l8XhtsfDjP8hjincRbSSj
         Pius/Qg4W7btVtZl+2/NOxco8bA451pHUX2hTnlgXHkGj43Rmev/WOarbrpusUHT9z0h
         JM6YUn6gcHwvv075BdaBZJ/b05vaYzVobmC4LVI+oyjD/QUlpMtgTZCo4hmvmb1Yx6eR
         +lWQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=s9/pebJ5;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s11si3061949pgf.196.2018.02.27.01.43.11;
        Tue, 27 Feb 2018 01:43:26 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=s9/pebJ5;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752532AbeB0J0b (ORCPT <rfc822;yingkeliu@gmail.com> + 99 others);
        Tue, 27 Feb 2018 04:26:31 -0500
Received: from mail-oi0-f66.google.com ([209.85.218.66]:36571 "EHLO
        mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752017AbeB0J01 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Feb 2018 04:26:27 -0500
Received: by mail-oi0-f66.google.com with SMTP id u73so7831691oie.3;
        Tue, 27 Feb 2018 01:26:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=RG2msRp7aMauUIV7/g11mKjbrx0vLlTu/VZwJNoiWhU=;
        b=s9/pebJ5RKhDraIlmFGHgaTMmwK2QGv26YZzN8+5HLXSShs5TPl9Sw68pxXWXteL1k
         /efMWJrxKB+jJgXvrA4zIoC+Q5bEd5e0pyl2ioclI5xFmCJiz8nK6s5VxHnNXSr1WW1w
         yyBpWwv6MS+KXwMCNT7Ex3Ta5D2mp9MYiwVMrp6VSE/FQmYWt5sQ3dJ1APuRrNPyocsQ
         GKZIdIppysFWfKNVzz8yQiuiZw4XLB+hZoMbQrNCljtW3kGyxGeRLrvmZVlGwnoX/dZi
         dyIN4k0K1IHRuDmujWBTN3SspAyMed5m4t81EeAF0GcDxjlvxplZNMPFx9KADMWilgwq
         TBHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=RG2msRp7aMauUIV7/g11mKjbrx0vLlTu/VZwJNoiWhU=;
        b=EPEdVhhpABokh/Wp2twln93+eHpWFNjx88HstxZvp9lD4lzNDKtkRYDVLstZbl2nap
         0YcOiTaEI7I+inRXTMzgH4foP4x1d3hnpTbsBN/vaGKovzfZALudD1hZFy92fN6G2mu6
         t9Q7pSpEJeBH91JmxXxt1ywvxEd/9lMD9LTDnIVcwtCKTU3DDuln+KhBeGxQ/rkiaz3W
         LqGFjuTxAuFMTgn/OicJFf5TmMPFTm+cdaIOjRD4LHG1LyTOWOeskYNBvwshvH1ziSly
         eZ84vLuVbVk5QOwVbMc2hWm+txPcECpG1+T9Y/pqmBU8nrvH+oIkQZ0sNZ35vsnGKBa4
         UmjQ==
X-Gm-Message-State: APf1xPDDj8XB94yqIKyniAbD0KSq/NZ/m9Pr5QP94dvH65i+3PEo8mwE
        UwNr3Hor45765i90JH1yFcyecGMpZtWOjB2J1SjAoQ==
X-Received: by 10.202.186.197 with SMTP id k188mr8720906oif.119.1519723587035;
 Tue, 27 Feb 2018 01:26:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.208.10 with HTTP; Tue, 27 Feb 2018 01:26:26 -0800 (PST)
In-Reply-To: <b6051971-04a5-09e7-d11f-3689369292fe@redhat.com>
References: <1519698910-4272-1-git-send-email-wanpengli@tencent.com> <b6051971-04a5-09e7-d11f-3689369292fe@redhat.com>
From:   Wanpeng Li <kernellwp@gmail.com>
Date:   Tue, 27 Feb 2018 17:26:26 +0800
Message-ID: <CANRm+CzvN5ypz=Y2moJQph36O5tpDbqzJtB2N_8Hm3guqWXYSg@mail.gmail.com>
Subject: Re: [PATCH v4] KVM: X86: Allow userspace to define the microcode version
To:     Paolo Bonzini <pbonzini@redhat.com>
Cc:     LKML <linux-kernel@vger.kernel.org>, kvm <kvm@vger.kernel.org>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Liran Alon <liran.alon@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

2018-02-27 16:38 GMT+08:00 Paolo Bonzini <pbonzini@redhat.com>:
> On 27/02/2018 03:35, Wanpeng Li wrote:
>> From: Wanpeng Li <wanpengli@tencent.com>
>>
>> Linux (among the others) has checks to make sure that certain features
>> aren't enabled on a certain family/model/stepping if the microcode versi=
on
>> isn't greater than or equal to a known good version.
>>
>> By exposing the real microcode version, we're preventing buggy guests th=
at
>> don't check that they are running virtualized (i.e., they should trust t=
he
>> hypervisor) from disabling features that are effectively not buggy.
>>
>> Suggested-by: Filippo Sironi <sironi@amazon.de>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 <rkrcmar@redhat.com>
>> Cc: Liran Alon <liran.alon@oracle.com>
>> Cc: Nadav Amit <nadav.amit@gmail.com>
>> Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
>> ---
>> v3 -> v4:
>>  * add the shifts back
>
> Please wait for a review instead of pushing new versions continuously.
> Leaving the shifts means that MSR_IA32_UCODE_REV's bits 0-31 are zeroed
> even if KVM_SET_MSRS makes them nonzero.

How about something like this?

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos=
t.h
index 938d453..df6720f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -507,6 +507,7 @@ struct kvm_vcpu_arch {
  u64 smi_count;
  bool tpr_access_reporting;
  u64 ia32_xss;
+ u64 microcode_version;

  /*
  * Paging state of the vcpu
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f874798..312f33f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1907,6 +1907,7 @@ static void svm_vcpu_reset(struct kvm_vcpu
*vcpu, bool init_event)
  u32 dummy;
  u32 eax =3D 1;

+ vcpu->arch.microcode_version =3D 0x01000065;
  svm->spec_ctrl =3D 0;

  if (!init_event) {
@@ -3962,9 +3963,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)

  msr_info->data =3D svm->spec_ctrl;
  break;
- case MSR_IA32_UCODE_REV:
- msr_info->data =3D 0x01000065;
- break;
  case MSR_F15H_IC_CFG: {

  int family, model;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 9968906..2cdbea7 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5781,6 +5781,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu
*vcpu, bool init_event)
  vmx->rmode.vm86_active =3D 0;
  vmx->spec_ctrl =3D 0;

+ vcpu->arch.microcode_version =3D 0x100000000ULL;
  vmx->vcpu.arch.regs[VCPU_REGS_RDX] =3D get_rdx_init_val();
  kvm_set_cr8(vcpu, 0);

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d4985a9..7afffd3 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1058,6 +1058,7 @@ static unsigned num_emulated_msrs;
 static u32 msr_based_features[] =3D {
  MSR_IA32_ARCH_CAPABILITIES,
  MSR_F10H_DECFG,
+ MSR_IA32_UCODE_REV,
 };

 static unsigned int num_msr_based_features;
@@ -1067,8 +1068,14 @@ static int do_get_msr_feature(struct kvm_vcpu
*vcpu, unsigned index, u64 *data)
  struct kvm_msr_entry msr;

  msr.index =3D index;
- if (kvm_x86_ops->get_msr_feature(&msr))
- return 1;
+ switch (msr.index) {
+ case MSR_IA32_UCODE_REV:
+ rdmsrl(msr.index, msr.data);
+ break;
+ default:
+ if (kvm_x86_ops->get_msr_feature(&msr))
+ return 1;
+ }

  *data =3D msr.data;

@@ -2248,7 +2255,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)

  switch (msr) {
  case MSR_AMD64_NB_CFG:
- case MSR_IA32_UCODE_REV:
  case MSR_IA32_UCODE_WRITE:
  case MSR_VM_HSAVE_PA:
  case MSR_AMD64_PATCH_LOADER:
@@ -2256,6 +2262,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)
  case MSR_AMD64_DC_CFG:
  break;

+ case MSR_IA32_UCODE_REV:
+ if (msr_info->host_initiated)
+ vcpu->arch.microcode_version =3D data;
+ break;
  case MSR_EFER:
  return set_efer(vcpu, data);
  case MSR_K7_HWCR:
@@ -2551,7 +2561,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)
  msr_info->data =3D 0;
  break;
  case MSR_IA32_UCODE_REV:
- msr_info->data =3D 0x100000000ULL;
+ msr_info->data =3D vcpu->arch.microcode_version;
  break;
  case MSR_MTRRcap:
  case 0x200 ... 0x2ff: