Received: by 10.223.185.116 with SMTP id b49csp5711466wrg;
        Tue, 27 Feb 2018 19:35:43 -0800 (PST)
X-Google-Smtp-Source: AH8x226b7Im0gtX8peD9B4ZP6NKL0tklrOdWHWIDb/39+LEtlAdk2pA86KtGftEZfMB/0TQNNcwk
X-Received: by 2002:a17:902:6f17:: with SMTP id w23-v6mr16535105plk.336.1519788943015;
        Tue, 27 Feb 2018 19:35:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519788942; cv=none;
        d=google.com; s=arc-20160816;
        b=OuLpZ4VkLHSinuBWm7FXzULh/c3oP9W9hHZdEC0lEgx+pUSO8kZYxJwNrU95fFQ3mt
         z8h00lFQSIL8EFAK47e+XoSJXrDHfIx94kwHQT4ZFCTHr4LAM+uadxnyu5A+IR0Ioi9G
         JrMngjTAF7+Mk7n4RPTSq7XW3u0nOQgc1pjeYJ9agP4990zVtgNetPMunjLO/7mYwU+Z
         At/nPpeBF62fnNI79tHagPEO807hLuwgGI06ufDantEhau1yKjvdVgGGaZah2AwMXM0Z
         TDrMFtXndUhYsM/RSvcWkgajw/w005IOs6oBlJXBQV+zPFB8b9+abcnjEdJOcmuHuGP+
         YYrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=FFY+J0FGYGB/XQrJ/ntbpA4c0LrquQu9E90fOlwzl/k=;
        b=z0BE/NC7ieXFbyJnOl5ZomceKrWZI5UNAJsY4ki8CmWmrpQlLPFw0SauIamV9JY6fA
         cK4S+FWzQ3bOxuXTGs5ads9sD+9/jfr6msDd5xoJ71tZXd9nK1vL582kRXx8WJUuj7sb
         4ClVPofhsv6VssCgX0aNRaA47vRT+6/XPDY0VYly9XzHxI2+YvnL4qBB7+HxpL0oth0z
         2t5xw89sA+DYtYPUV0LWnM/cf0UYEHE//JbK17mG3hT+BruDlaiW+O4CadWPjeLRPkZW
         4Mcf0KmLpdcFomR6VV5Nacu1hXGT9zL6/NUSavr25lK/80hIGN8DOyxaC2v8vFYakJuy
         nmTA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Uwvqp0f9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w16-v6si542664plk.271.2018.02.27.19.35.27;
        Tue, 27 Feb 2018 19:35:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Uwvqp0f9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752000AbeB1Des (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Tue, 27 Feb 2018 22:34:48 -0500
Received: from mail-pl0-f65.google.com ([209.85.160.65]:37204 "EHLO
        mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751682AbeB1Deo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Feb 2018 22:34:44 -0500
Received: by mail-pl0-f65.google.com with SMTP id ay8-v6so736854plb.4;
        Tue, 27 Feb 2018 19:34:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=FFY+J0FGYGB/XQrJ/ntbpA4c0LrquQu9E90fOlwzl/k=;
        b=Uwvqp0f95K7u6sdd0eCQIe6dBjWsAGwGCVS9vwGhT6/1MEwX5BkRJREjLvZk8pCzZs
         tdRdkRhUkggajKb70pyvB2Vz4HIjovJZMzf9KGW/Y7JdivPNzTCJ/2TXRD3sV4eZH61C
         lk5RZmvYuZbhpEMsJC03/wM9i+WbyUnUdQSn9o0dU4kikeOB9mnpsuOD2H+VgEcKlIne
         dGJ+keq56l7Erx0Nu7J04cngvw2yHa/lGblZsSWJBB37FvnA3poborlw9XpZn+7PJDwQ
         /SjuUVyDJRGKsPiz1+cSkH0Q4DQzR3JnggQ9fDyL74sMtLZuKXHD1vxV3iqN2xHTVL+k
         Gc/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=FFY+J0FGYGB/XQrJ/ntbpA4c0LrquQu9E90fOlwzl/k=;
        b=iAenzazCJhHSl/fjufSdPDpm8ZJwngGOKMjlqmp3EYDxBbd5xvxtZqLYUXLDunE51p
         zMtnnlaEZRHZdOgr8VGT/5+9lKTb3Kvpt3UwkE+R//4tTSvcZ395ISES1oKhbTiSjt9g
         eBJP5q1Wt12eSbBXaeUA20DS73RES76LHVs20gKuzvL7PJ0iaIRiM6WdIeeZiaDYDNwl
         wfanklHOuCBl2i9iYtQlqKVNr0vidJ/4nTdbw7eSFikGSriA8TKeInOiJQHH3n+DcisZ
         i5zXX2uuOFkvr8wA+W/ON1TogJcdUIygNIT0nJrvK6Wf1P9DpvJoT7+jXdIHG9Fhco3P
         HV5g==
X-Gm-Message-State: APf1xPC9kujWrMbkzr04pZPc0vHYT3jhsLmB+wTTCYyC42Ns7siWO62X
        STUW095b4E4hEu0m7Zpi3go7dg==
X-Received: by 2002:a17:902:7c07:: with SMTP id x7-v6mr10190214pll.150.1519788883896;
        Tue, 27 Feb 2018 19:34:43 -0800 (PST)
Received: from localhost.localdomain ([203.205.141.123])
        by smtp.googlemail.com with ESMTPSA id o5sm848319pfh.51.2018.02.27.19.34.40
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Tue, 27 Feb 2018 19:34:43 -0800 (PST)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpengli@tencent.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Liran Alon <liran.alon@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v5 2/2] KVM: X86: Allow userspace to define the microcode version
Date:   Wed, 28 Feb 2018 11:34:34 +0800
Message-Id: <1519788874-16561-2-git-send-email-wanpengli@tencent.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1519788874-16561-1-git-send-email-wanpengli@tencent.com>
References: <1519788874-16561-1-git-send-email-wanpengli@tencent.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Wanpeng Li <wanpengli@tencent.com>

Linux (among the others) has checks to make sure that certain features 
aren't enabled on a certain family/model/stepping if the microcode version 
isn't greater than or equal to a known good version.

By exposing the real microcode version, we're preventing buggy guests that
don't check that they are running virtualized (i.e., they should trust the
hypervisor) from disabling features that are effectively not buggy.

Suggested-by: Filippo Sironi <sironi@amazon.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
---
v4 -> v5:
 * microcode_version be u64 and initialized suitable, remote hte shifts
v3 -> v4:
 * add the shifts back
v2 -> v3:
 * remove the shifts
 * add the MSR_IA32_UCODE_REV version to the "feature MSRs"
v1 -> v2:
 * add MSR_IA32_UCODE_REV to emulated_msrs

 arch/x86/include/asm/kvm_host.h |  1 +
 arch/x86/kvm/svm.c              |  4 +---
 arch/x86/kvm/vmx.c              |  1 +
 arch/x86/kvm/x86.c              | 10 ++++++++--
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 938d453..df6720f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -507,6 +507,7 @@ struct kvm_vcpu_arch {
 	u64 smi_count;
 	bool tpr_access_reporting;
 	u64 ia32_xss;
+	u64 microcode_version;
 
 	/*
 	 * Paging state of the vcpu
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f874798..312f33f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1907,6 +1907,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 	u32 dummy;
 	u32 eax = 1;
 
+	vcpu->arch.microcode_version = 0x01000065;
 	svm->spec_ctrl = 0;
 
 	if (!init_event) {
@@ -3962,9 +3963,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 
 		msr_info->data = svm->spec_ctrl;
 		break;
-	case MSR_IA32_UCODE_REV:
-		msr_info->data = 0x01000065;
-		break;
 	case MSR_F15H_IC_CFG: {
 
 		int family, model;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 9968906..2cdbea7 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5781,6 +5781,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 	vmx->rmode.vm86_active = 0;
 	vmx->spec_ctrl = 0;
 
+	vcpu->arch.microcode_version = 0x100000000ULL;
 	vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val();
 	kvm_set_cr8(vcpu, 0);
 
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index efc8554..52a09df 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1065,6 +1065,9 @@ static unsigned int num_msr_based_features;
 static int kvm_get_msr_feature(struct kvm_msr_entry *msr)
 {
 	switch (msr->index) {
+	case MSR_IA32_UCODE_REV:
+		rdmsrl(msr->index, msr->data);
+		break;
 	default:
 		if (kvm_x86_ops->get_msr_feature(msr))
 			return 1;
@@ -2260,7 +2263,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 
 	switch (msr) {
 	case MSR_AMD64_NB_CFG:
-	case MSR_IA32_UCODE_REV:
 	case MSR_IA32_UCODE_WRITE:
 	case MSR_VM_HSAVE_PA:
 	case MSR_AMD64_PATCH_LOADER:
@@ -2268,6 +2270,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_AMD64_DC_CFG:
 		break;
 
+	case MSR_IA32_UCODE_REV:
+		if (msr_info->host_initiated)
+			vcpu->arch.microcode_version = data;
+		break;
 	case MSR_EFER:
 		return set_efer(vcpu, data);
 	case MSR_K7_HWCR:
@@ -2563,7 +2569,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		msr_info->data = 0;
 		break;
 	case MSR_IA32_UCODE_REV:
-		msr_info->data = 0x100000000ULL;
+		msr_info->data = vcpu->arch.microcode_version;
 		break;
 	case MSR_MTRRcap:
 	case 0x200 ... 0x2ff:
-- 
2.7.4