Received: by 10.192.165.148 with SMTP id m20csp4144808imm; Mon, 23 Apr 2018 20:16:39 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/nEqjnufdCFlqO0xPqof1Vwzhy59G2aLd+3Nl8X+djM79CQcl7NY84L7df6ArGKk3jJvv+ X-Received: by 10.99.186.5 with SMTP id k5mr18857291pgf.39.1524539799900; Mon, 23 Apr 2018 20:16:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524539799; cv=none; d=google.com; s=arc-20160816; b=YoliSB/9/yWC11HaR/beKi85LwcxXAKYMSbwmWx23T6oaWM6G5ktmFZXPipJqOcUPP k89d2HPGykEIICbRPJdBKEBbwjR+XZb1YuoaKYZjy+/uuut5cMehr088PR2T74/f1vfQ ROqwNPb+Qfx95qg7lhXIqn3fJ2tozflL3M9M1pDx3O+koUX/K6Qbw7RfwiGQ3Cwn5fYj Z3wWgp4jRSJDuzccGnQ7uLwSlMeOcQVlrFMjH7otk5ZKnvHYa3TOrgH1Nx+mzOdM1tIW qHdL7GGGaT5jnpMjTArEt7nGiHcsoz61xKhLPHxvvSG/1ytucIgZGoZcQCK3sTggWq0q EzIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:user-agent :in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:dkim-signature:arc-authentication-results; bh=7hO0DBWavOwu/UpS0hXBQ3SuOyWfsKPqL7YvcX5rODg=; b=r4IS+GOWnx3aHT2UQgZauKy7zujbOx/S1rsvoZnwBPqLQERpMj/XtdY7tHsjrbjiGh uAwsKiifSpoHvf2rrNmQDs13Rdjj3oR8ZV+dlL48CyIrjSbs4FwNWDJsROq6JCmRPi1V b3iCND1togwbxNNmpKh9mBCjNtMxwsKzaCTlvPOmsH6XHOttbVHX8NV/WjArwpG8YKHA v3aEuk9os4uSnqjB1gBW8tmLsBC+tI0Ubdd/EKVQOpBQf55i0ngoTBqk85P9/ghbJpZA VLkjLGSBx7Pa+TwX9jWOPLc5efYp9900KpytTN8eA4I2Q/sChSnxxuwDnxQL86t6XwjY HM8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=rDx4aMyD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y3si10460814pgc.601.2018.04.23.20.16.25; Mon, 23 Apr 2018 20:16:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=rDx4aMyD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932825AbeDXDPC (ORCPT + 99 others); Mon, 23 Apr 2018 23:15:02 -0400 Received: from aserp2130.oracle.com ([141.146.126.79]:45592 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932776AbeDXDO6 (ORCPT ); Mon, 23 Apr 2018 23:14:58 -0400 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w3O376uY081453; Tue, 24 Apr 2018 03:14:04 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to : content-transfer-encoding; s=corp-2017-10-26; bh=7hO0DBWavOwu/UpS0hXBQ3SuOyWfsKPqL7YvcX5rODg=; b=rDx4aMyDsuSgh5YFSQXzyi55h6zLrscbbwoYSIb9OWyRp7+p197d6XoURecrg2cexxVp kSnJxgm3iyGicWw/BMmP0bxQUB3mR9B6M6FzD4wzNBFmb6EEwQsEtteUEPBMDTp+JxbT q/VajSqcbVk8nQO7BL4nPp9hFKflN7w496XUmnIT0suHyy8eXVtm4WbxgLk7Dj8+D9+a RRYrLQ8OXM8NqyFaXle3XYJubLVFW2TwAj2EwyUW2PW+X8dz9SQj26yQPj/P0k+hl/Gu YcYikB29STAByXcY75Y3qyRIcIwJo1crbdesVaEfOiVvGuWqfwsNF0JU+FCva4DxhbRO wA== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2130.oracle.com with ESMTP id 2hftty05d0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Apr 2018 03:14:03 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w3O3E22q003131 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 24 Apr 2018 03:14:02 GMT Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w3O3E1HW025987; Tue, 24 Apr 2018 03:14:01 GMT Received: from char.us.oracle.com (/10.137.176.158) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 23 Apr 2018 20:14:01 -0700 Received: by char.us.oracle.com (Postfix, from userid 1000) id 6415C6A0057; Mon, 23 Apr 2018 23:14:00 -0400 (EDT) Date: Mon, 23 Apr 2018 23:14:00 -0400 From: Konrad Rzeszutek Wilk To: Wanpeng Li Cc: Paolo Bonzini , Eduardo Habkost , Borislav Petkov , LKML , kvm , Radim =?utf-8?B?S3LEjW3DocWZ?= Subject: Re: [PATCH] KVM: X86: Allow userspace to define the microcode version Message-ID: <20180424031400.GA22608@char.us.oracle.com> References: <24cd527d-5287-f0be-ffe8-eab341bf1d94@redhat.com> <3866d359-0ef8-6a99-6254-84890be62b93@redhat.com> <20180226122205.GG4377@pd.tnic> <20180417202417.GA29865@localhost.localdomain> <20180418090329.GJ29865@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.3 (2017-05-23) Content-Transfer-Encoding: quoted-printable X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8872 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804240027 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 24, 2018 at 10:59:04AM +0800, Wanpeng Li wrote: > 2018-04-18 18:36 GMT+08:00 Paolo Bonzini : > > On 18/04/2018 11:03, Eduardo Habkost wrote: > >>>> QEMU setting ucode_rev automatically using the host value when > >>>> using "-cpu host" (with no need for explicit ucode_rev option) > >>>> makes sense to me. > >>> QEMU can't get the host value by rdmsr MSR_IA32_UCODE_REV directly > >>> since rdmsr will #GP when ring !=3D0, any idea? > >> By looking at kvm_get_msr_feature(), it looks like > >> ioctl(system_fd, KVM_GET_MSRS) would return the host MSR value > >> for us. > > > > Yes, that's exactly what it was introduced for (together with other M= SRs > > including VMX capabilities). >=20 > How about the live migration? What will happen if the source and > destination machines have different microcode version? You would need to include the microcode version in the migration stream. But this brings another point - what if we want to manifest certain new CPUID bits? For example, see: https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-= Branch-Target-Injection-Mitigation.pdf 5.3: "To remedy this situation, an operating system running as a VM can query = bit 2 of the IA32_ARCH_CAPABILITIES MSR, known as =E2=80=9CRSB Alternate=E2=80=9D (RSB= A). When RSBA is set, it indicates that the VM may run on a processor vulnerable to exploits of Em= pty RSB conditions regardless of the processor=E2=80=99s DisplayFamily/DisplayMod= el signature, and that the operating system should deploy appropriate mitigations. Virtual = machine managers (VMM) may set RSBA via MSR interception to indicate that a virtu= al machine might run at some time in the future on a vulnerable processor." Perhaps the guest should do a bit of sampling of various CPUIDs as the mi= gration has been done? Is there a nice KVM hook inside of the guest to do this? >=20 > Regards, > Wanpeng Li