From patchwork Wed Apr 10 10:10:06 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Patchwork-Id: 1083285
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 44fKff0h1Wz9s8m;
	Wed, 10 Apr 2019 20:10:34 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1hEABW-00044F-IN; Wed, 10 Apr 2019 10:10:26 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <juerg.haefliger@canonical.com>)
	id 1hEABN-0003zN-4B
	for kernel-team@lists.ubuntu.com; Wed, 10 Apr 2019 10:10:17 +0000
Received: from mail-ed1-f71.google.com ([209.85.208.71])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <juerg.haefliger@canonical.com>)
	id 1hEABM-0003wi-LV
	for kernel-team@lists.ubuntu.com; Wed, 10 Apr 2019 10:10:16 +0000
Received: by mail-ed1-f71.google.com with SMTP id r6so953691edp.18
	for <kernel-team@lists.ubuntu.com>;
	Wed, 10 Apr 2019 03:10:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Md/5qFgu3PHy40DRn2Lz+LY9NCGOsratJWDuLgtVMug=;
	b=gIgLACzgO1fOge5Xabzk+I7mCt/6AcuE65vxkEO8Ck7gSJgoCN0qYrfwHUnevfNE+0
	XHC77NyYTpJNwqrX5pNAfO2VHRqml3FP/K2I0EvEuCtVpjCBGhF2Hs2nSXeHEkWhKd2S
	kiD282zT/Txm/PD2eoAzZLQdPdYaGYmKLygWyOjN229UjyFY3tqGlxjyQ7l7Z+t8x4Kl
	JVNvnHL3wN+szS3fA3PfvjxKy+C4tI/GDCQgjq95OfdpTI3rC/uakblowsCYHOfFUp0Z
	01/zKZa4VQWvMWCW/o47eDO3w4ma34vuW4RySTrQt+rik8ux0/clSrZFCFstsWR5B3DO
	ytwA==
X-Gm-Message-State: APjAAAXD88uOkxLsWksFinl1W0JqZTJ8Vg0M1bEl8Mth4256mGZBq6EB
	IY2Cx+CQJwQ4np3eMJQl99jPNgRrKLPzeTi3XgE6C4IiEj6KXAPoQOtyiE7ZuSreBw6mbZ/Z4UB
	zGTndi3ThTCBmj0wB9CqYeY3W0oFznBuLw2Es8mMfew==
X-Received: by 2002:a50:a704:: with SMTP id h4mr25800487edc.7.1554891016150;
	Wed, 10 Apr 2019 03:10:16 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqyViIB0N0qiFEu3oH3pkqSgFVSe7MzMvfw6KlT1RaUPsK11U5Y8BbhmT+Ex10NC6ICY/Gng6w==
X-Received: by 2002:a50:a704:: with SMTP id h4mr25800474edc.7.1554891015976;
	Wed, 10 Apr 2019 03:10:15 -0700 (PDT)
Received: from localhost.localdomain ([81.221.192.120])
	by smtp.gmail.com with ESMTPSA id
	l22sm6397542eja.67.2019.04.10.03.10.14
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 10 Apr 2019 03:10:15 -0700 (PDT)
From: Juerg Haefliger <juerg.haefliger@canonical.com>
X-Google-Original-From: Juerg Haefliger <juergh@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Bionic][PATCH 4/6] KVM: X86: Allow userspace to define the
	microcode version
Date: Wed, 10 Apr 2019 12:10:06 +0200
Message-Id: <20190410101008.14726-5-juergh@canonical.com>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20190410101008.14726-1-juergh@canonical.com>
References: <20190410101008.14726-1-juergh@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Wanpeng Li <wanpengli@tencent.com>

BugLink: https://bugs.launchpad.net/bugs/1822760

Linux (among the others) has checks to make sure that certain features
aren't enabled on a certain family/model/stepping if the microcode version
isn't greater than or equal to a known good version.

By exposing the real microcode version, we're preventing buggy guests that
don't check that they are running virtualized (i.e., they should trust the
hypervisor) from disabling features that are effectively not buggy.

Suggested-by: Filippo Sironi <sironi@amazon.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>

(backported from commit 518e7b94817abed94becfe6a44f1ece0d4745afe)
[juergh:
 - Adjusted context.
 - rdmsrl -> rdmsrl_safe (to match final upstream).]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
---
 arch/x86/include/asm/kvm_host.h |  1 +
 arch/x86/kvm/svm.c              |  4 +---
 arch/x86/kvm/vmx.c              |  1 +
 arch/x86/kvm/x86.c              | 11 +++++++++--
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 1a2309aeda6e..e76012ca0ddc 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -507,6 +507,7 @@ struct kvm_vcpu_arch {
 	u64 smbase;
 	bool tpr_access_reporting;
 	u64 ia32_xss;
+	u64 microcode_version;
 
 	/*
 	 * Paging state of the vcpu
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index ddca0a1175ab..4f9bd710bf5c 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1626,6 +1626,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 	u32 dummy;
 	u32 eax = 1;
 
+	vcpu->arch.microcode_version = 0x01000065;
 	svm->spec_ctrl = 0;
 	svm->virt_spec_ctrl = 0;
 
@@ -3683,9 +3684,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 
 		msr_info->data = svm->spec_ctrl;
 		break;
-	case MSR_IA32_UCODE_REV:
-		msr_info->data = 0x01000065;
-		break;
 	case MSR_AMD64_VIRT_SPEC_CTRL:
 		if (!msr_info->host_initiated &&
 		    !guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 1b135b6232cc..18c11b66acd5 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5937,6 +5937,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 	vmx->rmode.vm86_active = 0;
 	vmx->spec_ctrl = 0;
 
+	vcpu->arch.microcode_version = 0x100000000ULL;
 	vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val();
 	kvm_set_cr8(vcpu, 0);
 
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a7e18f678bc5..058415af8de1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1054,6 +1054,7 @@ static unsigned num_emulated_msrs;
  */
 static u32 msr_based_features[] = {
 	MSR_F10H_DECFG,
+	MSR_IA32_UCODE_REV,
 	MSR_IA32_ARCH_CAPABILITIES,
 };
 
@@ -1087,6 +1088,9 @@ static int kvm_get_msr_feature(struct kvm_msr_entry *msr)
 	case MSR_IA32_ARCH_CAPABILITIES:
 		msr->data = kvm_get_arch_capabilities();
 		break;
+	case MSR_IA32_UCODE_REV:
+		rdmsrl_safe(msr->index, &msr->data);
+		break;
 	default:
 		if (kvm_x86_ops->get_msr_feature(msr))
 			return 1;
@@ -2231,7 +2235,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 
 	switch (msr) {
 	case MSR_AMD64_NB_CFG:
-	case MSR_IA32_UCODE_REV:
 	case MSR_IA32_UCODE_WRITE:
 	case MSR_VM_HSAVE_PA:
 	case MSR_AMD64_PATCH_LOADER:
@@ -2239,6 +2242,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 	case MSR_AMD64_DC_CFG:
 		break;
 
+	case MSR_IA32_UCODE_REV:
+		if (msr_info->host_initiated)
+			vcpu->arch.microcode_version = data;
+		break;
 	case MSR_EFER:
 		return set_efer(vcpu, data);
 	case MSR_K7_HWCR:
@@ -2532,7 +2539,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 		msr_info->data = 0;
 		break;
 	case MSR_IA32_UCODE_REV:
-		msr_info->data = 0x100000000ULL;
+		msr_info->data = vcpu->arch.microcode_version;
 		break;
 	case MSR_IA32_TSC:
 		msr_info->data = kvm_scale_tsc(vcpu, rdtsc()) + vcpu->arch.tsc_offset;