Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On April 24, 2018 1:09:00 AM EDT, Paolo Bonzini wrote: >On 24/04/2018 05:14, Konrad Rzeszutek Wilk wrote: >> You would need to include the microcode version in the migration >stream. >> >> But this brings another point - what if we want to manifest certain >> new CPUID bits?

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On April 24, 2018 1:09:00 AM EDT, Paolo Bonzini wrote: >On 24/04/2018 05:14, Konrad Rzeszutek Wilk wrote: >> You would need to include the microcode version in the migration >stream. >> >> But this brings another point - what if we want to manifest certain >> new CPUID bits? > >You don't do that

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 24/04/2018 05:14, Konrad Rzeszutek Wilk wrote: > You would need to include the microcode version in the migration stream. > > But this brings another point - what if we want to manifest certain > new CPUID bits? You don't do that across migration. Generally if you want to do live migration

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 24/04/2018 05:14, Konrad Rzeszutek Wilk wrote: > You would need to include the microcode version in the migration stream. > > But this brings another point - what if we want to manifest certain > new CPUID bits? You don't do that across migration. Generally if you want to do live migration

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Tue, Apr 24, 2018 at 10:59:04AM +0800, Wanpeng Li wrote: > 2018-04-18 18:36 GMT+08:00 Paolo Bonzini : > > On 18/04/2018 11:03, Eduardo Habkost wrote: > QEMU setting ucode_rev automatically using the host value when > using "-cpu host" (with no need for explicit

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Tue, Apr 24, 2018 at 10:59:04AM +0800, Wanpeng Li wrote: > 2018-04-18 18:36 GMT+08:00 Paolo Bonzini : > > On 18/04/2018 11:03, Eduardo Habkost wrote: > QEMU setting ucode_rev automatically using the host value when > using "-cpu host" (with no need for explicit ucode_rev option) >

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-04-18 18:36 GMT+08:00 Paolo Bonzini : > On 18/04/2018 11:03, Eduardo Habkost wrote: QEMU setting ucode_rev automatically using the host value when using "-cpu host" (with no need for explicit ucode_rev option) makes sense to me. >>> QEMU can't get the host

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-04-18 18:36 GMT+08:00 Paolo Bonzini : > On 18/04/2018 11:03, Eduardo Habkost wrote: QEMU setting ucode_rev automatically using the host value when using "-cpu host" (with no need for explicit ucode_rev option) makes sense to me. >>> QEMU can't get the host value by rdmsr

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > On 26/02/2018 13:22, Borislav Petkov wrote: >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: In this context, "host-initiated" write means written by KVM userspace with ioctl(KVM_SET_MSR). It generally

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > On 26/02/2018 13:22, Borislav Petkov wrote: >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: In this context, "host-initiated" write means written by KVM userspace with ioctl(KVM_SET_MSR). It generally happens only on VM

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 23/04/2018 14:58, Borislav Petkov wrote: QEMU can't get the host value by rdmsr MSR_IA32_UCODE_REV directly since rdmsr will #GP when ring !=0, any idea? >>> By looking at kvm_get_msr_feature(), it looks like >>> ioctl(system_fd, KVM_GET_MSRS) would return the host MSR value >>> for

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 23/04/2018 14:58, Borislav Petkov wrote: QEMU can't get the host value by rdmsr MSR_IA32_UCODE_REV directly since rdmsr will #GP when ring !=0, any idea? >>> By looking at kvm_get_msr_feature(), it looks like >>> ioctl(system_fd, KVM_GET_MSRS) would return the host MSR value >>> for

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Apr 23, 2018 at 10:08:23AM -0300, Eduardo Habkost wrote: > On Mon, Apr 23, 2018 at 02:58:49PM +0200, Borislav Petkov wrote: > > On Wed, Apr 18, 2018 at 12:36:37PM +0200, Paolo Bonzini wrote: > > > On 18/04/2018 11:03, Eduardo Habkost wrote: > > > >>> QEMU setting ucode_rev automatically

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Apr 23, 2018 at 10:08:23AM -0300, Eduardo Habkost wrote: > On Mon, Apr 23, 2018 at 02:58:49PM +0200, Borislav Petkov wrote: > > On Wed, Apr 18, 2018 at 12:36:37PM +0200, Paolo Bonzini wrote: > > > On 18/04/2018 11:03, Eduardo Habkost wrote: > > > >>> QEMU setting ucode_rev automatically

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Apr 23, 2018 at 02:58:49PM +0200, Borislav Petkov wrote: > On Wed, Apr 18, 2018 at 12:36:37PM +0200, Paolo Bonzini wrote: > > On 18/04/2018 11:03, Eduardo Habkost wrote: > > >>> QEMU setting ucode_rev automatically using the host value when > > >>> using "-cpu host" (with no need for

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Apr 23, 2018 at 02:58:49PM +0200, Borislav Petkov wrote: > On Wed, Apr 18, 2018 at 12:36:37PM +0200, Paolo Bonzini wrote: > > On 18/04/2018 11:03, Eduardo Habkost wrote: > > >>> QEMU setting ucode_rev automatically using the host value when > > >>> using "-cpu host" (with no need for

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Wed, Apr 18, 2018 at 12:36:37PM +0200, Paolo Bonzini wrote: > On 18/04/2018 11:03, Eduardo Habkost wrote: > >>> QEMU setting ucode_rev automatically using the host value when > >>> using "-cpu host" (with no need for explicit ucode_rev option) > >>> makes sense to me. > >> QEMU can't get the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Wed, Apr 18, 2018 at 12:36:37PM +0200, Paolo Bonzini wrote: > On 18/04/2018 11:03, Eduardo Habkost wrote: > >>> QEMU setting ucode_rev automatically using the host value when > >>> using "-cpu host" (with no need for explicit ucode_rev option) > >>> makes sense to me. > >> QEMU can't get the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 18/04/2018 11:03, Eduardo Habkost wrote: >>> QEMU setting ucode_rev automatically using the host value when >>> using "-cpu host" (with no need for explicit ucode_rev option) >>> makes sense to me. >> QEMU can't get the host value by rdmsr MSR_IA32_UCODE_REV directly >> since rdmsr will #GP

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 18/04/2018 11:03, Eduardo Habkost wrote: >>> QEMU setting ucode_rev automatically using the host value when >>> using "-cpu host" (with no need for explicit ucode_rev option) >>> makes sense to me. >> QEMU can't get the host value by rdmsr MSR_IA32_UCODE_REV directly >> since rdmsr will #GP

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Wed, Apr 18, 2018 at 11:24:22AM +0800, Wanpeng Li wrote: > 2018-04-18 4:24 GMT+08:00 Eduardo Habkost : > > On Tue, Apr 17, 2018 at 06:40:58PM +0800, Wanpeng Li wrote: > >> Cc Eduardo, > >> 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > >> > On 26/02/2018

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Wed, Apr 18, 2018 at 11:24:22AM +0800, Wanpeng Li wrote: > 2018-04-18 4:24 GMT+08:00 Eduardo Habkost : > > On Tue, Apr 17, 2018 at 06:40:58PM +0800, Wanpeng Li wrote: > >> Cc Eduardo, > >> 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > >> > On 26/02/2018 13:22, Borislav Petkov wrote: > >> >> On

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-04-18 4:24 GMT+08:00 Eduardo Habkost : > On Tue, Apr 17, 2018 at 06:40:58PM +0800, Wanpeng Li wrote: >> Cc Eduardo, >> 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : >> > On 26/02/2018 13:22, Borislav Petkov wrote: >> >> On Mon, Feb 26, 2018 at 01:18:07PM

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-04-18 4:24 GMT+08:00 Eduardo Habkost : > On Tue, Apr 17, 2018 at 06:40:58PM +0800, Wanpeng Li wrote: >> Cc Eduardo, >> 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : >> > On 26/02/2018 13:22, Borislav Petkov wrote: >> >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: >> In

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Tue, Apr 17, 2018 at 06:40:58PM +0800, Wanpeng Li wrote: > Cc Eduardo, > 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > > On 26/02/2018 13:22, Borislav Petkov wrote: > >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: > In this context, "host-initiated"

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Tue, Apr 17, 2018 at 06:40:58PM +0800, Wanpeng Li wrote: > Cc Eduardo, > 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > > On 26/02/2018 13:22, Borislav Petkov wrote: > >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: > In this context, "host-initiated" write means written by

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

Cc Eduardo, 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > On 26/02/2018 13:22, Borislav Petkov wrote: >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: In this context, "host-initiated" write means written by KVM userspace with ioctl(KVM_SET_MSR). It

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

Cc Eduardo, 2018-02-26 20:41 GMT+08:00 Paolo Bonzini : > On 26/02/2018 13:22, Borislav Petkov wrote: >> On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: In this context, "host-initiated" write means written by KVM userspace with ioctl(KVM_SET_MSR). It generally happens

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 22:30, Konrad Rzeszutek Wilk wrote: > On Mon, Feb 26, 2018 at 03:51:30PM -0500, Konrad Rzeszutek Wilk wrote: >> On Mon, Feb 26, 2018 at 08:37:11PM +0100, Borislav Petkov wrote: >>> On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: diff --git

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 22:30, Konrad Rzeszutek Wilk wrote: > On Mon, Feb 26, 2018 at 03:51:30PM -0500, Konrad Rzeszutek Wilk wrote: >> On Mon, Feb 26, 2018 at 08:37:11PM +0100, Borislav Petkov wrote: >>> On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: diff --git

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 03:51:30PM -0500, Konrad Rzeszutek Wilk wrote: > On Mon, Feb 26, 2018 at 08:37:11PM +0100, Borislav Petkov wrote: > > On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: > > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > > >

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 03:51:30PM -0500, Konrad Rzeszutek Wilk wrote: > On Mon, Feb 26, 2018 at 08:37:11PM +0100, Borislav Petkov wrote: > > On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: > > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > > >

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 08:37:11PM +0100, Borislav Petkov wrote: > On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > > index d19e903214b4..87d044ce837f 100644 > > --- a/arch/x86/kernel/cpu/intel.c > >

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 08:37:11PM +0100, Borislav Petkov wrote: > On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: > > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > > index d19e903214b4..87d044ce837f 100644 > > --- a/arch/x86/kernel/cpu/intel.c > >

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > index d19e903214b4..87d044ce837f 100644 > --- a/arch/x86/kernel/cpu/intel.c > +++ b/arch/x86/kernel/cpu/intel.c > @@ -144,6 +144,13 @@ static bool

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 09:39:12AM -0500, Konrad Rzeszutek Wilk wrote: > diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c > index d19e903214b4..87d044ce837f 100644 > --- a/arch/x86/kernel/cpu/intel.c > +++ b/arch/x86/kernel/cpu/intel.c > @@ -144,6 +144,13 @@ static bool

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 15:39, Konrad Rzeszutek Wilk wrote: > Perhaps both ideas should be done? The one Boris suggested (See below, not > compile tested yet), and also this one? Keep in mind that other hypervisor > offerings (say Xen, VMWare, etc) may have provided the correct microcode > or not and it

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 15:39, Konrad Rzeszutek Wilk wrote: > Perhaps both ideas should be done? The one Boris suggested (See below, not > compile tested yet), and also this one? Keep in mind that other hypervisor > offerings (say Xen, VMWare, etc) may have provided the correct microcode > or not and it

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 01:41:38PM +0100, Paolo Bonzini wrote: > On 26/02/2018 13:22, Borislav Petkov wrote: > > On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: > >>> In this context, "host-initiated" write means written by KVM userspace > >>> with ioctl(KVM_SET_MSR). It generally

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 01:41:38PM +0100, Paolo Bonzini wrote: > On 26/02/2018 13:22, Borislav Petkov wrote: > > On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: > >>> In this context, "host-initiated" write means written by KVM userspace > >>> with ioctl(KVM_SET_MSR). It generally

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 01:41:38PM +0100, Paolo Bonzini wrote: > More like "-cpu foo,ucode_rev=0xdeadbeef". But in practice what would > happen is one of the following: > > 1) "-cpu host" sets ucode_rev to the same value of the host, everyone > else leaves it to zero as is now. > > 2) Only

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 01:41:38PM +0100, Paolo Bonzini wrote: > More like "-cpu foo,ucode_rev=0xdeadbeef". But in practice what would > happen is one of the following: > > 1) "-cpu host" sets ucode_rev to the same value of the host, everyone > else leaves it to zero as is now. > > 2) Only

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 13:22, Borislav Petkov wrote: > On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: >>> In this context, "host-initiated" write means written by KVM userspace >>> with ioctl(KVM_SET_MSR). It generally happens only on VM startup, reset >>> or live migration. >> >> To be

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 13:22, Borislav Petkov wrote: > On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: >>> In this context, "host-initiated" write means written by KVM userspace >>> with ioctl(KVM_SET_MSR). It generally happens only on VM startup, reset >>> or live migration. >> >> To be

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: > > In this context, "host-initiated" write means written by KVM userspace > > with ioctl(KVM_SET_MSR). It generally happens only on VM startup, reset > > or live migration. > > To be clear, the target of the write is still the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 01:18:07PM +0100, Paolo Bonzini wrote: > > In this context, "host-initiated" write means written by KVM userspace > > with ioctl(KVM_SET_MSR). It generally happens only on VM startup, reset > > or live migration. > > To be clear, the target of the write is still the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 12:47:27PM +0100, Paolo Bonzini wrote: > It's actually 0x1. Even more wrong. Revision ID is bits [31:0]. > Actually I think this patch makes sense, since some errata actually can > be worked around in the guest in the same way as the host. However, it > should

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 12:47:27PM +0100, Paolo Bonzini wrote: > It's actually 0x1. Even more wrong. Revision ID is bits [31:0]. > Actually I think this patch makes sense, since some errata actually can > be worked around in the guest in the same way as the host. However, it > should

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 13:16, Paolo Bonzini wrote: > On 26/02/2018 13:15, Borislav Petkov wrote: >> On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote: >>> I don't understand how one thing follows from the other. How are writes >>> to 0x8B related to having a virtualized microcode loaded (which

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 13:16, Paolo Bonzini wrote: > On 26/02/2018 13:15, Borislav Petkov wrote: >> On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote: >>> I don't understand how one thing follows from the other. How are writes >>> to 0x8B related to having a virtualized microcode loaded (which

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 13:15, Borislav Petkov wrote: > On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote: >> I don't understand how one thing follows from the other. How are writes >> to 0x8B related to having a virtualized microcode loaded (which is a >> concept that actually makes no sense

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 13:15, Borislav Petkov wrote: > On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote: >> I don't understand how one thing follows from the other. How are writes >> to 0x8B related to having a virtualized microcode loaded (which is a >> concept that actually makes no sense

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote: > I don't understand how one thing follows from the other. How are writes > to 0x8B related to having a virtualized microcode loaded (which is a > concept that actually makes no sense at all)? I'm questioning the whole idea. 0x8b is

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 12:54:52PM +0100, Paolo Bonzini wrote: > I don't understand how one thing follows from the other. How are writes > to 0x8B related to having a virtualized microcode loaded (which is a > concept that actually makes no sense at all)? I'm questioning the whole idea. 0x8b is

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 12:44, Borislav Petkov wrote: >> The guest write is ignored as the original kvm implementation before the >> patch. > > That will never work because there's no virtualized microcode loader. > Which will be a dumb idea anyway. > > Goes to show that dealing with microcode revisions

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 12:44, Borislav Petkov wrote: >> The guest write is ignored as the original kvm implementation before the >> patch. > > That will never work because there's no virtualized microcode loader. > Which will be a dumb idea anyway. > > Goes to show that dealing with microcode revisions

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 19:44 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 07:37:32PM +0800, Wanpeng Li wrote: >> The guest write is ignored as the original kvm implementation before the >> patch. > > That will never work because there's no virtualized microcode loader. > Which will

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 19:44 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 07:37:32PM +0800, Wanpeng Li wrote: >> The guest write is ignored as the original kvm implementation before the >> patch. > > That will never work because there's no virtualized microcode loader. > Which will be a dumb idea

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 11:49, Borislav Petkov wrote: >> I think it is the host admin(e.g. cloud provider)'s responsibility to >> set an expected microcode revision. > + vcpu->arch.microcode_version = 0x1; > > That already looks pretty arbitrary and non-sensical to me. It's actually 0x1. >>

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On 26/02/2018 11:49, Borislav Petkov wrote: >> I think it is the host admin(e.g. cloud provider)'s responsibility to >> set an expected microcode revision. > + vcpu->arch.microcode_version = 0x1; > > That already looks pretty arbitrary and non-sensical to me. It's actually 0x1. >>

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 07:37:32PM +0800, Wanpeng Li wrote: > The guest write is ignored as the original kvm implementation before the > patch. That will never work because there's no virtualized microcode loader. Which will be a dumb idea anyway. Goes to show that dealing with microcode

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 07:37:32PM +0800, Wanpeng Li wrote: > The guest write is ignored as the original kvm implementation before the > patch. That will never work because there's no virtualized microcode loader. Which will be a dumb idea anyway. Goes to show that dealing with microcode

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 19:30 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 07:25:28PM +0800, Wanpeng Li wrote: >> Both are the same values set by kvm userspace. > > This still doesn't answer my question what "the non-sensical value which > is written by the guest will not reflect to

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 19:30 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 07:25:28PM +0800, Wanpeng Li wrote: >> Both are the same values set by kvm userspace. > > This still doesn't answer my question what "the non-sensical value which > is written by the guest will not reflect to guest-visible

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 07:25:28PM +0800, Wanpeng Li wrote: > Both are the same values set by kvm userspace. This still doesn't answer my question what "the non-sensical value which is written by the guest will not reflect to guest-visible microcode revision" means? > This is correct. The link

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 07:25:28PM +0800, Wanpeng Li wrote: > Both are the same values set by kvm userspace. This still doesn't answer my question what "the non-sensical value which is written by the guest will not reflect to guest-visible microcode revision" means? > This is correct. The link

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 19:16 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 07:02:29PM +0800, Wanpeng Li wrote: >> > So a guest will have *two* microcode revisions - both of which are most >> > likely wrong?! >> >> Just one revision. > > So what does "the non-sensical value which is

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 19:16 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 07:02:29PM +0800, Wanpeng Li wrote: >> > So a guest will have *two* microcode revisions - both of which are most >> > likely wrong?! >> >> Just one revision. > > So what does "the non-sensical value which is written by the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 07:02:29PM +0800, Wanpeng Li wrote: > > So a guest will have *two* microcode revisions - both of which are most > > likely wrong?! > > Just one revision. So what does "the non-sensical value which is written by the guest will not reflect to guest-visible microcode

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 07:02:29PM +0800, Wanpeng Li wrote: > > So a guest will have *two* microcode revisions - both of which are most > > likely wrong?! > > Just one revision. So what does "the non-sensical value which is written by the guest will not reflect to guest-visible microcode

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 18:49 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 06:06:42PM +0800, Wanpeng Li wrote: >> I think it is the host admin(e.g. cloud provider)'s responsibility to >> set an expected microcode revision. > > + vcpu->arch.microcode_version = 0x1; > > That

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 18:49 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 06:06:42PM +0800, Wanpeng Li wrote: >> I think it is the host admin(e.g. cloud provider)'s responsibility to >> set an expected microcode revision. > > + vcpu->arch.microcode_version = 0x1; > > That already looks pretty

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 06:06:42PM +0800, Wanpeng Li wrote: > I think it is the host admin(e.g. cloud provider)'s responsibility to > set an expected microcode revision. + vcpu->arch.microcode_version = 0x1; That already looks pretty arbitrary and non-sensical to me. >In addition, the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 06:06:42PM +0800, Wanpeng Li wrote: > I think it is the host admin(e.g. cloud provider)'s responsibility to > set an expected microcode revision. + vcpu->arch.microcode_version = 0x1; That already looks pretty arbitrary and non-sensical to me. >In addition, the

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 17:26 GMT+08:00 Liran Alon : > > - kernel...@gmail.com wrote: > >> From: Wanpeng Li >> >> Linux (among the others) has checks to make sure that certain features >> >> aren't enabled on a certain family/model/stepping if the microcode >>

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 17:26 GMT+08:00 Liran Alon : > > - kernel...@gmail.com wrote: > >> From: Wanpeng Li >> >> Linux (among the others) has checks to make sure that certain features >> >> aren't enabled on a certain family/model/stepping if the microcode >> version >> isn't greater than or equal to a

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 17:41 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 03:23:58PM +0800, Wanpeng Li wrote: >> From: Wanpeng Li >> >> Linux (among the others) has checks to make sure that certain features >> aren't enabled on a certain family/model/stepping

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

2018-02-26 17:41 GMT+08:00 Borislav Petkov : > On Mon, Feb 26, 2018 at 03:23:58PM +0800, Wanpeng Li wrote: >> From: Wanpeng Li >> >> Linux (among the others) has checks to make sure that certain features >> aren't enabled on a certain family/model/stepping if the microcode version >> isn't

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 03:23:58PM +0800, Wanpeng Li wrote: > From: Wanpeng Li > > Linux (among the others) has checks to make sure that certain features > aren't enabled on a certain family/model/stepping if the microcode version > isn't greater than or equal to a known

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

On Mon, Feb 26, 2018 at 03:23:58PM +0800, Wanpeng Li wrote: > From: Wanpeng Li > > Linux (among the others) has checks to make sure that certain features > aren't enabled on a certain family/model/stepping if the microcode version > isn't greater than or equal to a known good version. > > By

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

- kernel...@gmail.com wrote: > From: Wanpeng Li > > Linux (among the others) has checks to make sure that certain features > > aren't enabled on a certain family/model/stepping if the microcode > version > isn't greater than or equal to a known good version. > >

Re: [PATCH] KVM: X86: Allow userspace to define the microcode version

- kernel...@gmail.com wrote: > From: Wanpeng Li > > Linux (among the others) has checks to make sure that certain features > > aren't enabled on a certain family/model/stepping if the microcode > version > isn't greater than or equal to a known good version. > > By exposing the real

[PATCH] KVM: X86: Allow userspace to define the microcode version

From: Wanpeng Li Linux (among the others) has checks to make sure that certain features aren't enabled on a certain family/model/stepping if the microcode version isn't greater than or equal to a known good version. By exposing the real microcode version, we're

[PATCH] KVM: X86: Allow userspace to define the microcode version

From: Wanpeng Li Linux (among the others) has checks to make sure that certain features aren't enabled on a certain family/model/stepping if the microcode version isn't greater than or equal to a known good version. By exposing the real microcode version, we're preventing buggy guests that