lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Feb 2018 17:26:26 +0800
From:   Wanpeng Li <kernellwp@...il.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     LKML <linux-kernel@...r.kernel.org>, kvm <kvm@...r.kernel.org>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Liran Alon <liran.alon@...cle.com>,
        Nadav Amit <nadav.amit@...il.com>
Subject: Re: [PATCH v4] KVM: X86: Allow userspace to define the microcode version

2018-02-27 16:38 GMT+08:00 Paolo Bonzini <pbonzini@...hat.com>:
> On 27/02/2018 03:35, Wanpeng Li wrote:
>> From: Wanpeng Li <wanpengli@...cent.com>
>>
>> Linux (among the others) has checks to make sure that certain features
>> aren't enabled on a certain family/model/stepping if the microcode version
>> isn't greater than or equal to a known good version.
>>
>> By exposing the real microcode version, we're preventing buggy guests that
>> don't check that they are running virtualized (i.e., they should trust the
>> hypervisor) from disabling features that are effectively not buggy.
>>
>> Suggested-by: Filippo Sironi <sironi@...zon.de>
>> Cc: Paolo Bonzini <pbonzini@...hat.com>
>> Cc: Radim Krčmář <rkrcmar@...hat.com>
>> Cc: Liran Alon <liran.alon@...cle.com>
>> Cc: Nadav Amit <nadav.amit@...il.com>
>> Signed-off-by: Wanpeng Li <wanpengli@...cent.com>
>> ---
>> v3 -> v4:
>>  * add the shifts back
>
> Please wait for a review instead of pushing new versions continuously.
> Leaving the shifts means that MSR_IA32_UCODE_REV's bits 0-31 are zeroed
> even if KVM_SET_MSRS makes them nonzero.

How about something like this?

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 938d453..df6720f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -507,6 +507,7 @@ struct kvm_vcpu_arch {
  u64 smi_count;
  bool tpr_access_reporting;
  u64 ia32_xss;
+ u64 microcode_version;

  /*
  * Paging state of the vcpu
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f874798..312f33f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1907,6 +1907,7 @@ static void svm_vcpu_reset(struct kvm_vcpu
*vcpu, bool init_event)
  u32 dummy;
  u32 eax = 1;

+ vcpu->arch.microcode_version = 0x01000065;
  svm->spec_ctrl = 0;

  if (!init_event) {
@@ -3962,9 +3963,6 @@ static int svm_get_msr(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)

  msr_info->data = svm->spec_ctrl;
  break;
- case MSR_IA32_UCODE_REV:
- msr_info->data = 0x01000065;
- break;
  case MSR_F15H_IC_CFG: {

  int family, model;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 9968906..2cdbea7 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5781,6 +5781,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu
*vcpu, bool init_event)
  vmx->rmode.vm86_active = 0;
  vmx->spec_ctrl = 0;

+ vcpu->arch.microcode_version = 0x100000000ULL;
  vmx->vcpu.arch.regs[VCPU_REGS_RDX] = get_rdx_init_val();
  kvm_set_cr8(vcpu, 0);

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d4985a9..7afffd3 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1058,6 +1058,7 @@ static unsigned num_emulated_msrs;
 static u32 msr_based_features[] = {
  MSR_IA32_ARCH_CAPABILITIES,
  MSR_F10H_DECFG,
+ MSR_IA32_UCODE_REV,
 };

 static unsigned int num_msr_based_features;
@@ -1067,8 +1068,14 @@ static int do_get_msr_feature(struct kvm_vcpu
*vcpu, unsigned index, u64 *data)
  struct kvm_msr_entry msr;

  msr.index = index;
- if (kvm_x86_ops->get_msr_feature(&msr))
- return 1;
+ switch (msr.index) {
+ case MSR_IA32_UCODE_REV:
+ rdmsrl(msr.index, msr.data);
+ break;
+ default:
+ if (kvm_x86_ops->get_msr_feature(&msr))
+ return 1;
+ }

  *data = msr.data;

@@ -2248,7 +2255,6 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)

  switch (msr) {
  case MSR_AMD64_NB_CFG:
- case MSR_IA32_UCODE_REV:
  case MSR_IA32_UCODE_WRITE:
  case MSR_VM_HSAVE_PA:
  case MSR_AMD64_PATCH_LOADER:
@@ -2256,6 +2262,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)
  case MSR_AMD64_DC_CFG:
  break;

+ case MSR_IA32_UCODE_REV:
+ if (msr_info->host_initiated)
+ vcpu->arch.microcode_version = data;
+ break;
  case MSR_EFER:
  return set_efer(vcpu, data);
  case MSR_K7_HWCR:
@@ -2551,7 +2561,7 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu,
struct msr_data *msr_info)
  msr_info->data = 0;
  break;
  case MSR_IA32_UCODE_REV:
- msr_info->data = 0x100000000ULL;
+ msr_info->data = vcpu->arch.microcode_version;
  break;
  case MSR_MTRRcap:
  case 0x200 ... 0x2ff:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ