lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <76FDB4DC-0D6B-4383-B8A2-9DDBC1BA5D96@amazon.de>
Date:   Sat, 9 Dec 2017 07:21:47 +0000
From:   "Sironi, Filippo" <sironi@...zon.de>
To:     Wanpeng Li <kernellwp@...il.com>
CC:     Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krcmar <rkrcmar@...hat.com>, kvm <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] KVM: x86: Allow userspace to define what's the
 microcode version


> On 26. Nov 2017, at 17:02, Wanpeng Li <kernellwp@...il.com> wrote:
> 
> 2017-11-27 0:41 GMT+08:00 Filippo Sironi <sironi@...zon.de>:
>> ... that the guest should see.
>> Guest operating systems may check the microcode version to decide whether
>> to disable certain features that are known to be buggy up to certain
>> microcode versions.  Address the issue by making the microcode version
>> that the guest should see settable.
>> The rationale for having userspace specifying the microcode version, rather
>> than having the kernel picking it, is to ensure consistency for live-migrated
>> instances; we don't want them to see a microcode version increase without a
>> reset.
> 
> Is there a scenario which needs to refresh the microcode in the guest
> instead of on the host?
> 
> Regards,
> Wanpeng Li

Not that I can think of.
Today, we're picking up the host microcode version when launching an instance
and making sure that the same version is exposed for the life time of the
instance (i.e., across migrations that don't result in a reset).

Filippo

>> 
>> Signed-off-by: Filippo Sironi <sironi@...zon.de>
>> ---
>> arch/x86/kvm/x86.c       | 23 +++++++++++++++++++++++
>> include/uapi/linux/kvm.h |  3 +++
>> 2 files changed, 26 insertions(+)
>> 
>> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
>> index 925c3e29cad3..741588f27ebc 100644
>> --- a/arch/x86/kvm/x86.c
>> +++ b/arch/x86/kvm/x86.c
>> @@ -4033,6 +4033,29 @@ long kvm_arch_vm_ioctl(struct file *filp,
>>        } u;
>> 
>>        switch (ioctl) {
>> +       case KVM_GET_MICROCODE_VERSION: {
>> +               r = -EFAULT;
>> +               if (copy_to_user(argp,
>> +                                &kvm->arch.microcode_version,
>> +                                sizeof(kvm->arch.microcode_version)))
>> +                       goto out;
>> +               break;
>> +       }
>> +       case KVM_SET_MICROCODE_VERSION: {
>> +               u32 microcode_version;
>> +
>> +               r = -EFAULT;
>> +               if (copy_from_user(&microcode_version,
>> +                                  argp,
>> +                                  sizeof(microcode_version)))
>> +                       goto out;
>> +               r = -EINVAL;
>> +               if (!microcode_version)
>> +                       goto out;
>> +               kvm->arch.microcode_version = microcode_version;
>> +               r = 0;
>> +               break;
>> +       }
>>        case KVM_SET_TSS_ADDR:
>>                r = kvm_vm_ioctl_set_tss_addr(kvm, arg);
>>                break;
>> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
>> index 282d7613fce8..e11887758e29 100644
>> --- a/include/uapi/linux/kvm.h
>> +++ b/include/uapi/linux/kvm.h
>> @@ -1192,6 +1192,9 @@ struct kvm_s390_ucas_mapping {
>> #define KVM_S390_UCAS_UNMAP      _IOW(KVMIO, 0x51, struct kvm_s390_ucas_mapping)
>> #define KVM_S390_VCPU_FAULT     _IOW(KVMIO, 0x52, unsigned long)
>> 
>> +#define KVM_GET_MICROCODE_VERSION _IOR(KVMIO, 0x5e, __u32)
>> +#define KVM_SET_MICROCODE_VERSION _IOW(KVMIO, 0x5f, __u32)
>> +
>> /* Device model IOC */
>> #define KVM_CREATE_IRQCHIP        _IO(KVMIO,   0x60)
>> #define KVM_IRQ_LINE              _IOW(KVMIO,  0x61, struct kvm_irq_level)
>> --
>> 2.7.4
>> 
> 

Amazon Development Center Germany GmbH
Berlin - Dresden - Aachen
main office: Krausenstr. 38, 10117 Berlin
Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger
Ust-ID: DE289237879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ