hv: disable more features from guest CPUID

Silicon Debug Feature: CPUID.01H.ECX[11] - We can't allow guests to have direct access to silicon wide resources. Machine Check Exception: CPUID.01H.EDX[5] - Need HV support before exposing it to the guests. Perfmon and Debug: CPUID.01H.ECX[15] Debug Store: CPUID.01H.EDX[21], CPUID.01H.ECX[2], CPUID.01H.ECX[4] - HV emulation is needed to separate host and guest monitoring data. - guest CPUID.0AH is forced to all-zero in ACRN so it makes sense to clear these bits as well. Tracked-On: #1867 Signed-off-by: Zide Chen <zide.chen@intel.com> Acked-by: Anthony Xu <anthony.xu@intel.com>
2025-07-04 02:56:52 +00:00 · 2019-01-03 11:49:25 -08:00 · 2019-01-03 11:49:25 -08:00 · 86526cddc5
commit 86526cddc5
parent d094a39a7f
5 changed files with 44 additions and 8 deletions
--- a/hypervisor/arch/x86/guest/vcpuid.c
+++ b/hypervisor/arch/x86/guest/vcpuid.c
@ -319,9 +319,18 @@ void guest_cpuid(struct acrn_vcpu *vcpu, uint32_t *eax, uint32_t *ebx, uint32_t
 			*edx &= ~CPUID_EDX_MTRR;
 #endif

+			/* mask Debug Store feature */
+			*ecx &= ~(CPUID_ECX_DTES64 | CPUID_ECX_DS_CPL);
+
 			/* mask Safer Mode Extension */
 			*ecx &= ~CPUID_ECX_SMX;

+			/* mask PDCM: Perfmon and Debug Capability */
+			*ecx &= ~CPUID_ECX_PDCM;
+
+			/* mask SDBG for silicon debug */
+			*ecx &= ~CPUID_ECX_SDBG;
+
 			/* mask pcid */
 			*ecx &= ~CPUID_ECX_PCID;

@ -342,9 +351,15 @@ void guest_cpuid(struct acrn_vcpu *vcpu, uint32_t *eax, uint32_t *ebx, uint32_t
 					*ecx |= CPUID_ECX_OSXSAVE;
 				}
 			}
+
+			/* mask Machine Check Exception */
+			*edx &= ~CPUID_EDX_MCE;
+
+			/* mask Debug Store feature */
+			*edx &= ~CPUID_EDX_DTES;
+
 			break;
 		}
-
 		case 0x0bU:
 			/* Patching X2APIC */
 #ifdef CONFIG_PARTITION_MODE
--- a/hypervisor/arch/x86/guest/vmsr.c
+++ b/hypervisor/arch/x86/guest/vmsr.c
@ -53,7 +53,7 @@ static const uint32_t mtrr_msrs[NUM_MTRR_MSRS] = {
 };

 /* Following MSRs are intercepted, but it throws GPs for any guest accesses */
-#define NUM_UNSUPPORTED_MSRS	96U
+#define NUM_UNSUPPORTED_MSRS	103U
 static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
 	/* Variable MTRRs are not supported */
 	MSR_IA32_MTRR_PHYSBASE_0,
@ -176,6 +176,23 @@ static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {

 	/* SMM Monitor Configuration: CPUID.01H.ECX[5] and CPUID.01H.ECX[6] */
 	MSR_IA32_SMM_MONITOR_CTL,
+
+	/* Silicon Debug Feature: CPUID.01H.ECX[11] (X86_FEATURE_SDBG) */
+	MSR_IA32_DEBUG_INTERFACE,
+
+	/* Performance Monitoring: CPUID.01H.ECX[15] X86_FEATURE_PDCM */
+	MSR_IA32_PERF_CAPABILITIES,
+
+	/* Debug Store disabled: CPUID.01H.EDX[21] X86_FEATURE_DTES */
+	MSR_IA32_DS_AREA,
+
+	/* Machine Check Exception: CPUID.01H.EDX[5] (X86_FEATURE_MCE) */
+	MSR_IA32_MCG_CAP,
+	MSR_IA32_MCG_STATUS,
+	MSR_IA32_MCG_CTL,
+	MSR_IA32_MCG_EXT_CTL,
+	/* MSR 0x280 ... 0x29F, not in this array */
+	/* MSR 0x400 ... 0x473, not in this array */
 };

 #define NUM_X2APIC_MSRS	44U
--- a/hypervisor/arch/x86/vmcs.c
+++ b/hypervisor/arch/x86/vmcs.c
@ -320,7 +320,7 @@ static bool is_cr4_write_valid(struct acrn_vcpu *vcpu, uint64_t cr4)
 *             Set the value according to the value from guest.
 *   - PAE (5) Trapped to track paging mode.
 *             Set the value according to the value from guest.
- *   - MCE (6) Flexible to guest
+ *   - MCE (6) Trapped to hide from guest
 *   - PGE (7) Flexible to guest
 *   - PCE (8) Flexible to guest
 *   - OSFXSR (9) Flexible to guest
@ -338,7 +338,7 @@ static bool is_cr4_write_valid(struct acrn_vcpu *vcpu, uint64_t cr4)
 */
 void vmx_write_cr4(struct acrn_vcpu *vcpu, uint64_t cr4)
 {
-	uint64_t cr4_vmx;
+	uint64_t cr4_vmx, cr4_shadow;
 	uint64_t old_cr4 = vcpu_get_cr4(vcpu);

 	if (!is_cr4_write_valid(vcpu, cr4)) {
@ -353,10 +353,12 @@ void vmx_write_cr4(struct acrn_vcpu *vcpu, uint64_t cr4)
 			vcpu_make_request(vcpu, ACRN_REQUEST_EPT_FLUSH);
 		}

-		/* Aways off bits and reserved bits has been filtered above */
-		cr4_vmx = cr4_always_on_mask | cr4;
+		/* Clear forced off bits */
+		cr4_shadow = cr4 & ~CR4_MCE;
+
+		cr4_vmx = cr4_always_on_mask | cr4_shadow;
 		exec_vmwrite(VMX_GUEST_CR4, cr4_vmx & 0xFFFFFFFFUL);
-		exec_vmwrite(VMX_CR4_READ_SHADOW, cr4 & 0xFFFFFFFFUL);
+		exec_vmwrite(VMX_CR4_READ_SHADOW, cr4_shadow & 0xFFFFFFFFUL);

 		/* clear read cache, next time read should from VMCS */
 		bitmap_clear_lock(CPU_REG_CR4, &vcpu->reg_cached);
@ -417,7 +419,7 @@ static void init_guest_state(struct acrn_vcpu *vcpu)
 		&vcpu->arch.contexts[vcpu->arch.cur_context];

 	init_guest_vmx(vcpu, ctx->run_ctx.cr0, ctx->ext_ctx.cr3,
-			ctx->run_ctx.cr4 & ~(CR4_VMXE | CR4_SMXE));
+			ctx->run_ctx.cr4 & ~(CR4_VMXE | CR4_SMXE | CR4_MCE));
 }

 static void init_host_state(void)
--- a/hypervisor/include/arch/x86/cpuid.h
+++ b/hypervisor/include/arch/x86/cpuid.h
@ -26,6 +26,7 @@
 #define CPUID_ECX_TM2           (1U<<8U)
 #define CPUID_ECX_SSSE3         (1U<<9U)
 #define CPUID_ECX_CID           (1U<<10U)
+#define CPUID_ECX_SDBG          (1U<<11U)
 #define CPUID_ECX_FMA           (1U<<12U)
 #define CPUID_ECX_CX16          (1U<<13U)
 #define CPUID_ECX_ETPRD         (1U<<14U)
--- a/hypervisor/include/arch/x86/msr.h
+++ b/hypervisor/include/arch/x86/msr.h
@ -253,6 +253,7 @@
 #define MSR_IA32_A_PMC5				0x000004C6U
 #define MSR_IA32_A_PMC6				0x000004C7U
 #define MSR_IA32_A_PMC7				0x000004C8U
+#define MSR_IA32_MCG_EXT_CTL			0x000004D0U
 #define MSR_IA32_SGX_SVN_STATUS			0x00000500U
 #define MSR_IA32_RTIT_OUTPUT_BASE		0x00000560U
 #define MSR_IA32_RTIT_OUTPUT_MASK_PTRS		0x00000561U