From e4e38e1bfbee34c6b2cc183e242dffb870aa91d9 Mon Sep 17 00:00:00 2001 From: Mingqiang Chi Date: Wed, 5 Sep 2018 13:57:15 +0800 Subject: [PATCH] hv:Check if VMX capability is locked with incorrect value Check if the VMX capability is locked with incorrect value, at the time when HV do the hardware capability detect. Tracked-On: #861 Signed-off-by: Mingqiang Chi Reviewed-by: Junjie Mao Acked-by: Eddie Dong --- hypervisor/arch/x86/cpu.c | 5 +++++ hypervisor/arch/x86/vmx.c | 24 ++++++++++++++++-------- hypervisor/include/arch/x86/vmx.h | 1 + 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/hypervisor/arch/x86/cpu.c b/hypervisor/arch/x86/cpu.c index 1adc2c9dd..b3e587125 100644 --- a/hypervisor/arch/x86/cpu.c +++ b/hypervisor/arch/x86/cpu.c @@ -252,6 +252,11 @@ static int hardware_detect_support(void) return -ENODEV; } + if (is_vmx_disabled()) { + pr_fatal("%s, VMX can not be enabled\n", __func__); + return -ENODEV; + } + ret = check_vmx_mmu_cap(); if (ret != 0) { return ret; diff --git a/hypervisor/arch/x86/vmx.c b/hypervisor/arch/x86/vmx.c index 82c60c29c..d9a3f31a4 100644 --- a/hypervisor/arch/x86/vmx.c +++ b/hypervisor/arch/x86/vmx.c @@ -26,6 +26,21 @@ static uint64_t cr4_host_mask; static uint64_t cr4_always_on_mask; static uint64_t cr4_always_off_mask; +bool is_vmx_disabled(void) +{ + uint64_t msr_val; + + /* Read Feature ControL MSR */ + msr_val = msr_read(MSR_IA32_FEATURE_CONTROL); + + /* Check if feature control is locked and vmx cannot be enabled */ + if ((msr_val & MSR_IA32_FEATURE_CONTROL_LOCK) != 0U && + (msr_val & MSR_IA32_FEATURE_CONTROL_VMX_NO_SMX) == 0U) { + return true; + } + return false; +} + static inline int exec_vmxon(void *addr) { uint64_t rflags; @@ -41,14 +56,7 @@ static inline int exec_vmxon(void *addr) tmp64 = msr_read(MSR_IA32_FEATURE_CONTROL); /* Determine if feature control is locked */ - if ((tmp64 & MSR_IA32_FEATURE_CONTROL_LOCK) != 0U) { - /* See if VMX enabled */ - if ((tmp64 & MSR_IA32_FEATURE_CONTROL_VMX_NO_SMX) == 0U) { - /* Return error - VMX can't be enabled */ - pr_err("%s, VMX can't be enabled\n", __func__); - status = -EINVAL; - } - } else { + if ((tmp64 & MSR_IA32_FEATURE_CONTROL_LOCK) == 0U) { /* Lock and enable VMX support */ tmp64 |= (MSR_IA32_FEATURE_CONTROL_LOCK | MSR_IA32_FEATURE_CONTROL_VMX_NO_SMX); diff --git a/hypervisor/include/arch/x86/vmx.h b/hypervisor/include/arch/x86/vmx.h index 1256114d7..3bb834f02 100644 --- a/hypervisor/include/arch/x86/vmx.h +++ b/hypervisor/include/arch/x86/vmx.h @@ -448,6 +448,7 @@ int vmx_wrmsr_pat(struct vcpu *vcpu, uint64_t value); void vmx_write_cr0(struct vcpu *vcpu, uint64_t cr0); void vmx_write_cr4(struct vcpu *vcpu, uint64_t cr4); +bool is_vmx_disabled(void); static inline enum vm_cpu_mode get_vcpu_mode(const struct vcpu *vcpu) {