github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-19 04:02:05 +00:00
Code Issues Projects Releases Wiki Activity

hv: disable SMX (Safer Mode Extension) from guest CPUID

Browse Source 
SMX should be disabled on guests.

Actually current code assumes SMX is disabled (no VM exit handler for GETSEC
and bit 2 of IA32_FEATURE_CONTROL is set), and this patch simply explicitly
clear guest CPUID.01H.ECX[6].

Since both CPUID.01H.ECX[5] and CPUID.01H.ECX[6] are cleared from guest CPUID,
MSR IA32_SMM_MONITOR_CTL is not available in guests.

Need to make sure CR4.SMXE is cleared in guests.

Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Zide Chen 2018-12-13 15:45:44 -08:00 committed by wenlingz
parent a4b166d5e8
commit f4cce46605
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hypervisor/arch/x86/guest/vcpuid.c
View File

@ -315,6 +315,9 @@ void guest_cpuid(struct acrn_vcpu *vcpu, uint32_t *eax, uint32_t *ebx, uint32_t
*edx &= ~CPUID_EDX_MTRR; *edx &= ~CPUID_EDX_MTRR;
#endif #endif
/* mask Safer Mode Extension */
*ecx &= ~CPUID_ECX_SMX;
/* mask pcid */ /* mask pcid */
*ecx &= ~CPUID_ECX_PCID; *ecx &= ~CPUID_ECX_PCID;

5
hypervisor/arch/x86/guest/vmsr.c
View File

@ -53,7 +53,7 @@ static const uint32_t mtrr_msrs[NUM_MTRR_MSRS] = {
}; };
/* Following MSRs are intercepted, but it throws GPs for any guest accesses */ /* Following MSRs are intercepted, but it throws GPs for any guest accesses */
#define NUM_UNSUPPORTED_MSRS 95U #define NUM_UNSUPPORTED_MSRS 96U
static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = { static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
/* Variable MTRRs are not supported */ /* Variable MTRRs are not supported */
MSR_IA32_MTRR_PHYSBASE_0, MSR_IA32_MTRR_PHYSBASE_0,
@ -173,6 +173,9 @@ static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
MSR_IA32_RTIT_ADDR2_B, MSR_IA32_RTIT_ADDR2_B,
MSR_IA32_RTIT_ADDR3_A, MSR_IA32_RTIT_ADDR3_A,
MSR_IA32_RTIT_ADDR3_B, MSR_IA32_RTIT_ADDR3_B,
/* SMM Monitor Configuration: CPUID.01H.ECX[5] and CPUID.01H.ECX[6] */
MSR_IA32_SMM_MONITOR_CTL,
}; };
#define NUM_X2APIC_MSRS 44U #define NUM_X2APIC_MSRS 44U

6
hypervisor/arch/x86/vmcs.c
View File

@ -281,8 +281,8 @@ static bool is_cr4_write_valid(struct acrn_vcpu *vcpu, uint64_t cr4)
if ((cr4 & cr4_always_off_mask) != 0U) { if ((cr4 & cr4_always_off_mask) != 0U) {
ret = false; ret = false;
} else { } else {
/* Do NOT support nested guest */ /* Do NOT support nested guest, nor SMX */
if ((cr4 & CR4_VMXE) != 0UL) { if (((cr4 & CR4_VMXE) != 0UL) || ((cr4 & CR4_SMXE) != 0UL)) {
ret = false; ret = false;
} else { } else {
/* Do NOT support PCID in guest */ /* Do NOT support PCID in guest */
@ -417,7 +417,7 @@ static void init_guest_state(struct acrn_vcpu *vcpu)
&vcpu->arch.contexts[vcpu->arch.cur_context]; &vcpu->arch.contexts[vcpu->arch.cur_context];
init_guest_vmx(vcpu, ctx->run_ctx.cr0, ctx->ext_ctx.cr3, init_guest_vmx(vcpu, ctx->run_ctx.cr0, ctx->ext_ctx.cr3,
ctx->run_ctx.cr4 & ~CR4_VMXE); ctx->run_ctx.cr4 & ~(CR4_VMXE | CR4_SMXE));
} }
static void init_host_state(void) static void init_host_state(void)