Hi Tony, Bandan, Thanks very much for pointing out the bug and providing the fix. Here is an alternative patch, in which just one function was modified, let me know if there is any question about it:
diff -r 1ed81e157733 tboot/txt/verify.c --- a/tboot/txt/verify.c Wed Apr 20 16:31:18 2016 -0700 +++ b/tboot/txt/verify.c Wed May 04 17:46:30 2016 -0700 @@ -109,8 +109,13 @@ } g_cpuid_ext_feat_info = cpuid_ecx(1); - g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL); - printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr); + /* read feature control msr if processor supports VMX instructions */ + if ( (g_cpuid_ext_feat_info & CPUID_X86_FEATURE_VMX) ) { + g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL); + printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr); + } + else + printk(TBOOT_DETA"CPU does not support VMX, IA32_FEATURE_CONTROL_MSR is non-existent.\n"); return true; } Regards, -Ning -----Original Message----- From: Tony Camuso [mailto:tcam...@redhat.com] Sent: Wednesday, May 04, 2016 10:32 AM To: tboot-devel@lists.sourceforge.net Cc: Bandan Das <b...@redhat.com> Subject: [tboot-devel] [PATCH] Check for VMX support before reading feature control MSR We found this problem when booting a KVM guest through tboot from a host OS where the VMX register is not exposed to the guest, even when the guest has cloned the host CPU. Attempting to read MSR_IA32_FEATURE_CONTROL before checking whether it exists, on CPUs where it does not exist, sends the BSP into an infinite loop. #GP is asserted when trying to read the non-existent MSR, which resets the IP, only to again encounter the attempted read of the non-existent MSR. Postponing the read of MSR_IA32_FEATURE_CONTROL until the existence of VMX has been ascertained prevents this problem. Signed-off-by: Bandan Das <b...@redhat.com> Signed-off-by: Tony Camuso <tcam...@redhat.com> --- tboot/txt/verify.c.orig 2016-05-02 13:32:25.144003225 -0400 +++ tboot/txt/verify.c 2016-05-04 13:25:27.614166207 -0400 @@ -109,8 +109,6 @@ static bool read_processor_info(void) } g_cpuid_ext_feat_info = cpuid_ecx(1); - g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL); - printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr); return true; } @@ -123,7 +121,13 @@ static bool supports_vmx(void) } printk(TBOOT_INFO"CPU is VMX-capable\n"); - /* and that VMX is enabled in the feature control MSR */ + /* Now that we know we support VMX, it is safe to read the feature + * control MSR. + */ + g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL); + printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", + g_feat_ctrl_msr); + + /* check that VMX is enabled in the feature control MSR */ if ( !(g_feat_ctrl_msr & IA32_FEATURE_CONTROL_MSR_ENABLE_VMX_IN_SMX) ) { printk(TBOOT_ERR"ERR: VMXON disabled by feature control MSR (%lx)\n", g_feat_ctrl_msr); ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel