Hi Tony, Bandan,
Thanks very much for pointing out the bug and providing the fix.
Here is an alternative patch, in which just one function was modified, let me
know if there is any question about it:
diff -r 1ed81e157733 tboot/txt/verify.c
--- a/tboot/txt/verify.c Wed Apr 20 16:31:18 2016 -0700
+++ b/tboot/txt/verify.c Wed May 04 17:46:30 2016 -0700
@@ -109,8 +109,13 @@
}
g_cpuid_ext_feat_info = cpuid_ecx(1);
- g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL);
- printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr);
+ /* read feature control msr if processor supports VMX instructions */
+ if ( (g_cpuid_ext_feat_info & CPUID_X86_FEATURE_VMX) ) {
+ g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL);
+ printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr);
+ }
+ else
+ printk(TBOOT_DETA"CPU does not support VMX, IA32_FEATURE_CONTROL_MSR
is non-existent.\n");
return true;
}
Regards,
-Ning
-----Original Message-----
From: Tony Camuso [mailto:tcam...@redhat.com]
Sent: Wednesday, May 04, 2016 10:32 AM
To: tboot-devel@lists.sourceforge.net
Cc: Bandan Das <b...@redhat.com>
Subject: [tboot-devel] [PATCH] Check for VMX support before reading feature
control MSR
We found this problem when booting a KVM guest through tboot from a host OS
where the VMX register is not exposed to the guest, even when the guest has
cloned the host CPU.
Attempting to read MSR_IA32_FEATURE_CONTROL before checking whether it exists,
on CPUs where it does not exist, sends the BSP into an infinite loop. #GP is
asserted when trying to read the non-existent MSR, which resets the IP, only to
again encounter the attempted read of the non-existent MSR.
Postponing the read of MSR_IA32_FEATURE_CONTROL until the existence of VMX has
been ascertained prevents this problem.
Signed-off-by: Bandan Das <b...@redhat.com>
Signed-off-by: Tony Camuso <tcam...@redhat.com>
--- tboot/txt/verify.c.orig 2016-05-02 13:32:25.144003225 -0400
+++ tboot/txt/verify.c 2016-05-04 13:25:27.614166207 -0400
@@ -109,8 +109,6 @@ static bool read_processor_info(void)
}
g_cpuid_ext_feat_info = cpuid_ecx(1);
- g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL);
- printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr);
return true;
}
@@ -123,7 +121,13 @@ static bool supports_vmx(void)
}
printk(TBOOT_INFO"CPU is VMX-capable\n");
- /* and that VMX is enabled in the feature control MSR */
+ /* Now that we know we support VMX, it is safe to read the feature
+ * control MSR.
+ */
+ g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL);
+ printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n",
+ g_feat_ctrl_msr);
+
+ /* check that VMX is enabled in the feature control MSR */
if ( !(g_feat_ctrl_msr & IA32_FEATURE_CONTROL_MSR_ENABLE_VMX_IN_SMX) ) {
printk(TBOOT_ERR"ERR: VMXON disabled by feature control MSR (%lx)\n",
g_feat_ctrl_msr);
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
