# HG changeset patch # User Bandan Das # Date 1463518351 14400 # Tue May 17 16:52:31 2016 -0400 # Node ID 48936dfc0d232660db89ac2de7f924195f2b3760 # Parent 1ed81e15773346e5bfb6da253f7476f37ceeea3d # v2: Move the check up since g_cpuid_ext_feat_info is accessed before # the call to supports_vmx, also check for smx support We found this problem when booting a KVM guest through tboot from a host OS where the VMX register is not exposed to the guest, even when the guest has cloned the host CPU.
Attempting to read MSR_IA32_FEATURE_CONTROL before checking whether it exists, on CPUs where it does not exist, sends the BSP into an infinite loop. #GP is asserted when trying to read the non-existent MSR, which resets the IP, only to again encounter the attempted read of the non-existent MSR. Postponing the read of MSR_IA32_FEATURE_CONTROL until the existence of VMX/SMX has been ascertained prevents this problem. Signed-off-by: Tony Camuso <tcam...@redhat.com> Signed-off-by: Bandan Das <b...@redhat.com> diff -r 1ed81e157733 -r 48936dfc0d23 tboot/txt/verify.c --- a/tboot/txt/verify.c Wed Apr 20 16:31:18 2016 -0700 +++ b/tboot/txt/verify.c Tue May 17 16:52:31 2016 -0400 @@ -109,8 +109,13 @@ } g_cpuid_ext_feat_info = cpuid_ecx(1); - g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL); - printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr); + /* read feature control msr only if processor supports VMX or SMX instructions */ + if ( (g_cpuid_ext_feat_info & CPUID_X86_FEATURE_VMX) || + (g_cpuid_ext_feat_info & CPUID_X86_FEATURE_SMX) ) { + g_feat_ctrl_msr = rdmsr(MSR_IA32_FEATURE_CONTROL); + printk(TBOOT_DETA"IA32_FEATURE_CONTROL_MSR: %08lx\n", g_feat_ctrl_msr); + } + return true; } ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel