On Thu, Dec 12, 2019 at 12:38:38PM +0100, Borislav Petkov wrote:
On Wed, Nov 27, 2019 at 05:40:07PM -0800, Sean Christopherson wrote:
+static void init_vmx_capabilities(struct cpuinfo_x86 *c) +{
- u32 supported, funcs, ept, vpid, ign;
- BUILD_BUG_ON(NVMXINTS != NR_VMX_FEATURE_WORDS);
- /*
* The high bits contain the allowed-1 settings, i.e. features that can
* be turned on. The low bits contain the allowed-0 settings, i.e.
* features that can be turned off. Ignore the allowed-0 settings,
* if a feature can be turned on then it's supported.
*/
- rdmsr(MSR_IA32_VMX_PROCBASED_CTLS, ign, supported);
- c->vmx_capability[PRIMARY_PROC_CTLS] = supported;
- rdmsr_safe(MSR_IA32_VMX_PROCBASED_CTLS2, &ign, &supported);
- c->vmx_capability[SECONDARY_PROC_CTLS] = supported;
- rdmsr(MSR_IA32_VMX_PINBASED_CTLS, ign, supported);
- rdmsr_safe(MSR_IA32_VMX_VMFUNC, &ign, &funcs);
- /*
* Except for EPT+VPID, which enumerates support for both in a single
* MSR, low for EPT, high for VPID.
*/
- rdmsr_safe(MSR_IA32_VMX_EPT_VPID_CAP, &ept, &vpid);
Right, so this is a garden variety of rdmsr() and rdmsr_safe() and the safe variant's retval needs to be checked, strictly speaking. It probably doesn't matter here since you'll get 0s if it fails, which means feature not supported, so all good.
But I guess you can still use rdmsr_safe() everywhere just so it doesn't cause head scratching in the future, when one looks at that code.
The reasoning behind using vanilla rdmsr() on PROC and PIN controls is that those MSRs should exist on any CPU that supports VMX, i.e. we want the WARN.
The alternative would be to use rdmsr_safe() for everything and then explicitly disable VMX if a fault on PROC or PIN occurs, but that circles us back to the handling a fault on rdmsr(MSR_IA32_FEAT_CTL), i.e. is it really worth gracefully handling a fault that should never occur?
+#endif /* CONFIG_X86_VMX_FEATURE_NAMES */ #undef pr_fmt #define pr_fmt(fmt) "x86/cpu: " fmt @@ -50,5 +116,9 @@ void init_ia32_feat_ctl(struct cpuinfo_x86 *c) pr_err_once("VMX (%s TXT) disabled by BIOS\n", tboot ? "inside" : "outside"); clear_cpu_cap(c, X86_FEATURE_VMX);
- } else {
+#ifdef CONFIG_X86_VMX_FEATURE_NAMES
init_vmx_capabilities(c);
+#endif
Can't say that I'm happy about all that ifdeffery but I guess we need to perpetuate this since X86_FEATURE_NAMES is there for embedded. In practice, probably no one disables it...
Ya, systemd wasn't happy when I tried booting without X86_FEATURE_NAMES.