Re: [PATCH v3 09/19] x86/cpu: Clear VMX feature flag if VMX is not fully enabled

Borislav Petkov <bp@xxxxxxxxx> · Thu, 21 Nov 2019 17:24:52 +0100

On Mon, Nov 18, 2019 at 07:12:30PM -0800, Sean Christopherson wrote:
> Now that the IA32_FEATURE_CONTROL MSR is guaranteed to be configured and
> locked, clear the VMX capability flag if the IA32_FEATURE_CONTROL MSR is
> not supported or if BIOS disabled VMX, i.e. locked IA32_FEATURE_CONTROL
> and did not set the appropriate VMX enable bit.
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
>  arch/x86/kernel/cpu/feature_control.c | 28 ++++++++++++++++++++++++---
>  1 file changed, 25 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/feature_control.c b/arch/x86/kernel/cpu/feature_control.c
> index 33c9444dda52..2bd1a9e6021a 100644
> --- a/arch/x86/kernel/cpu/feature_control.c
> +++ b/arch/x86/kernel/cpu/feature_control.c
> @@ -5,15 +5,26 @@
>  #include <asm/msr-index.h>
>  #include <asm/processor.h>
>  
> +#undef pr_fmt
> +#define pr_fmt(fmt)	"x86/cpu: " fmt
> +
> +#define FEAT_CTL_UNSUPPORTED_MSG "IA32_FEATURE_CONTROL MSR unsupported on VMX capable CPU, suspected hardware or hypervisor issue.\n"
> +
>  void init_feature_control_msr(struct cpuinfo_x86 *c)
>  {
> +	bool tboot = tboot_enabled();
>  	u64 msr;
>  
> -	if (rdmsrl_safe(MSR_IA32_FEATURE_CONTROL, &msr))
> +	if (rdmsrl_safe(MSR_IA32_FEATURE_CONTROL, &msr)) {
> +		if (cpu_has(c, X86_FEATURE_VMX)) {
> +			pr_err_once(FEAT_CTL_UNSUPPORTED_MSG);
> +			clear_cpu_cap(c, X86_FEATURE_VMX);
> +		}
>  		return;
> +	}

Right, so this test: is this something that could happen on some
configurations - i.e., the MSR is not there but VMX bit is set - or are
you being too cautious here?

IOW, do you have any concrete use cases in mind (cloud provider can f*ck
it up this way) or?

My angle is that if this is never going to happen, why even bother to
print anything...

>  	if (msr & FEAT_CTL_LOCKED)
> -		return;
> +		goto update_caps;
>  
>  	/*
>  	 * Ignore whatever value BIOS left in the MSR to avoid enabling random
> @@ -28,8 +39,19 @@ void init_feature_control_msr(struct cpuinfo_x86 *c)
>  	 */
>  	if (cpu_has(c, X86_FEATURE_VMX) && IS_ENABLED(CONFIG_KVM)) {
>  		msr |= FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX;
> -		if (tboot_enabled())
> +		if (tboot)
>  			msr |= FEAT_CTL_VMX_ENABLED_INSIDE_SMX;
>  	}
>  	wrmsrl(MSR_IA32_FEATURE_CONTROL, msr);
> +
> +update_caps:
> +	if (!cpu_has(c, X86_FEATURE_VMX))
> +		return;
> +
> +	if ((tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) ||
> +	    (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) {

Align those vertically like this so that the check is grokkable at a
quick glance:

	if ( (tboot && !(msr & FEAT_CTL_VMX_ENABLED_INSIDE_SMX)) ||
	    (!tboot && !(msr & FEAT_CTL_VMX_ENABLED_OUTSIDE_SMX))) {

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette