Avi Kivity wrote:
> On 11/14/2010 12:41 PM, Jan Kiszka wrote:
>> Am 14.11.2010 11:30, Avi Kivity wrote:
>>> On 11/14/2010 11:18 AM, Jan Kiszka wrote:
>>>> From: Jan Kiszka<jan.kiszka@xxxxxxxxxxx>
>>>>
>>>> Without CONFIG_INTEL_TXT, the user must not enable this feature
>>>> in the BIOS. Otherwise, KVM will not work. Explain this
>>>> dependency via a kernel log message.
>>>>
>>>> Signed-off-by: Jan Kiszka<jan.kiszka@xxxxxxxxxxx>
>>>> ---
>>>> arch/x86/kvm/vmx.c | 7 ++++++-
>>>> 1 files changed, 6 insertions(+), 1 deletions(-)
>>>>
>>>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>>>> index 9367abc..ebafd57 100644
>>>> --- a/arch/x86/kvm/vmx.c
>>>> +++ b/arch/x86/kvm/vmx.c
>>>> @@ -1306,8 +1306,13 @@ static __init int
>>>> vmx_disabled_by_bios(void) && tboot_enabled())
>>>> return 1;
>>>> if (!(msr& FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX)
>>>> -&& !tboot_enabled()) +&& !tboot_enabled()) {
>>>> +#ifndef CONFIG_INTEL_TXT
>>>> + printk(KERN_INFO "kvm: if TXT is enabled in the
>>>> bios, " + "kvm depends on
>>>> CONFIG_INTEL_TXT\n"); +#endif return 1;
>>>> + }
>>>> }
>>>>
Why do we need this?
If TXT is enabled in the bios, it doesn't mean TXT is launched but TXT is available.
tboot_enabled() = TXT is launched. And non-CONFIG_INTEL_TXT means tboot_enabled() = 0.
If you enable VT in bios, FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX is set.
>>>
>>> Maybe reword to an instruction?
>>>
>>> Something like
>>>
>>> kvm: TXT enabled in the bios. Either disable TXT in the bios, or
>>> enable CONFIG_INTEL_TXT in your kernel.
>>>
>>
>> I always get an aching head when thinking about these dependency:
>> Does FEATURE_CONTROL_LOCKED&&
>> !FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX imply that the BIOS uses
>> TXT?
No
Or could it also mean that it just disabled VT-x explicitly?
>
> Probably the latter, at least that's what we took it to mean before it
> was renamed to that long string.
Yes, it is.
>
>> As CONFIG_INTEL_TXT is off, we do not know if
>> tboot_enabled is off as well.
>
CONFIG_INTEL_TXT is off, tboot_enabled() must be off.
> I guess, if FEATURE_CONTROL_VMXON_ENABLED_INSIDER_SMX_YADA_YADA_YADA
> is set, then the bios wants us to enable TXT.
Yes. In most cases if TXT is enabled in the bios, the bit is set, otherwise, it is clear.
FEATURE_CONTROL_VMXON_ENABLED_INSIDER_SMX and FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX can be set at the same time. It doesn't mean bios wants us to enable TXT.
Here we just check the following logic in the spec for feature control MSR:
- Bit 1 enables VMXON in SMX operation. If this bit is clear, execution of
VMXON in SMX operation causes a general-protection exception.
- Bit 2 enables VMXON outside SMX operation. If this bit is clear, execution of
VMXON outside SMX operation causes a general-protection exception.
> But if both bits are
> clear, the bios really doesn't want us to play with vmx.
Yes it is.
> But it
> would be good to get Intel guidance before we pass our confusion on
> to users.
Thanks.
Shane
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
