OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity

hv: disable SMX (Safer Mode Extension) from guest CPUID 

SMX should be disabled on guests.

Actually current code assumes SMX is disabled (no VM exit handler for GETSEC
and bit 2 of IA32_FEATURE_CONTROL is set), and this patch simply explicitly
clear guest CPUID.01H.ECX[6].

Since both CPUID.01H.ECX[5] and CPUID.01H.ECX[6] are cleared from guest CPUID,
MSR IA32_SMM_MONITOR_CTL is not available in guests.

Need to make sure CR4.SMXE is cleared in guests.

Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Zide Chen 2018-12-13 15:45:44 -08:00 committed by wenlingz
parent a4b166d5e8
commit f4cce46605
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hypervisor/arch/x86/guest/vcpuid.c
View File

@ -315,6 +315,9 @@ void guest_cpuid(struct acrn_vcpu *vcpu, uint32_t *eax, uint32_t *ebx, uint32_t
*edx &= ~CPUID_EDX_MTRR;
#endif
/* mask Safer Mode Extension */
*ecx &= ~CPUID_ECX_SMX;
/* mask pcid */
*ecx &= ~CPUID_ECX_PCID;

5
hypervisor/arch/x86/guest/vmsr.c
View File

@ -53,7 +53,7 @@ static const uint32_t mtrr_msrs[NUM_MTRR_MSRS] = {
};
/* Following MSRs are intercepted, but it throws GPs for any guest accesses */
#define NUM_UNSUPPORTED_MSRS 95U
#define NUM_UNSUPPORTED_MSRS 96U
static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
/* Variable MTRRs are not supported */
MSR_IA32_MTRR_PHYSBASE_0,
@ -173,6 +173,9 @@ static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
MSR_IA32_RTIT_ADDR2_B,
MSR_IA32_RTIT_ADDR3_A,
MSR_IA32_RTIT_ADDR3_B,
/* SMM Monitor Configuration: CPUID.01H.ECX[5] and CPUID.01H.ECX[6] */
MSR_IA32_SMM_MONITOR_CTL,
};
#define NUM_X2APIC_MSRS 44U

6
hypervisor/arch/x86/vmcs.c
View File

@ -281,8 +281,8 @@ static bool is_cr4_write_valid(struct acrn_vcpu *vcpu, uint64_t cr4)
if ((cr4 & cr4_always_off_mask) != 0U) {
ret = false;
} else {
/* Do NOT support nested guest */
if ((cr4 & CR4_VMXE) != 0UL) {
/* Do NOT support nested guest, nor SMX */
if (((cr4 & CR4_VMXE) != 0UL) || ((cr4 & CR4_SMXE) != 0UL)) {
ret = false;
} else {
/* Do NOT support PCID in guest */
@ -417,7 +417,7 @@ static void init_guest_state(struct acrn_vcpu *vcpu)
&vcpu->arch.contexts[vcpu->arch.cur_context];
init_guest_vmx(vcpu, ctx->run_ctx.cr0, ctx->ext_ctx.cr3,
ctx->run_ctx.cr4 & ~CR4_VMXE);
ctx->run_ctx.cr4 & ~(CR4_VMXE | CR4_SMXE));
}
static void init_host_state(void)