On 2018-04-09 18:24, [email protected] wrote:
> Whithout the check, jailhouse enable configs/x86/sysconfig.cell results
> in a GP and a reboot
> make sure proper reporting of mandatory firmware enable and optional VMX
> on SMX.
> do not allow enable if firmware has disabled VT-X
>
> Signed-off-by: Francois-Frederic Ozog <[email protected]>
> ---
> configs/x86/tiny-demo.c | 2 +-
> driver/main.c | 17 +++++++++++++++++
> tools/jailhouse-hardware-check | 4 ++--
> 3 files changed, 20 insertions(+), 3 deletions(-)
>
> diff --git a/configs/x86/tiny-demo.c b/configs/x86/tiny-demo.c
> index 9666bf63..ac2368e2 100644
> --- a/configs/x86/tiny-demo.c
> +++ b/configs/x86/tiny-demo.c
> @@ -39,7 +39,7 @@ struct {
> },
>
> .cpus = {
> - 0x4,
> + 0x2,
That looks unrelated - if not undesired.
> },
>
> .mem_regions = {
> diff --git a/driver/main.c b/driver/main.c
> index ee585848..7a834977 100644
> --- a/driver/main.c
> +++ b/driver/main.c
> @@ -40,6 +40,12 @@
> #ifdef CONFIG_ARM
> #include <asm/virt.h>
> #endif
> +#ifdef CONFIG_X86
> +#include <asm/cpu.h>
> +#include <asm/msr-index.h>
> +/* as per IA32_FEATURE_CONTROL MSR documentation */
> +#define VMXON_BIOS_ALLOWED (1ULL<<2)
That's FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX.
> +#endif
>
> #include "cell.h"
> #include "jailhouse.h"
> @@ -392,6 +398,17 @@ static int jailhouse_cmd_enable(struct
> jailhouse_system __user *arg)
> goto error_put_module;
> }
> #endif
> +#ifdef CONFIG_X86
> + {
> + u64 features;
Coding style: missing blank line.
> + rdmsrl(MSR_IA32_FEATURE_CONTROL, features);
> + if ((features & VMXON_BIOS_ALLOWED) == 0) {
> + pr_err("jailhouse: vt-x disabled by BIOS\n");
> + err = -ENODEV;
> + goto error_put_module;
> + }
I strongly suspect that this breaks AMD...
> + }
> +#endif
>
> /* Load hypervisor image */
> err = request_firmware(&hypervisor, fw_name, jailhouse_dev);
> diff --git a/tools/jailhouse-hardware-check
> b/tools/jailhouse-hardware-check
> index 67d3b078..f8b35c99 100755
> --- a/tools/jailhouse-hardware-check
> +++ b/tools/jailhouse-hardware-check
> @@ -182,8 +182,8 @@ if cpu_vendor == 'GenuineIntel':
> check_feature('VT-x (VMX)', 'vmx' in cpu_features)
>
> feature = msr.read(MSR.IA32_FEATURE_CONTROL)
> - check_feature(' VMX without TXT',
> - (feature & (1 << 0)) == 0 or feature & (1 << 2))
> + check_feature(' VMX allowed by BIOS', feature & (1 << 2))
> + check_feature(' VMX without TXT', (feature & (1 << 0)) == 0, True)
> check_feature(' IA32_TRUE_*_CLTS',
> msr.read(MSR.IA32_VMX_BASIC) & (1 << 55))
>
Looks good, but this split-up should be a separate patch.
Thanks,
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
