Changeset 48267 in vbox

Timestamp:

Sep 4, 2013 2:06:50 PM (11 years ago)

Author:

vboxsync

Message:

VMM: Allow VT-x to be used in SMX mode, more granular error checking.

Location:

trunk

Files:

• include/VBox/err.h (modified) (2 diffs)
• include/iprt/x86.h (modified) (2 diffs)
• src/VBox/HostDrivers/Support/SUPDrv.c (modified) (4 diffs)
• src/VBox/VMM/VMMR0/HMR0.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMR3/HM.cpp (modified) (2 diffs)

trunk/include/VBox/err.h

@@ -1905 +1905 @@
 /** Somebody cleared X86_CR4_VMXE in the CR4 register. */
 #define VERR_VMX_X86_CR4_VMXE_CLEARED               (-4012)
-/** VT-x features locked or unavailable in MSR. */
-#define VERR_VMX_MSR_LOCKED_OR_DISABLED             (-4013)
+/** Failed to enable and lock VT-x features. */
+#define VERR_VMX_MSR_LOCKING_FAILED                 (-4013)
 /** Unable to switch due to invalid guest state. */
 #define VERR_VMX_INVALID_GUEST_STATE                (-4014)
@@ -1933 +1933 @@
 /** Internal VMX processing error no 1. */
 #define VERR_HMVMX_IPE_5                            (-4027)
+/** VT-x features for SMX operation disabled by the BIOS. */
+#define VERR_VMX_MSR_SMX_VMXON_DISABLED             (-4028)
+/** VT-x features disabled by the BIOS. */
+#define VERR_VMX_MSR_VMXON_DISABLED                 (-4029)
 /** @} */
 

trunk/include/iprt/x86.h

@@ -950 +950 @@
 #define MSR_IA32_FEATURE_CONTROL            0x3A
 #define MSR_IA32_FEATURE_CONTROL_LOCK       RT_BIT(0)
+#define MSR_IA32_FEATURE_CONTROL_SMX_VMXON  RT_BIT(1)
 #define MSR_IA32_FEATURE_CONTROL_VMXON      RT_BIT(2)
 
@@ -1180 +1181 @@
 /** K8 FS.base - The 64-bit base FS register. */
 #define MSR_K8_FS_BASE                      UINT32_C(0xc0000100)
-/** K8 GS.base - The 64-bit base GS register. */      
+/** K8 GS.base - The 64-bit base GS register. */
 #define MSR_K8_GS_BASE                      UINT32_C(0xc0000101)
 /** K8 KernelGSbase - Used with SWAPGS. */

trunk/src/VBox/HostDrivers/Support/SUPDrv.c

@@ -3394 +3394 @@
         uint32_t fFeaturesECX, fFeaturesEDX, uDummy;
         uint32_t uMaxId, uVendorEBX, uVendorECX, uVendorEDX;
-        uint64_t u64Value;
+        uint64_t u64FeatMsr;
 
         ASMCpuId(0, &uMaxId, &uVendorEBX, &uVendorECX, &uVendorEDX);
@@ -3409 +3409 @@
                )
             {
+                bool fInSmxMode;
+                bool fMsrLocked;
+                bool fSmxVmxAllowed;
+                bool fVmxAllowed;
+
                 /*
-                 * Both the LOCK and VMXON bit must be set; otherwise VMXON will generate a #GP.
-                 * Once the lock bit is set, this MSR can no longer be modified.
+                 * We require the lock bit and the appropriate VMXON bit to be set otherwise VMXON will generate a #GP
+                 * This is a simplified check (assumes BIOS does it job and properly locks the control bit). For the more
+                 * extensive procedure see hmR0InitIntelCpu().
                  */
-                u64Value = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
-                if (      (u64Value & (MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK))
-                       ==             (MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK) /* enabled and locked */
-                    || !(u64Value & MSR_IA32_FEATURE_CONTROL_LOCK) /* not enabled, but not locked either */
-                   )
+                u64FeatMsr     = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
+                fInSmxMode     = !!(ASMGetCR4() & X86_CR4_SMXE);
+                fMsrLocked     = !!(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_LOCK);
+                fSmxVmxAllowed = fMsrLocked && !!(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
+                fVmxAllowed    = fMsrLocked && !!(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_VMXON);
+                if (   (fInSmxMode && fSmxVmxAllowed)
+                    || fVmxAllowed)
                 {
                     VMX_CAPABILITY vtCaps;
@@ -3432 +3440 @@
                     return VINF_SUCCESS;
                 }
-                return VERR_VMX_MSR_LOCKED_OR_DISABLED;
+                return fInSmxMode ? VERR_VMX_MSR_SMX_VMXON_DISABLED : VERR_VMX_MSR_VMXON_DISABLED;
             }
             return VERR_VMX_NO_VMX;
@@ -3451 +3459 @@
             {
                 /* Check if SVM is disabled */
-                u64Value = ASMRdMsr(MSR_K8_VM_CR);
-                if (!(u64Value & MSR_K8_VM_CR_SVM_DISABLE))
+                u64FeatMsr = ASMRdMsr(MSR_K8_VM_CR);
+                if (!(u64FeatMsr & MSR_K8_VM_CR_SVM_DISABLE))
                 {
                     uint32_t fSvmFeatures;

trunk/src/VBox/VMM/VMMR0/HMR0.cpp

@@ -799 +799 @@
 
 /**
- * Worker function used by hmR0PowerCallback  and HMR0Init to initalize
- * VT-x on a CPU.
+ * Worker function used by hmR0PowerCallback() and HMR0Init() to initalize VT-x
+ * on a CPU.
  *
  * @param   idCpu       The identifier for the CPU the function is called on.
@@ -812 +812 @@
     NOREF(pvUser2);
 
-    /*
-     * Both the LOCK and VMXON bit must be set; otherwise VMXON will generate a #GP.
-     * Once the lock bit is set, this MSR can no longer be modified.
-     */
     uint64_t fFC = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
-    if (   !(fFC    & (MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK))
-        || (   (fFC & (MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK))
-            == MSR_IA32_FEATURE_CONTROL_VMXON ) /* Some BIOSes forget to set the locked bit. */
-       )
-    {
-        /* MSR is not yet locked; we can change it ourselves here. */
-        ASMWrMsr(MSR_IA32_FEATURE_CONTROL,
-                 g_HvmR0.vmx.Msrs.u64FeatureCtrl | MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK);
+    bool const fInSmxMode       = !!(ASMGetCR4() & X86_CR4_SMXE);
+    bool       fMsrLocked       = !!(fFC & MSR_IA32_FEATURE_CONTROL_LOCK);
+    bool       fSmxVmxAllowed   = !!(fFC & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
+    bool       fVmxAllowed      = !!(fFC & MSR_IA32_FEATURE_CONTROL_VMXON);
+
+    /* Check if the LOCK bit is set but excludes the required VMXON bit. */
+    int rc = VERR_HM_IPE_1;
+    if (fMsrLocked)
+    {
+        if (fInSmxMode && !fSmxVmxAllowed)
+            rc = VERR_VMX_MSR_SMX_VMXON_DISABLED;
+        else if (!fVmxAllowed)
+            rc = VERR_VMX_MSR_VMXON_DISABLED;
+        else
+            rc = VINF_SUCCESS;
+    }
+    else
+    {
+        /*
+         * MSR is not yet locked; we can change it ourselves here.
+         * Once the lock bit is set, this MSR can no longer be modified.
+         */
+        fFC |= MSR_IA32_FEATURE_CONTROL_LOCK;
+        if (fInSmxMode)
+            fFC |= MSR_IA32_FEATURE_CONTROL_SMX_VMXON;
+        else
+            fFC |= MSR_IA32_FEATURE_CONTROL_VMXON;
+
+        ASMWrMsr(MSR_IA32_FEATURE_CONTROL, fFC);
+
+        /* Verify. */
         fFC = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
-    }
-
-    int rc;
-    if ((fFC & (MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK))
-        ==     (MSR_IA32_FEATURE_CONTROL_VMXON | MSR_IA32_FEATURE_CONTROL_LOCK))
-    {
-        rc = VINF_SUCCESS;
-    }
-    else
-        rc = VERR_VMX_MSR_LOCKED_OR_DISABLED;
+        fMsrLocked     = !!(fFC & MSR_IA32_FEATURE_CONTROL_LOCK);
+        fSmxVmxAllowed = fMsrLocked && !!(fFC & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
+        fVmxAllowed    = fMsrLocked && !!(fFC & MSR_IA32_FEATURE_CONTROL_VMXON);
+
+        if (   (fInSmxMode && fSmxVmxAllowed)
+            || fVmxAllowed)
+        {
+            rc = VINF_SUCCESS;
+        }
+        else
+            rc = VERR_VMX_MSR_LOCKING_FAILED;
+    }
 
     hmR0FirstRcSetStatus(pFirstRc, rc);
@@ -929 +950 @@
 
 /**
- * Worker function passed to RTMpOnAll, RTMpOnOthers and RTMpOnSpecific that
- * is to be called on the target cpus.
+ * Worker function passed to RTMpOnAll() that is to be called on all CPUs.
  *
  * @param   idCpu       The identifier for the CPU the function is called on.

trunk/src/VBox/VMM/VMMR3/HM.cpp

@@ -504 +504 @@
                     break;
 
-                case VERR_VMX_MSR_LOCKED_OR_DISABLED:
-                    pszMsg = "VT-x is disabled in the BIOS (or by the host OS).";
+                case VERR_VMX_MSR_VMXON_DISABLED:
+                    pszMsg = "VT-x is disabled in the BIOS.";
+                    break;
+
+                case VERR_VMX_MSR_SMX_VMXON_DISABLED:
+                    pszMsg = "VT-x is disabled in the BIOS for Safer-Mode/Trusted Extensions.";
+                    break;
+
+                case VERR_VMX_MSR_LOCKING_FAILED:
+                    pszMsg = "Failed to enable and lock VT-x features.";
                     break;
 
@@ -906 +914 @@
             case VERR_VMX_NO_VMX:
                 return VM_SET_ERROR(pVM, VERR_VMX_NO_VMX, "VT-x is not available.");
-            case VERR_VMX_MSR_LOCKED_OR_DISABLED:
-                return VM_SET_ERROR(pVM, VERR_VMX_NO_VMX, "VT-x is disabled in the BIOS (or by the host OS).");
+            case VERR_VMX_MSR_VMXON_DISABLED:
+                return VM_SET_ERROR(pVM, VERR_VMX_NO_VMX, "VT-x is disabled in the BIOS.");
+            case VERR_VMX_MSR_SMX_VMXON_DISABLED:
+                return VM_SET_ERROR(pVM, VERR_VMX_NO_VMX, "VT-x is disabled in the BIOS for Safer-Mode/Trusted Extensions.");
+            case VERR_VMX_MSR_LOCKING_FAILED:
+                return VM_SET_ERROR(pVM, VERR_VMX_NO_VMX, "Failed to enable and lock VT-x features.");
 
             case VERR_SVM_IN_USE: