Changeset 70917 in vbox for trunk/src/VBox/HostDrivers/Support

Timestamp:

Feb 8, 2018 3:56:43 PM (7 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

120745

Message:

SUPDrv,VMM: Added SUPR0GetRawModeUsability() for checking whether we're allowed to modify CR4 under Hyper-V. It's called from VMMR0/ModuleInit and the result is cached in a global variable and checked before we call into RC.

Location:

trunk/src/VBox/HostDrivers/Support

Files:

• SUPDrv.cpp (modified) (7 diffs)
• SUPDrvIOC.h (modified) (2 diffs)
• SUPDrvInternal.h (modified) (1 diff)
• SUPLib.cpp (modified) (3 diffs)
• win/SUPDrv-win.cpp (modified) (2 diffs)

trunk/src/VBox/HostDrivers/Support/SUPDrv.cpp

@@ -204 +204 @@
     { "SUPR0GetSvmUsability",                   (void *)(uintptr_t)SUPR0GetSvmUsability },
     { "SUPR0GetVmxUsability",                   (void *)(uintptr_t)SUPR0GetVmxUsability },
+    { "SUPR0GetRawModeUsability",               (void *)(uintptr_t)SUPR0GetRawModeUsability },
     { "SUPR0LockMem",                           (void *)(uintptr_t)SUPR0LockMem },
     { "SUPR0LowAlloc",                          (void *)(uintptr_t)SUPR0LowAlloc },
@@ -2258 +2259 @@
 
             /* execute */
-            pReq->Hdr.rc = SUPR0QueryVTCaps(pSession, &pReq->u.Out.Caps);
+            pReq->Hdr.rc = SUPR0QueryVTCaps(pSession, &pReq->u.Out.fCaps);
             if (RT_FAILURE(pReq->Hdr.rc))
                 pReq->Hdr.cbOut = sizeof(pReq->Hdr);
@@ -2477 +2478 @@
 
             /* execute */
-            pReq->Hdr.rc = SUPR0QueryVTCaps(pSession, &pReq->u.Out.Caps);
+            pReq->Hdr.rc = SUPR0QueryVTCaps(pSession, &pReq->u.Out.fCaps);
             if (RT_FAILURE(pReq->Hdr.rc))
                 pReq->Hdr.cbOut = sizeof(pReq->Hdr);
@@ -4062 +4063 @@
 
 /**
+ * Checks if raw-mode is usable on this system.
+ *
+ * The reasons why raw-mode isn't safe to use are host specific.  For example on
+ * Windows the Hyper-V root partition may perhapse not allow important bits in
+ * CR4 to be changed, which would make it impossible to do a world switch.
+ *
+ * @returns VBox status code.
+ */
+SUPR0DECL(int) SUPR0GetRawModeUsability(void)
+{
+#ifdef RT_OS_WINDOWS
+    return supdrvOSGetRawModeUsability();
+#else
+    return VINF_SUCCESS;
+#endif
+}
+
+
+
+/**
  * Checks if Intel VT-x feature is usable on this CPU.
  *
@@ -4077 +4098 @@
 SUPR0DECL(int) SUPR0GetVmxUsability(bool *pfIsSmxModeAmbiguous)
 {
-    uint64_t   u64FeatMsr;
+    uint64_t   fFeatMsr;
     bool       fMaybeSmxMode;
     bool       fMsrLocked;
@@ -4087 +4108 @@
     Assert(!RTThreadPreemptIsEnabled(NIL_RTTHREAD));
 
-    u64FeatMsr          = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
+    fFeatMsr            = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
     fMaybeSmxMode       = RT_BOOL(ASMGetCR4() & X86_CR4_SMXE);
-    fMsrLocked          = RT_BOOL(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_LOCK);
-    fSmxVmxAllowed      = RT_BOOL(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
-    fVmxAllowed         = RT_BOOL(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_VMXON);
+    fMsrLocked          = RT_BOOL(fFeatMsr & MSR_IA32_FEATURE_CONTROL_LOCK);
+    fSmxVmxAllowed      = RT_BOOL(fFeatMsr & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
+    fVmxAllowed         = RT_BOOL(fFeatMsr & MSR_IA32_FEATURE_CONTROL_VMXON);
     fIsSmxModeAmbiguous = false;
     rc                  = VERR_INTERNAL_ERROR_5;
@@ -4149 +4170 @@
             fSmxVmxHwSupport = true;
 
-        u64FeatMsr |= MSR_IA32_FEATURE_CONTROL_LOCK
-                    | MSR_IA32_FEATURE_CONTROL_VMXON;
+        fFeatMsr |= MSR_IA32_FEATURE_CONTROL_LOCK
+                 |  MSR_IA32_FEATURE_CONTROL_VMXON;
         if (fSmxVmxHwSupport)
-            u64FeatMsr |= MSR_IA32_FEATURE_CONTROL_SMX_VMXON;
+            fFeatMsr |= MSR_IA32_FEATURE_CONTROL_SMX_VMXON;
 
         /*
          * Commit.
          */
-        ASMWrMsr(MSR_IA32_FEATURE_CONTROL, u64FeatMsr);
+        ASMWrMsr(MSR_IA32_FEATURE_CONTROL, fFeatMsr);
 
         /*
          * Verify.
          */
-        u64FeatMsr = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
-        fMsrLocked = RT_BOOL(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_LOCK);
+        fFeatMsr = ASMRdMsr(MSR_IA32_FEATURE_CONTROL);
+        fMsrLocked = RT_BOOL(fFeatMsr & MSR_IA32_FEATURE_CONTROL_LOCK);
         if (fMsrLocked)
         {
-            fSmxVmxAllowed = RT_BOOL(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
-            fVmxAllowed    = RT_BOOL(u64FeatMsr & MSR_IA32_FEATURE_CONTROL_VMXON);
+            fSmxVmxAllowed = RT_BOOL(fFeatMsr & MSR_IA32_FEATURE_CONTROL_SMX_VMXON);
+            fVmxAllowed    = RT_BOOL(fFeatMsr & MSR_IA32_FEATURE_CONTROL_VMXON);
             if (   fVmxAllowed
                 && (   !fSmxVmxHwSupport
                     || fSmxVmxAllowed))
-            {
                 rc = VINF_SUCCESS;
-            }
             else
                 rc = !fSmxVmxHwSupport ? VERR_VMX_MSR_VMX_ENABLE_FAILED : VERR_VMX_MSR_SMX_VMX_ENABLE_FAILED;

trunk/src/VBox/HostDrivers/Support/SUPDrvIOC.h

@@ -214 +214 @@
  * @remarks 0x002a0000 is used by 5.1. The next version number must be 0x002b0000.
  */
-#define SUPDRV_IOC_VERSION                              0x00290000
+#define SUPDRV_IOC_VERSION                              0x00290001
 
 /** SUP_IOCTL_COOKIE. */
@@ -1209 +1209 @@
         {
             /** The VT capability dword. */
-            uint32_t        Caps;
+            uint32_t        fCaps;
         } Out;
     } u;

trunk/src/VBox/HostDrivers/Support/SUPDrvInternal.h

@@ -850 +850 @@
 void VBOXCALL   supdrvOSResumeVTxOnCpu(bool fSuspended);
 int  VBOXCALL   supdrvOSGetCurrentGdtRw(RTHCUINTPTR *pGdtRw);
+int  VBOXCALL   supdrvOSGetRawModeUsability(void);
 
 /**

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

@@ -276 +276 @@
         strcpy(CookieReq.u.In.szMagic, SUPCOOKIE_MAGIC);
         CookieReq.u.In.u32ReqVersion = SUPDRV_IOC_VERSION;
-        const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x00280000
-                                   ? 0x00280002
+        const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x00290000
+                                   ? 0x00290001
                                    : SUPDRV_IOC_VERSION & 0xffff0000;
         CookieReq.u.In.u32MinVersion = uMinVersion;
@@ -1689 +1689 @@
     Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
     Req.Hdr.rc = VERR_INTERNAL_ERROR;
-    Req.u.Out.Caps = 0;
+    Req.u.Out.fCaps = 0;
     int rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_VT_CAPS, &Req, SUP_IOCTL_VT_CAPS_SIZE);
     if (RT_SUCCESS(rc))
@@ -1695 +1695 @@
         rc = Req.Hdr.rc;
         if (RT_SUCCESS(rc))
-            *pfCaps = Req.u.Out.Caps;
+            *pfCaps = Req.u.Out.fCaps;
     }
     return rc;

trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

@@ -46 +46 @@
 #include <iprt/spinlock.h>
 #include <iprt/string.h>
+#include <iprt/x86.h>
 #include <VBox/log.h>
 #include <VBox/err.h>
@@ -1873 +1874 @@
 
 
+/**
+ * Checks whether we're allowed by Hyper-V to modify CR4.
+ */
+int  VBOXCALL supdrvOSGetRawModeUsability(void)
+{
+    int rc = VINF_SUCCESS;
+
+#ifdef RT_ARCH_AMD64
+    /*
+     * Broadwell running W10 17083.100:
+     *        CR4: 0x170678
+     *  Evil mask: 0x170638
+     *      X86_CR4_SMEP        - evil
+     *      X86_CR4_FSGSBASE    - evil
+     *      X86_CR4_PCIDE       - evil
+     *      X86_CR4_OSXSAVE     - evil
+     *      X86_CR4_OSFXSR      - evil
+     *      X86_CR4_OSXMMEEXCPT - evil
+     *      X86_CR4_PSE         - evil
+     *      X86_CR4_PAE         - evil
+     *      X86_CR4_MCE         - okay
+     *      X86_CR4_DE          - evil
+     */
+    if (ASMHasCpuId())
+    {
+        uint32_t cStd = ASMCpuId_EAX(0);
+        if (ASMIsValidStdRange(cStd))
+        {
+            uint32_t uIgn         = 0;
+            uint32_t fEdxFeatures = 0;
+            uint32_t fEcxFeatures = 0;
+            ASMCpuIdExSlow(1, 0, 0, 0, &uIgn, &uIgn, &fEcxFeatures, &fEdxFeatures);
+            if (fEcxFeatures & X86_CPUID_FEATURE_ECX_HVP)
+            {
+                RTCCUINTREG  const fOldFlags    = ASMIntDisableFlags();
+                RTCCUINTXREG const fCr4         = ASMGetCR4();
+
+                RTCCUINTXREG const fSafeToClear = X86_CR4_TSD      | X86_CR4_DE     | X86_CR4_PGE  | X86_CR4_PCE
+                                                | X86_CR4_FSGSBASE | X86_CR4_PCIDE  | X86_CR4_SMEP | X86_CR4_SMAP
+                                                | X86_CR4_OSXSAVE  | X86_CR4_OSFXSR | X86_CR4_OSXMMEEXCPT;
+                RTCCUINTXREG       fLoadCr4     = fCr4 & ~fSafeToClear;
+                RTCCUINTXREG const fCleared     = fCr4 & fSafeToClear;
+                if (!(fCleared & X86_CR4_TSD) && (fEdxFeatures & X86_CPUID_FEATURE_EDX_TSC))
+                    fLoadCr4 |= X86_CR4_TSD;
+                if (!(fCleared & X86_CR4_PGE) && (fEdxFeatures & X86_CPUID_FEATURE_EDX_PGE))
+                    fLoadCr4 |= X86_CR4_PGE;
+                __try
+                {
+                    ASMSetCR4(fLoadCr4);
+                }
+                __except(EXCEPTION_EXECUTE_HANDLER)
+                {
+                    rc = VERR_SUPDRV_NO_RAW_MODE_HYPER_V_ROOT;
+                }
+                if (RT_SUCCESS(rc))
+                    ASMSetCR4(fCr4);
+                ASMSetFlags(fOldFlags);
+            }
+        }
+    }
+#endif
+    return rc;
+}
+
+
 #define MY_SystemLoadGdiDriverInSystemSpaceInformation  54
 #define MY_SystemUnloadGdiDriverInformation             27