Project

General

Profile

Feature #13220

Add support for the IA32_FEATURE_CONTROL MSR in bhyve

Added by Jason King about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
bhyve
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Certain guests (so far it's been observed with recent releases of Windows 10) attempt to read the IA32_FEATURE_CONTROL msr which is involved with the Intel SGX support and related features (per the Intel SDM vol4). We currently do not support this MSR, requiring the -w flag when running bhyve with such a guest.

Since we don't currently support SGX features in the guest, we can return 1 which indicates this MSR is locked and no further writes should be attempted (and with all features disabled).

#1

Updated by Electric Monk about 2 months ago

  • Gerrit CR set to 974
#2

Updated by Jason King about 1 month ago

The existence of the IA32_FEATURE_CONTROL MSR seems to be gated by CPU model (and in some older CPUs, further gated by the availability of VMX extensions as indicated by the CPUID instruction). All of the currently available features controlled by this MSR are also gated by capabilities advertised in various forms of the CPUID instruction (per the Intel SDM Vol 4). At this time, all of the relevant CPUID capabilities for all of the feature bit fields of this MSR are masked off (disabled). As such, we can merely return a value of 1, indicating that the features controlled by this MSR are not enabled, and changes to this MSR are locked (bit 1 set). If new bitfields are added to this MSR in the future, additional work may be needed depending on the nature of those fields, but with the information that's currently available, returning 1 should be valid and safe for guests.

While the MSR exists in some CPU models, and appears to conditionally exist in some earlier families, it appears that it's present for any CPU family that supports VMX. Since we only support vmm on a subset of Intel CPUs that all have VMX extensions (VMX is a necessary, but not sufficient feature), we don't need to be concerned at this time about gating access to the MSR based on CPU model. Since it's an architectural MSR, the wording in the Intel SDM suggests it should be present in any future CPUs as well. That is to say we should safely be able to assume the MSR will always exist anywhere we're using VMM on an Intel CPU.

#3

Updated by Gernot Strasser about 1 month ago

After applying this fix I was able to get my Windows 10 clients to the latest update 2004.
Without this fix the clients hung infinitely at boot after applying the Mai update.

#4

Updated by Jason King about 1 month ago

For testing, dtrace -n 'vmx_rdmsr:entry /arg2 == 0x3a/ {}' was run while booting a win10 VM. The probe fired and the win10 VM booted normally.

#5

Updated by Electric Monk about 1 month ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit c9b7e76beb4142d3c99edad5ef93094464805881

commit  c9b7e76beb4142d3c99edad5ef93094464805881
Author: Jason King <jason.king@joyent.com>
Date:   2020-10-15T16:57:08.000Z

    13220 Add support for the IA32_FEATURE_CONTROL MSR in bhyve
    Reviewed by: Patrick Mooney <pmooney@pfmooney.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Mike Zeller <mike.zeller@joyent.com>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Also available in: Atom PDF