Add support for the IA32_FEATURE_CONTROL MSR in bhyve
Certain guests (so far it's been observed with recent releases of Windows 10) attempt to read the
IA32_FEATURE_CONTROL msr which is involved with the Intel SGX support and related features (per the Intel SDM vol4). We currently do not support this MSR, requiring the
-w flag when running bhyve with such a guest.
Since we don't currently support SGX features in the guest, we can return
1 which indicates this MSR is locked and no further writes should be attempted (and with all features disabled).
Updated by Jason King 7 months ago
The existence of the
IA32_FEATURE_CONTROL MSR seems to be gated by CPU model (and in some older CPUs, further gated by the availability of VMX extensions as indicated by the CPUID instruction). All of the currently available features controlled by this MSR are also gated by capabilities advertised in various forms of the CPUID instruction (per the Intel SDM Vol 4). At this time, all of the relevant CPUID capabilities for all of the feature bit fields of this MSR are masked off (disabled). As such, we can merely return a value of
1, indicating that the features controlled by this MSR are not enabled, and changes to this MSR are locked (bit 1 set). If new bitfields are added to this MSR in the future, additional work may be needed depending on the nature of those fields, but with the information that's currently available, returning
1 should be valid and safe for guests.
While the MSR exists in some CPU models, and appears to conditionally exist in some earlier families, it appears that it's present for any CPU family that supports VMX. Since we only support vmm on a subset of Intel CPUs that all have VMX extensions (VMX is a necessary, but not sufficient feature), we don't need to be concerned at this time about gating access to the MSR based on CPU model. Since it's an architectural MSR, the wording in the Intel SDM suggests it should be present in any future CPUs as well. That is to say we should safely be able to assume the MSR will always exist anywhere we're using VMM on an Intel CPU.
Updated by Electric Monk 7 months ago
- Status changed from New to Closed
- % Done changed from 0 to 100
commit c9b7e76beb4142d3c99edad5ef93094464805881 Author: Jason King <firstname.lastname@example.org> Date: 2020-10-15T16:57:08.000Z 13220 Add support for the IA32_FEATURE_CONTROL MSR in bhyve Reviewed by: Patrick Mooney <email@example.com> Reviewed by: Toomas Soome <firstname.lastname@example.org> Reviewed by: Mike Zeller <email@example.com> Approved by: Robert Mustacchi <firstname.lastname@example.org>