• Sean Christopherson's avatar
    x86/intel: Initialize IA32_FEAT_CTL MSR at boot · 1db2a6e1
    Sean Christopherson authored
    Opportunistically initialize IA32_FEAT_CTL to enable VMX when the MSR is
    left unlocked by BIOS.  Configuring feature control at boot time paves
    the way for similar enabling of other features, e.g. Software Guard
    Extensions (SGX).
    
    Temporarily leave equivalent KVM code in place in order to avoid
    introducing a regression on Centaur and Zhaoxin CPUs, e.g. removing
    KVM's code would leave the MSR unlocked on those CPUs and would break
    existing functionality if people are loading kvm_intel on Centaur and/or
    Zhaoxin.  Defer enablement of the boot-time configuration on Centaur and
    Zhaoxin to future patches to aid bisection.
    
    Note, Local Machine Check Exceptions (LMCE) are also supported by the
    kernel and enabled via feature control, but the kernel currently uses
    LMCE if and only if the feature is explicitly enabled by BIOS.  Keep
    the current behavior to avoid introducing bugs, future patches can opt
    in to opportunistic enabling if it's deemed desirable to do so.
    
    Always lock IA32_FEAT_CTL if it exists, even if the CPU doesn't support
    VMX, so that other existing and future kernel code that queries the MSR
    can assume it's locked.
    
    Start from a clean slate when constructing the value to write to
    IA32_FEAT_CTL, i.e. ignore whatever value BIOS left in the MSR so as not
    to enable random features or fault on the WRMSR.
    Suggested-by: default avatarBorislav Petkov <bp@suse.de>
    Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Link: https://lkml.kernel.org/r/20191221044513.21680-5-sean.j.christopherson@intel.com
    1db2a6e1
Makefile 1.83 KB