From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [PATCH 1/4] Fix tboot enabled macro
Date: Thu, 27 May 2010 11:23:37 +0200
Message-ID: <4BFE3A19.6060603@siemens.com>
References: <4BFC9686.9050300@redhat.com> <4BFCCCFD.20203@web.de> <4BFCDDFB.9010505@redhat.com> <D5AB6E638E5A3E4B8F4406B113A5A19A1E85890F@shsmsx501.ccr.corp.intel.com> <4BFCFA6F.8030000@siemens.com> <D5AB6E638E5A3E4B8F4406B113A5A19A1E858C54@shsmsx501.ccr.corp.intel.com> <4BFE2F0B.9010406@siemens.com> <D5AB6E638E5A3E4B8F4406B113A5A19A1E858CEE@shsmsx501.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@redhat.com>, Zachary Amsden <zamsden@redhat.com>,
	kvm <kvm@vger.kernel.org>, Gleb Natapov <gleb@redhat.com>,
	"Cihula, Joseph" <joseph.cihula@intel.com>
To: "Wang, Shane" <shane.wang@intel.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from thoth.sbs.de ([192.35.17.2]:22295 "EHLO thoth.sbs.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S933159Ab0E0JX4 (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 27 May 2010 05:23:56 -0400
In-Reply-To: <D5AB6E638E5A3E4B8F4406B113A5A19A1E858CEE@shsmsx501.ccr.corp.intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Wang, Shane wrote:
> Jan Kiszka wrote:
>> If TXT is on and VT is locked but KVM sees tboot_enabled == 0, it
>> won't check for FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX during setup
>> and may consider VT unavailable.
> 
> If vt is locked, txt is on, tboot_enabled = 0, then it will check VMXON_OUTSIDE_SMX.
> But at this point, if vt is on (still locked), the fn will return 0, which means vmx is not disabled by bios, correct?
> 
> 
>> Moreover, if VT is not locked in that case, KVM will also not set
>> FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX during hardware_enable,
>> likely leaving VT off then, no? 
> 
> Sure, KVM will not set VMXON_INSIDE_SMX, but will set VMXON_OUTSIDE_SMX.
> In that case, this means vt is on.
> 
>> So my question is: Would it cause any harm to assume TXT being always
>> on, even if it wasn't?
> 
> A bit confused.
> Do you mean hardware TXT always on, i.e. set FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX = 1 always?
> That's fine. No problem. No harm.
> Or, do you mean set tboot_enabled = 1 always? 

The latter. As we have no clue about the actual state (tboot is not
exported on older kernels), we are forced to assume some reasonable state.

> if so, in case that the hardware TXT is disabled
> (FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX = 0), then KVM will think vmx is disabled if feature msr is locked.

Then let's leave it as it was before the tboot changes to VMX: assume
!tboot_enabled().

Thanks for explaining,
Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux