[tor-commits] [tor-browser-bundle/maint-5.0] Bug #16866: include kvm-ok and use it on Debian

gk at torproject.org gk at torproject.org
Mon Aug 24 13:02:10 UTC 2015


commit ec4d734e654750492de727ee221bafa254754440
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Mon Aug 24 13:11:00 2015 +0200

    Bug #16866: include kvm-ok and use it on Debian
---
 gitian/check-prerequisites.sh |   10 +++-
 tools/kvm-ok                  |  105 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 113 insertions(+), 2 deletions(-)

diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index b36fca7..8518ffe 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -88,10 +88,16 @@ then
   exit 1
 fi
 
-kvm-ok > /dev/null
+if [ $DISTRO = "Debian" ];
+then
+    kvm_ok=../tools/kvm-ok
+else
+    kvm_ok=kvm-ok
+fi
+$kvm_ok > /dev/null
 if [ $? -ne 0 -a "z$USE_LXC" != "z1" ];
 then
-  kvm-ok
+  $kvm_ok
   echo
   echo "Most likely, this means you will need to use LXC."
   echo
diff --git a/tools/kvm-ok b/tools/kvm-ok
new file mode 100755
index 0000000..5040935
--- /dev/null
+++ b/tools/kvm-ok
@@ -0,0 +1,105 @@
+#!/bin/sh
+#
+# kvm-ok - check whether the CPU we're running on supports KVM acceleration
+# Copyright (C) 2008-2010 Canonical Ltd.
+#
+# Authors:
+#  Dustin Kirkland <kirkland at canonical.com>
+#  Kees Cook <kees.cook at canonical.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3,
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+set -e
+
+assert_root() {
+	if [ "$(id -u)" != "0" ]; then
+		echo "INFO: For more detailed results, you should run this as root"
+		echo "HINT:   sudo $0"
+		exit 1
+	fi
+}
+
+verdict() {
+	# Print verdict
+	if [ "$1" = "0" ]; then
+		echo "KVM acceleration can be used"
+		exit 0
+	else
+		echo "KVM acceleration can NOT be used"
+		exit 1
+	fi
+}
+
+# check cpu flags for capability
+virt=$(egrep -m1 -w '^flags[[:blank:]]*:' /proc/cpuinfo | egrep -wo '(vmx|svm)') || true
+[ "$virt" = "vmx" ] && brand="intel"
+[ "$virt" = "svm" ] && brand="amd"
+
+if [ -z "$virt" ]; then
+	echo "INFO: Your CPU does not support KVM extensions"
+	assert_root
+	verdict 1
+fi
+
+# Now, check that the device exists
+if [ -e /dev/kvm ]; then
+	echo "INFO: /dev/kvm exists"
+	verdict 0
+else
+	echo "INFO: /dev/kvm does not exist"
+	echo "HINT:   sudo modprobe kvm_$brand"
+fi
+
+assert_root
+
+# Prepare MSR access
+msr="/dev/cpu/0/msr"
+if [ ! -r "$msr" ]; then
+	modprobe msr
+fi
+if [ ! -r "$msr" ]; then
+	echo "You must be root to run this check." >&2
+	exit 2
+fi
+
+echo "INFO: Your CPU supports KVM extensions"
+
+disabled=0
+# check brand-specific registers
+if [ "$virt" = "vmx" ]; then
+        BIT=$(rdmsr --bitfield 0:0 0x3a 2>/dev/null || true)
+        if [ "$BIT" = "1" ]; then
+                # and FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX clear (no tboot)
+                BIT=$(rdmsr --bitfield 2:2 0x3a 2>/dev/null || true)
+                if [ "$BIT" = "0" ]; then
+			disabled=1
+                fi
+        fi
+
+elif [ "$virt" = "svm" ]; then
+        BIT=$(rdmsr --bitfield 4:4 0xc0010114 2>/dev/null || true)
+        if [ "$BIT" = "1" ]; then
+		disabled=1
+        fi
+else
+	echo "FAIL: Unknown virtualization extension: $virt"
+	verdict 1
+fi
+
+if [ "$disabled" -eq 1 ]; then
+	echo "INFO: KVM ($virt) is disabled by your BIOS"
+	echo "HINT: Enter your BIOS setup and enable Virtualization Technology (VT),"
+	echo "      and then hard poweroff/poweron your system"
+	verdict 1
+fi
+
+verdict 0



More information about the tor-commits mailing list