Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Mon, Oct 01, 2007 at 11:45:22PM +0200, Andi Kleen wrote: > > > > feature flag does not disappear when its disabled. But because with CPUs > > having the SVM-lock feature it can be re-enabled in a secure way under > > some circumstances > > Who would reenable it in what circumstances? I plan to implement the ability to re-enable it into the SVM module of KVM. The key required for this will be passed as a module parameter. Joerg - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
> feature flag does not disappear when its disabled. But because with CPUs > having the SVM-lock feature it can be re-enabled in a secure way under > some circumstances Who would reenable it in what circumstances? -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Mon, Oct 01, 2007 at 06:47:50PM +0200, Andi Kleen wrote: > On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote: > > I don't think we need this patch. When SVM is disabled KVM will tell on > > module load. > > The point is that people often want to know in advance (before they > even try to use KVM or Xen) if their CPU and BIOS supports this. If the CPU supports SVM this is visible to the user because the SVM feature flag does not disappear when its disabled. But because with CPUs having the SVM-lock feature it can be re-enabled in a secure way under some circumstances the information in /proc/cpuinfo will not be reliable. Maybe we can check for it in identify_cpu() and print to the kernel log if its disabled? It will be visible to the user through dmesg. Joerg - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote: > I don't think we need this patch. When SVM is disabled KVM will tell on > module load. The point is that people often want to know in advance (before they even try to use KVM or Xen) if their CPU and BIOS supports this. > Further with SVM-lock it will be possible to re-enable SVM > even if it was disabled by BIOS using a key. In this case the user of > SVM has to clear the capability bit you set in this patch for all cpus. Not sure I follow you. Can you clarify? What exactly needs to be done to do a full non reversible lock? -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote: I don't think we need this patch. When SVM is disabled KVM will tell on module load. The point is that people often want to know in advance (before they even try to use KVM or Xen) if their CPU and BIOS supports this. Further with SVM-lock it will be possible to re-enable SVM even if it was disabled by BIOS using a key. In this case the user of SVM has to clear the capability bit you set in this patch for all cpus. Not sure I follow you. Can you clarify? What exactly needs to be done to do a full non reversible lock? -Andi - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Mon, Oct 01, 2007 at 06:47:50PM +0200, Andi Kleen wrote: On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote: I don't think we need this patch. When SVM is disabled KVM will tell on module load. The point is that people often want to know in advance (before they even try to use KVM or Xen) if their CPU and BIOS supports this. If the CPU supports SVM this is visible to the user because the SVM feature flag does not disappear when its disabled. But because with CPUs having the SVM-lock feature it can be re-enabled in a secure way under some circumstances the information in /proc/cpuinfo will not be reliable. Maybe we can check for it in identify_cpu() and print to the kernel log if its disabled? It will be visible to the user through dmesg. Joerg - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
feature flag does not disappear when its disabled. But because with CPUs having the SVM-lock feature it can be re-enabled in a secure way under some circumstances Who would reenable it in what circumstances? -Andi - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Mon, Oct 01, 2007 at 11:45:22PM +0200, Andi Kleen wrote: feature flag does not disappear when its disabled. But because with CPUs having the SVM-lock feature it can be re-enabled in a secure way under some circumstances Who would reenable it in what circumstances? I plan to implement the ability to re-enable it into the SVM module of KVM. The key required for this will be passed as a module parameter. Joerg - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Sat, 2007-09-22 at 00:32 +0200, Andi Kleen wrote: > Also allow to set svm lock. Please use two separate patches. The detection and cpuinfo display is not related to set svm lock. > TBD double check, documentation, i386 support Yes, documentation would be useful. See below. > Signed-off-by: Andi Kleen <[EMAIL PROTECTED]> > > --- > arch/x86_64/kernel/setup.c| 25 +++-- > include/asm-i386/cpufeature.h |1 + > include/asm-i386/msr-index.h |3 +++ > 3 files changed, 27 insertions(+), 2 deletions(-) > > Index: linux/arch/x86_64/kernel/setup.c > === > --- linux.orig/arch/x86_64/kernel/setup.c > +++ linux/arch/x86_64/kernel/setup.c > @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str > > static void __cpuinit init_amd(struct cpuinfo_x86 *c) > { > - unsigned level; > + unsigned level, flags, dummy; > > #ifdef CONFIG_SMP > unsigned long value; > @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp > /* Family 10 doesn't support C states in MWAIT so don't use it */ > if (c->x86 == 0x10 && !force_mwait) > clear_bit(X86_FEATURE_MWAIT, >x86_capability); > + > + if (c->x86 >= 0xf && c->x86 <= 0x11 && > + !rdmsr_safe(MSR_VM_CR, , ) && > + (flags & 0x18)) > + set_bit(X86_FEATURE_VIRT_DISABLED, >x86_capability); Why the check for 0x18 And please can we use understandable constants for this. bit 3 (SVM_LOCK) controls only the writeability of bit 4 (SVME_DISABLE), which controls whether SVM is allowed to be enabled or not. bit 3 bit 4 0 0 SVM can be enabled in EFER, SVME_DISABLE is writeable 1 0 SVM can be enabled in EFER, SVME_DISABLE is not writeable 0 1 SVM can not be enabled in EFER, SVME_DISABLE is writeable 1 1 SVM can not be enabled in EFER, SVME_DISABLE is not writeable So SVM is disabled, when bit 4 is set. > +} > + > +static int enable_svm_lock(char *s) > +{ > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD && > + boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) { > + unsigned a,b; > + if (rdmsr_safe(MSR_VM_CR, , )) > + return 0; > + a |= (1 << 3); /* set SVM lock */ SVM_LOCK is read only according to data sheet. You can set bit 4 (SVME_DISABLE) to prevent KVM or what else using that feature. tglx - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
I don't think we need this patch. When SVM is disabled KVM will tell on module load. Further with SVM-lock it will be possible to re-enable SVM even if it was disabled by BIOS using a key. In this case the user of SVM has to clear the capability bit you set in this patch for all cpus. On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote: > > Also allow to set svm lock. > > TBD double check, documentation, i386 support > > Signed-off-by: Andi Kleen <[EMAIL PROTECTED]> > > --- > arch/x86_64/kernel/setup.c| 25 +++-- > include/asm-i386/cpufeature.h |1 + > include/asm-i386/msr-index.h |3 +++ > 3 files changed, 27 insertions(+), 2 deletions(-) > > Index: linux/arch/x86_64/kernel/setup.c > === > --- linux.orig/arch/x86_64/kernel/setup.c > +++ linux/arch/x86_64/kernel/setup.c > @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str > > static void __cpuinit init_amd(struct cpuinfo_x86 *c) > { > - unsigned level; > + unsigned level, flags, dummy; > > #ifdef CONFIG_SMP > unsigned long value; > @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp > /* Family 10 doesn't support C states in MWAIT so don't use it */ > if (c->x86 == 0x10 && !force_mwait) > clear_bit(X86_FEATURE_MWAIT, >x86_capability); > + > + if (c->x86 >= 0xf && c->x86 <= 0x11 && > + !rdmsr_safe(MSR_VM_CR, , ) && > + (flags & 0x18)) > + set_bit(X86_FEATURE_VIRT_DISABLED, >x86_capability); > +} > + > +static int enable_svm_lock(char *s) > +{ > + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD && > + boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) { > + unsigned a,b; > + if (rdmsr_safe(MSR_VM_CR, , )) > + return 0; > + a |= (1 << 3); /* set SVM lock */ > + if (!wrmsr_safe(MSR_VM_CR, , )) > + return 1; > + } > + printk(KERN_ERR "CPU does not support svm_lock\n"); > + return 0; > } > +__setup("svm_lock", enable_svm_lock); > > static void __cpuinit detect_ht(struct cpuinfo_x86 *c) > { > @@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file > NULL, NULL, NULL, NULL, > "constant_tsc", "up", NULL, "arch_perfmon", > "pebs", "bts", NULL, "sync_rdtsc", > - "rep_good", NULL, NULL, NULL, NULL, NULL, NULL, NULL, > + "rep_good", "virtualization_bios_disabled", NULL, NULL, NULL, > NULL, NULL, NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > > /* Intel-defined (#2) */ > Index: linux/include/asm-i386/cpufeature.h > === > --- linux.orig/include/asm-i386/cpufeature.h > +++ linux/include/asm-i386/cpufeature.h > @@ -82,6 +82,7 @@ > /* 14 free */ > #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the > CPU */ > #define X86_FEATURE_REP_GOOD (3*32+16) /* rep microcode works well on this > CPU */ > +#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled > */ > > /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */ > #define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */ > Index: linux/include/asm-i386/msr-index.h > === > --- linux.orig/include/asm-i386/msr-index.h > +++ linux/include/asm-i386/msr-index.h > @@ -98,6 +98,9 @@ > #define K8_MTRRFIXRANGE_DRAM_MODIFY 0x0008 /* MtrrFixDramModEn bit */ > #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem*/ > > +/* SVM */ > +#define MSR_VM_CR 0xc0010114 > + > /* K7 MSRs */ > #define MSR_K7_EVNTSEL0 0xc001 > #define MSR_K7_PERFCTR0 0xc0010004 > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote: > > Also allow to set svm lock. > > TBD double check, documentation, i386 support > > Signed-off-by: Andi Kleen <[EMAIL PROTECTED]> Could we have this patch tagged with x86 instead of "Experimental" in subject. Sam - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote: Also allow to set svm lock. TBD double check, documentation, i386 support Signed-off-by: Andi Kleen [EMAIL PROTECTED] Could we have this patch tagged with x86 instead of Experimental in subject. Sam - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
I don't think we need this patch. When SVM is disabled KVM will tell on module load. Further with SVM-lock it will be possible to re-enable SVM even if it was disabled by BIOS using a key. In this case the user of SVM has to clear the capability bit you set in this patch for all cpus. On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote: Also allow to set svm lock. TBD double check, documentation, i386 support Signed-off-by: Andi Kleen [EMAIL PROTECTED] --- arch/x86_64/kernel/setup.c| 25 +++-- include/asm-i386/cpufeature.h |1 + include/asm-i386/msr-index.h |3 +++ 3 files changed, 27 insertions(+), 2 deletions(-) Index: linux/arch/x86_64/kernel/setup.c === --- linux.orig/arch/x86_64/kernel/setup.c +++ linux/arch/x86_64/kernel/setup.c @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str static void __cpuinit init_amd(struct cpuinfo_x86 *c) { - unsigned level; + unsigned level, flags, dummy; #ifdef CONFIG_SMP unsigned long value; @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp /* Family 10 doesn't support C states in MWAIT so don't use it */ if (c-x86 == 0x10 !force_mwait) clear_bit(X86_FEATURE_MWAIT, c-x86_capability); + + if (c-x86 = 0xf c-x86 = 0x11 + !rdmsr_safe(MSR_VM_CR, flags, dummy) + (flags 0x18)) + set_bit(X86_FEATURE_VIRT_DISABLED, c-x86_capability); +} + +static int enable_svm_lock(char *s) +{ + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD + boot_cpu_data.x86 = 0xf boot_cpu_data.x86 = 0x11) { + unsigned a,b; + if (rdmsr_safe(MSR_VM_CR, a, b)) + return 0; + a |= (1 3); /* set SVM lock */ + if (!wrmsr_safe(MSR_VM_CR, a, b)) + return 1; + } + printk(KERN_ERR CPU does not support svm_lock\n); + return 0; } +__setup(svm_lock, enable_svm_lock); static void __cpuinit detect_ht(struct cpuinfo_x86 *c) { @@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file NULL, NULL, NULL, NULL, constant_tsc, up, NULL, arch_perfmon, pebs, bts, NULL, sync_rdtsc, - rep_good, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + rep_good, virtualization_bios_disabled, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* Intel-defined (#2) */ Index: linux/include/asm-i386/cpufeature.h === --- linux.orig/include/asm-i386/cpufeature.h +++ linux/include/asm-i386/cpufeature.h @@ -82,6 +82,7 @@ /* 14 free */ #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the CPU */ #define X86_FEATURE_REP_GOOD (3*32+16) /* rep microcode works well on this CPU */ +#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled */ /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */ #define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */ Index: linux/include/asm-i386/msr-index.h === --- linux.orig/include/asm-i386/msr-index.h +++ linux/include/asm-i386/msr-index.h @@ -98,6 +98,9 @@ #define K8_MTRRFIXRANGE_DRAM_MODIFY 0x0008 /* MtrrFixDramModEn bit */ #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem*/ +/* SVM */ +#define MSR_VM_CR 0xc0010114 + /* K7 MSRs */ #define MSR_K7_EVNTSEL0 0xc001 #define MSR_K7_PERFCTR0 0xc0010004 - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
On Sat, 2007-09-22 at 00:32 +0200, Andi Kleen wrote: Also allow to set svm lock. Please use two separate patches. The detection and cpuinfo display is not related to set svm lock. TBD double check, documentation, i386 support Yes, documentation would be useful. See below. Signed-off-by: Andi Kleen [EMAIL PROTECTED] --- arch/x86_64/kernel/setup.c| 25 +++-- include/asm-i386/cpufeature.h |1 + include/asm-i386/msr-index.h |3 +++ 3 files changed, 27 insertions(+), 2 deletions(-) Index: linux/arch/x86_64/kernel/setup.c === --- linux.orig/arch/x86_64/kernel/setup.c +++ linux/arch/x86_64/kernel/setup.c @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str static void __cpuinit init_amd(struct cpuinfo_x86 *c) { - unsigned level; + unsigned level, flags, dummy; #ifdef CONFIG_SMP unsigned long value; @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp /* Family 10 doesn't support C states in MWAIT so don't use it */ if (c-x86 == 0x10 !force_mwait) clear_bit(X86_FEATURE_MWAIT, c-x86_capability); + + if (c-x86 = 0xf c-x86 = 0x11 + !rdmsr_safe(MSR_VM_CR, flags, dummy) + (flags 0x18)) + set_bit(X86_FEATURE_VIRT_DISABLED, c-x86_capability); Why the check for 0x18 And please can we use understandable constants for this. bit 3 (SVM_LOCK) controls only the writeability of bit 4 (SVME_DISABLE), which controls whether SVM is allowed to be enabled or not. bit 3 bit 4 0 0 SVM can be enabled in EFER, SVME_DISABLE is writeable 1 0 SVM can be enabled in EFER, SVME_DISABLE is not writeable 0 1 SVM can not be enabled in EFER, SVME_DISABLE is writeable 1 1 SVM can not be enabled in EFER, SVME_DISABLE is not writeable So SVM is disabled, when bit 4 is set. +} + +static int enable_svm_lock(char *s) +{ + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD + boot_cpu_data.x86 = 0xf boot_cpu_data.x86 = 0x11) { + unsigned a,b; + if (rdmsr_safe(MSR_VM_CR, a, b)) + return 0; + a |= (1 3); /* set SVM lock */ SVM_LOCK is read only according to data sheet. You can set bit 4 (SVME_DISABLE) to prevent KVM or what else using that feature. tglx - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
Also allow to set svm lock. TBD double check, documentation, i386 support Signed-off-by: Andi Kleen <[EMAIL PROTECTED]> --- arch/x86_64/kernel/setup.c| 25 +++-- include/asm-i386/cpufeature.h |1 + include/asm-i386/msr-index.h |3 +++ 3 files changed, 27 insertions(+), 2 deletions(-) Index: linux/arch/x86_64/kernel/setup.c === --- linux.orig/arch/x86_64/kernel/setup.c +++ linux/arch/x86_64/kernel/setup.c @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str static void __cpuinit init_amd(struct cpuinfo_x86 *c) { - unsigned level; + unsigned level, flags, dummy; #ifdef CONFIG_SMP unsigned long value; @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp /* Family 10 doesn't support C states in MWAIT so don't use it */ if (c->x86 == 0x10 && !force_mwait) clear_bit(X86_FEATURE_MWAIT, >x86_capability); + + if (c->x86 >= 0xf && c->x86 <= 0x11 && + !rdmsr_safe(MSR_VM_CR, , ) && + (flags & 0x18)) + set_bit(X86_FEATURE_VIRT_DISABLED, >x86_capability); +} + +static int enable_svm_lock(char *s) +{ + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD && + boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) { + unsigned a,b; + if (rdmsr_safe(MSR_VM_CR, , )) + return 0; + a |= (1 << 3); /* set SVM lock */ + if (!wrmsr_safe(MSR_VM_CR, , )) + return 1; + } + printk(KERN_ERR "CPU does not support svm_lock\n"); + return 0; } +__setup("svm_lock", enable_svm_lock); static void __cpuinit detect_ht(struct cpuinfo_x86 *c) { @@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file NULL, NULL, NULL, NULL, "constant_tsc", "up", NULL, "arch_perfmon", "pebs", "bts", NULL, "sync_rdtsc", - "rep_good", NULL, NULL, NULL, NULL, NULL, NULL, NULL, + "rep_good", "virtualization_bios_disabled", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* Intel-defined (#2) */ Index: linux/include/asm-i386/cpufeature.h === --- linux.orig/include/asm-i386/cpufeature.h +++ linux/include/asm-i386/cpufeature.h @@ -82,6 +82,7 @@ /* 14 free */ #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the CPU */ #define X86_FEATURE_REP_GOOD (3*32+16) /* rep microcode works well on this CPU */ +#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled */ /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */ #define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */ Index: linux/include/asm-i386/msr-index.h === --- linux.orig/include/asm-i386/msr-index.h +++ linux/include/asm-i386/msr-index.h @@ -98,6 +98,9 @@ #define K8_MTRRFIXRANGE_DRAM_MODIFY0x0008 /* MtrrFixDramModEn bit */ #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem*/ +/* SVM */ +#define MSR_VM_CR 0xc0010114 + /* K7 MSRs */ #define MSR_K7_EVNTSEL00xc001 #define MSR_K7_PERFCTR00xc0010004 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS
Also allow to set svm lock. TBD double check, documentation, i386 support Signed-off-by: Andi Kleen [EMAIL PROTECTED] --- arch/x86_64/kernel/setup.c| 25 +++-- include/asm-i386/cpufeature.h |1 + include/asm-i386/msr-index.h |3 +++ 3 files changed, 27 insertions(+), 2 deletions(-) Index: linux/arch/x86_64/kernel/setup.c === --- linux.orig/arch/x86_64/kernel/setup.c +++ linux/arch/x86_64/kernel/setup.c @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str static void __cpuinit init_amd(struct cpuinfo_x86 *c) { - unsigned level; + unsigned level, flags, dummy; #ifdef CONFIG_SMP unsigned long value; @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp /* Family 10 doesn't support C states in MWAIT so don't use it */ if (c-x86 == 0x10 !force_mwait) clear_bit(X86_FEATURE_MWAIT, c-x86_capability); + + if (c-x86 = 0xf c-x86 = 0x11 + !rdmsr_safe(MSR_VM_CR, flags, dummy) + (flags 0x18)) + set_bit(X86_FEATURE_VIRT_DISABLED, c-x86_capability); +} + +static int enable_svm_lock(char *s) +{ + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD + boot_cpu_data.x86 = 0xf boot_cpu_data.x86 = 0x11) { + unsigned a,b; + if (rdmsr_safe(MSR_VM_CR, a, b)) + return 0; + a |= (1 3); /* set SVM lock */ + if (!wrmsr_safe(MSR_VM_CR, a, b)) + return 1; + } + printk(KERN_ERR CPU does not support svm_lock\n); + return 0; } +__setup(svm_lock, enable_svm_lock); static void __cpuinit detect_ht(struct cpuinfo_x86 *c) { @@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file NULL, NULL, NULL, NULL, constant_tsc, up, NULL, arch_perfmon, pebs, bts, NULL, sync_rdtsc, - rep_good, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + rep_good, virtualization_bios_disabled, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* Intel-defined (#2) */ Index: linux/include/asm-i386/cpufeature.h === --- linux.orig/include/asm-i386/cpufeature.h +++ linux/include/asm-i386/cpufeature.h @@ -82,6 +82,7 @@ /* 14 free */ #define X86_FEATURE_SYNC_RDTSC (3*32+15) /* RDTSC synchronizes the CPU */ #define X86_FEATURE_REP_GOOD (3*32+16) /* rep microcode works well on this CPU */ +#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled */ /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */ #define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */ Index: linux/include/asm-i386/msr-index.h === --- linux.orig/include/asm-i386/msr-index.h +++ linux/include/asm-i386/msr-index.h @@ -98,6 +98,9 @@ #define K8_MTRRFIXRANGE_DRAM_MODIFY0x0008 /* MtrrFixDramModEn bit */ #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem*/ +/* SVM */ +#define MSR_VM_CR 0xc0010114 + /* K7 MSRs */ #define MSR_K7_EVNTSEL00xc001 #define MSR_K7_PERFCTR00xc0010004 - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/