subject:"\[PATCH\] \[19\/50\] Experimental\: detect if SVM is disabled by BIOS"

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Joerg Roedel

On Mon, Oct 01, 2007 at 11:45:22PM +0200, Andi Kleen wrote:
> 
> 
> > feature flag does not disappear when its disabled. But because with CPUs
> > having the SVM-lock feature it can be re-enabled in a secure way under
> > some circumstances
> 
> Who would reenable it in what circumstances?

I plan to implement the ability to re-enable it into the SVM module of KVM.
The key required for this will be passed as a module parameter.

Joerg
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Andi Kleen



> feature flag does not disappear when its disabled. But because with CPUs
> having the SVM-lock feature it can be re-enabled in a secure way under
> some circumstances

Who would reenable it in what circumstances? 

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Joerg Roedel

On Mon, Oct 01, 2007 at 06:47:50PM +0200, Andi Kleen wrote:
> On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote:
> > I don't think we need this patch. When SVM is disabled KVM will tell on
> > module load. 
> 
> The point is that people often want to know in advance (before they
> even try to use KVM or Xen) if their CPU and BIOS supports this.

If the CPU supports SVM this is visible to the user because the SVM
feature flag does not disappear when its disabled. But because with CPUs
having the SVM-lock feature it can be re-enabled in a secure way under
some circumstances the information in /proc/cpuinfo will not be
reliable. Maybe we can check for it in identify_cpu() and print to the
kernel log if its disabled? It will be visible to the user through
dmesg.

Joerg
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Andi Kleen

On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote:
> I don't think we need this patch. When SVM is disabled KVM will tell on
> module load. 

The point is that people often want to know in advance (before they
even try to use KVM or Xen) if their CPU and BIOS supports this.

> Further with SVM-lock it will be possible to re-enable SVM 
> even if it was disabled by BIOS using a key. In this case the user of
> SVM has to clear the capability bit you set in this patch for all cpus.

Not sure I follow you. Can you clarify?  What exactly needs to be
done to do a full non reversible lock? 

-Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Andi Kleen

On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote:
 I don't think we need this patch. When SVM is disabled KVM will tell on
 module load. 

The point is that people often want to know in advance (before they
even try to use KVM or Xen) if their CPU and BIOS supports this.

 Further with SVM-lock it will be possible to re-enable SVM 
 even if it was disabled by BIOS using a key. In this case the user of
 SVM has to clear the capability bit you set in this patch for all cpus.

Not sure I follow you. Can you clarify?  What exactly needs to be
done to do a full non reversible lock? 

-Andi

-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Joerg Roedel

On Mon, Oct 01, 2007 at 06:47:50PM +0200, Andi Kleen wrote:
 On Saturday 22 September 2007 11:17:08 Joerg Roedel wrote:
  I don't think we need this patch. When SVM is disabled KVM will tell on
  module load. 
 
 The point is that people often want to know in advance (before they
 even try to use KVM or Xen) if their CPU and BIOS supports this.

If the CPU supports SVM this is visible to the user because the SVM
feature flag does not disappear when its disabled. But because with CPUs
having the SVM-lock feature it can be re-enabled in a secure way under
some circumstances the information in /proc/cpuinfo will not be
reliable. Maybe we can check for it in identify_cpu() and print to the
kernel log if its disabled? It will be visible to the user through
dmesg.

Joerg
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Andi Kleen



 feature flag does not disappear when its disabled. But because with CPUs
 having the SVM-lock feature it can be re-enabled in a secure way under
 some circumstances

Who would reenable it in what circumstances? 

-Andi

-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-10-01 Thread Joerg Roedel

On Mon, Oct 01, 2007 at 11:45:22PM +0200, Andi Kleen wrote:
 
 
  feature flag does not disappear when its disabled. But because with CPUs
  having the SVM-lock feature it can be re-enabled in a secure way under
  some circumstances
 
 Who would reenable it in what circumstances?

I plan to implement the ability to re-enable it into the SVM module of KVM.
The key required for this will be passed as a module parameter.

Joerg
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-22 Thread Thomas Gleixner

On Sat, 2007-09-22 at 00:32 +0200, Andi Kleen wrote:
> Also allow to set svm lock.

Please use two separate patches. The detection and cpuinfo display is
not related to set svm lock.

> TBD double check, documentation, i386 support

Yes, documentation would be useful. See below.

> Signed-off-by: Andi Kleen <[EMAIL PROTECTED]>
> 
> ---
>  arch/x86_64/kernel/setup.c|   25 +++--
>  include/asm-i386/cpufeature.h |1 +
>  include/asm-i386/msr-index.h  |3 +++
>  3 files changed, 27 insertions(+), 2 deletions(-)
> 
> Index: linux/arch/x86_64/kernel/setup.c
> ===
> --- linux.orig/arch/x86_64/kernel/setup.c
> +++ linux/arch/x86_64/kernel/setup.c
> @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
>  
>  static void __cpuinit init_amd(struct cpuinfo_x86 *c)
>  {
> - unsigned level;
> + unsigned level, flags, dummy;
>  
>  #ifdef CONFIG_SMP
>   unsigned long value;
> @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
>   /* Family 10 doesn't support C states in MWAIT so don't use it */
>   if (c->x86 == 0x10 && !force_mwait)
>   clear_bit(X86_FEATURE_MWAIT, >x86_capability);
> +
> + if (c->x86 >= 0xf && c->x86 <= 0x11 &&
> + !rdmsr_safe(MSR_VM_CR, , ) &&
> + (flags & 0x18))
> + set_bit(X86_FEATURE_VIRT_DISABLED, >x86_capability);

Why the check for 0x18  And please can we use understandable
constants for this.

bit 3 (SVM_LOCK) controls only the writeability of bit 4 (SVME_DISABLE),
which controls whether SVM is allowed to be enabled or not. 

bit 3   bit 4
0   0   SVM can be enabled in EFER, SVME_DISABLE is writeable
1   0   SVM can be enabled in EFER, SVME_DISABLE is not writeable
0   1   SVM can not be enabled in EFER, SVME_DISABLE is writeable
1   1   SVM can not be enabled in EFER, SVME_DISABLE is not writeable

So SVM is disabled, when bit 4 is set.

> +}
> +
> +static int enable_svm_lock(char *s)
> +{
> + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
> + boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) {
> + unsigned a,b;
> + if (rdmsr_safe(MSR_VM_CR, , ))
> + return 0;
> + a |= (1 << 3);  /* set SVM lock */

SVM_LOCK is read only according to data sheet. You can set bit 4
(SVME_DISABLE) to prevent KVM or what else using that feature.

tglx




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-22 Thread Joerg Roedel

I don't think we need this patch. When SVM is disabled KVM will tell on
module load. Further with SVM-lock it will be possible to re-enable SVM
even if it was disabled by BIOS using a key. In this case the user of
SVM has to clear the capability bit you set in this patch for all cpus.

On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote:
> 
> Also allow to set svm lock.
> 
> TBD double check, documentation, i386 support
> 
> Signed-off-by: Andi Kleen <[EMAIL PROTECTED]>
> 
> ---
>  arch/x86_64/kernel/setup.c|   25 +++--
>  include/asm-i386/cpufeature.h |1 +
>  include/asm-i386/msr-index.h  |3 +++
>  3 files changed, 27 insertions(+), 2 deletions(-)
> 
> Index: linux/arch/x86_64/kernel/setup.c
> ===
> --- linux.orig/arch/x86_64/kernel/setup.c
> +++ linux/arch/x86_64/kernel/setup.c
> @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
>  
>  static void __cpuinit init_amd(struct cpuinfo_x86 *c)
>  {
> - unsigned level;
> + unsigned level, flags, dummy;
>  
>  #ifdef CONFIG_SMP
>   unsigned long value;
> @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
>   /* Family 10 doesn't support C states in MWAIT so don't use it */
>   if (c->x86 == 0x10 && !force_mwait)
>   clear_bit(X86_FEATURE_MWAIT, >x86_capability);
> +
> + if (c->x86 >= 0xf && c->x86 <= 0x11 &&
> + !rdmsr_safe(MSR_VM_CR, , ) &&
> + (flags & 0x18))
> + set_bit(X86_FEATURE_VIRT_DISABLED, >x86_capability);
> +}
> +
> +static int enable_svm_lock(char *s)
> +{
> + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
> + boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) {
> + unsigned a,b;
> + if (rdmsr_safe(MSR_VM_CR, , ))
> + return 0;
> + a |= (1 << 3);  /* set SVM lock */
> + if (!wrmsr_safe(MSR_VM_CR, , ))
> + return 1;
> + }
> + printk(KERN_ERR "CPU does not support svm_lock\n");
> + return 0;
>  }
> +__setup("svm_lock", enable_svm_lock);
>  
>  static void __cpuinit detect_ht(struct cpuinfo_x86 *c)
>  {
> @@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file 
>   NULL, NULL, NULL, NULL,
>   "constant_tsc", "up", NULL, "arch_perfmon",
>   "pebs", "bts", NULL, "sync_rdtsc",
> - "rep_good", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> + "rep_good", "virtualization_bios_disabled", NULL, NULL, NULL, 
> NULL, NULL, NULL,
>   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>  
>   /* Intel-defined (#2) */
> Index: linux/include/asm-i386/cpufeature.h
> ===
> --- linux.orig/include/asm-i386/cpufeature.h
> +++ linux/include/asm-i386/cpufeature.h
> @@ -82,6 +82,7 @@
>  /* 14 free */
>  #define X86_FEATURE_SYNC_RDTSC   (3*32+15)  /* RDTSC synchronizes the 
> CPU */
>  #define X86_FEATURE_REP_GOOD   (3*32+16) /* rep microcode works well on this 
> CPU */
> +#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled 
> */
>  
>  /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */
>  #define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */
> Index: linux/include/asm-i386/msr-index.h
> ===
> --- linux.orig/include/asm-i386/msr-index.h
> +++ linux/include/asm-i386/msr-index.h
> @@ -98,6 +98,9 @@
>  #define K8_MTRRFIXRANGE_DRAM_MODIFY  0x0008 /* MtrrFixDramModEn bit */
>  #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem*/
>  
> +/* SVM */
> +#define MSR_VM_CR   0xc0010114
> +
>  /* K7 MSRs */
>  #define MSR_K7_EVNTSEL0  0xc001
>  #define MSR_K7_PERFCTR0  0xc0010004
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [EMAIL PROTECTED]
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-22 Thread Sam Ravnborg

On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote:
> 
> Also allow to set svm lock.
> 
> TBD double check, documentation, i386 support
> 
> Signed-off-by: Andi Kleen <[EMAIL PROTECTED]>

Could we have this patch tagged with x86 instead of "Experimental" in subject.

Sam
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-22 Thread Sam Ravnborg

On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote:
 
 Also allow to set svm lock.
 
 TBD double check, documentation, i386 support
 
 Signed-off-by: Andi Kleen [EMAIL PROTECTED]

Could we have this patch tagged with x86 instead of Experimental in subject.

Sam
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-22 Thread Joerg Roedel

I don't think we need this patch. When SVM is disabled KVM will tell on
module load. Further with SVM-lock it will be possible to re-enable SVM
even if it was disabled by BIOS using a key. In this case the user of
SVM has to clear the capability bit you set in this patch for all cpus.

On Sat, Sep 22, 2007 at 12:32:18AM +0200, Andi Kleen wrote:
 
 Also allow to set svm lock.
 
 TBD double check, documentation, i386 support
 
 Signed-off-by: Andi Kleen [EMAIL PROTECTED]
 
 ---
  arch/x86_64/kernel/setup.c|   25 +++--
  include/asm-i386/cpufeature.h |1 +
  include/asm-i386/msr-index.h  |3 +++
  3 files changed, 27 insertions(+), 2 deletions(-)
 
 Index: linux/arch/x86_64/kernel/setup.c
 ===
 --- linux.orig/arch/x86_64/kernel/setup.c
 +++ linux/arch/x86_64/kernel/setup.c
 @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
  
  static void __cpuinit init_amd(struct cpuinfo_x86 *c)
  {
 - unsigned level;
 + unsigned level, flags, dummy;
  
  #ifdef CONFIG_SMP
   unsigned long value;
 @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
   /* Family 10 doesn't support C states in MWAIT so don't use it */
   if (c-x86 == 0x10  !force_mwait)
   clear_bit(X86_FEATURE_MWAIT, c-x86_capability);
 +
 + if (c-x86 = 0xf  c-x86 = 0x11 
 + !rdmsr_safe(MSR_VM_CR, flags, dummy) 
 + (flags  0x18))
 + set_bit(X86_FEATURE_VIRT_DISABLED, c-x86_capability);
 +}
 +
 +static int enable_svm_lock(char *s)
 +{
 + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD 
 + boot_cpu_data.x86 = 0xf  boot_cpu_data.x86 = 0x11) {
 + unsigned a,b;
 + if (rdmsr_safe(MSR_VM_CR, a, b))
 + return 0;
 + a |= (1  3);  /* set SVM lock */
 + if (!wrmsr_safe(MSR_VM_CR, a, b))
 + return 1;
 + }
 + printk(KERN_ERR CPU does not support svm_lock\n);
 + return 0;
  }
 +__setup(svm_lock, enable_svm_lock);
  
  static void __cpuinit detect_ht(struct cpuinfo_x86 *c)
  {
 @@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file 
   NULL, NULL, NULL, NULL,
   constant_tsc, up, NULL, arch_perfmon,
   pebs, bts, NULL, sync_rdtsc,
 - rep_good, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 + rep_good, virtualization_bios_disabled, NULL, NULL, NULL, 
 NULL, NULL, NULL,
   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
  
   /* Intel-defined (#2) */
 Index: linux/include/asm-i386/cpufeature.h
 ===
 --- linux.orig/include/asm-i386/cpufeature.h
 +++ linux/include/asm-i386/cpufeature.h
 @@ -82,6 +82,7 @@
  /* 14 free */
  #define X86_FEATURE_SYNC_RDTSC   (3*32+15)  /* RDTSC synchronizes the 
 CPU */
  #define X86_FEATURE_REP_GOOD   (3*32+16) /* rep microcode works well on this 
 CPU */
 +#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled 
 */
  
  /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */
  #define X86_FEATURE_XMM3 (4*32+ 0) /* Streaming SIMD Extensions-3 */
 Index: linux/include/asm-i386/msr-index.h
 ===
 --- linux.orig/include/asm-i386/msr-index.h
 +++ linux/include/asm-i386/msr-index.h
 @@ -98,6 +98,9 @@
  #define K8_MTRRFIXRANGE_DRAM_MODIFY  0x0008 /* MtrrFixDramModEn bit */
  #define K8_MTRR_RDMEM_WRMEM_MASK 0x18181818 /* Mask: RdMem|WrMem*/
  
 +/* SVM */
 +#define MSR_VM_CR   0xc0010114
 +
  /* K7 MSRs */
  #define MSR_K7_EVNTSEL0  0xc001
  #define MSR_K7_PERFCTR0  0xc0010004
 -
 To unsubscribe from this list: send the line unsubscribe linux-kernel in
 the body of a message to [EMAIL PROTECTED]
 More majordomo info at  http://vger.kernel.org/majordomo-info.html
 Please read the FAQ at  http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-22 Thread Thomas Gleixner

On Sat, 2007-09-22 at 00:32 +0200, Andi Kleen wrote:
 Also allow to set svm lock.

Please use two separate patches. The detection and cpuinfo display is
not related to set svm lock.

 TBD double check, documentation, i386 support

Yes, documentation would be useful. See below.

 Signed-off-by: Andi Kleen [EMAIL PROTECTED]
 
 ---
  arch/x86_64/kernel/setup.c|   25 +++--
  include/asm-i386/cpufeature.h |1 +
  include/asm-i386/msr-index.h  |3 +++
  3 files changed, 27 insertions(+), 2 deletions(-)
 
 Index: linux/arch/x86_64/kernel/setup.c
 ===
 --- linux.orig/arch/x86_64/kernel/setup.c
 +++ linux/arch/x86_64/kernel/setup.c
 @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
  
  static void __cpuinit init_amd(struct cpuinfo_x86 *c)
  {
 - unsigned level;
 + unsigned level, flags, dummy;
  
  #ifdef CONFIG_SMP
   unsigned long value;
 @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
   /* Family 10 doesn't support C states in MWAIT so don't use it */
   if (c-x86 == 0x10  !force_mwait)
   clear_bit(X86_FEATURE_MWAIT, c-x86_capability);
 +
 + if (c-x86 = 0xf  c-x86 = 0x11 
 + !rdmsr_safe(MSR_VM_CR, flags, dummy) 
 + (flags  0x18))
 + set_bit(X86_FEATURE_VIRT_DISABLED, c-x86_capability);

Why the check for 0x18  And please can we use understandable
constants for this.

bit 3 (SVM_LOCK) controls only the writeability of bit 4 (SVME_DISABLE),
which controls whether SVM is allowed to be enabled or not. 

bit 3   bit 4
0   0   SVM can be enabled in EFER, SVME_DISABLE is writeable
1   0   SVM can be enabled in EFER, SVME_DISABLE is not writeable
0   1   SVM can not be enabled in EFER, SVME_DISABLE is writeable
1   1   SVM can not be enabled in EFER, SVME_DISABLE is not writeable

So SVM is disabled, when bit 4 is set.

 +}
 +
 +static int enable_svm_lock(char *s)
 +{
 + if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD 
 + boot_cpu_data.x86 = 0xf  boot_cpu_data.x86 = 0x11) {
 + unsigned a,b;
 + if (rdmsr_safe(MSR_VM_CR, a, b))
 + return 0;
 + a |= (1  3);  /* set SVM lock */

SVM_LOCK is read only according to data sheet. You can set bit 4
(SVME_DISABLE) to prevent KVM or what else using that feature.

tglx




-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-21 Thread Andi Kleen


Also allow to set svm lock.

TBD double check, documentation, i386 support

Signed-off-by: Andi Kleen <[EMAIL PROTECTED]>

---
 arch/x86_64/kernel/setup.c|   25 +++--
 include/asm-i386/cpufeature.h |1 +
 include/asm-i386/msr-index.h  |3 +++
 3 files changed, 27 insertions(+), 2 deletions(-)

Index: linux/arch/x86_64/kernel/setup.c
===
--- linux.orig/arch/x86_64/kernel/setup.c
+++ linux/arch/x86_64/kernel/setup.c
@@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
 
 static void __cpuinit init_amd(struct cpuinfo_x86 *c)
 {
-   unsigned level;
+   unsigned level, flags, dummy;
 
 #ifdef CONFIG_SMP
unsigned long value;
@@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
/* Family 10 doesn't support C states in MWAIT so don't use it */
if (c->x86 == 0x10 && !force_mwait)
clear_bit(X86_FEATURE_MWAIT, >x86_capability);
+
+   if (c->x86 >= 0xf && c->x86 <= 0x11 &&
+   !rdmsr_safe(MSR_VM_CR, , ) &&
+   (flags & 0x18))
+   set_bit(X86_FEATURE_VIRT_DISABLED, >x86_capability);
+}
+
+static int enable_svm_lock(char *s)
+{
+   if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
+   boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) {
+   unsigned a,b;
+   if (rdmsr_safe(MSR_VM_CR, , ))
+   return 0;
+   a |= (1 << 3);  /* set SVM lock */
+   if (!wrmsr_safe(MSR_VM_CR, , ))
+   return 1;
+   }
+   printk(KERN_ERR "CPU does not support svm_lock\n");
+   return 0;
 }
+__setup("svm_lock", enable_svm_lock);
 
 static void __cpuinit detect_ht(struct cpuinfo_x86 *c)
 {
@@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file 
NULL, NULL, NULL, NULL,
"constant_tsc", "up", NULL, "arch_perfmon",
"pebs", "bts", NULL, "sync_rdtsc",
-   "rep_good", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+   "rep_good", "virtualization_bios_disabled", NULL, NULL, NULL, 
NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 
/* Intel-defined (#2) */
Index: linux/include/asm-i386/cpufeature.h
===
--- linux.orig/include/asm-i386/cpufeature.h
+++ linux/include/asm-i386/cpufeature.h
@@ -82,6 +82,7 @@
 /* 14 free */
 #define X86_FEATURE_SYNC_RDTSC (3*32+15)  /* RDTSC synchronizes the CPU */
 #define X86_FEATURE_REP_GOOD   (3*32+16) /* rep microcode works well on this 
CPU */
+#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled */
 
 /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */
 #define X86_FEATURE_XMM3   (4*32+ 0) /* Streaming SIMD Extensions-3 */
Index: linux/include/asm-i386/msr-index.h
===
--- linux.orig/include/asm-i386/msr-index.h
+++ linux/include/asm-i386/msr-index.h
@@ -98,6 +98,9 @@
 #define K8_MTRRFIXRANGE_DRAM_MODIFY0x0008 /* MtrrFixDramModEn bit */
 #define K8_MTRR_RDMEM_WRMEM_MASK   0x18181818 /* Mask: RdMem|WrMem*/
 
+/* SVM */
+#define MSR_VM_CR   0xc0010114
+
 /* K7 MSRs */
 #define MSR_K7_EVNTSEL00xc001
 #define MSR_K7_PERFCTR00xc0010004
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

2007-09-21 Thread Andi Kleen


Also allow to set svm lock.

TBD double check, documentation, i386 support

Signed-off-by: Andi Kleen [EMAIL PROTECTED]

---
 arch/x86_64/kernel/setup.c|   25 +++--
 include/asm-i386/cpufeature.h |1 +
 include/asm-i386/msr-index.h  |3 +++
 3 files changed, 27 insertions(+), 2 deletions(-)

Index: linux/arch/x86_64/kernel/setup.c
===
--- linux.orig/arch/x86_64/kernel/setup.c
+++ linux/arch/x86_64/kernel/setup.c
@@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
 
 static void __cpuinit init_amd(struct cpuinfo_x86 *c)
 {
-   unsigned level;
+   unsigned level, flags, dummy;
 
 #ifdef CONFIG_SMP
unsigned long value;
@@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
/* Family 10 doesn't support C states in MWAIT so don't use it */
if (c-x86 == 0x10  !force_mwait)
clear_bit(X86_FEATURE_MWAIT, c-x86_capability);
+
+   if (c-x86 = 0xf  c-x86 = 0x11 
+   !rdmsr_safe(MSR_VM_CR, flags, dummy) 
+   (flags  0x18))
+   set_bit(X86_FEATURE_VIRT_DISABLED, c-x86_capability);
+}
+
+static int enable_svm_lock(char *s)
+{
+   if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD 
+   boot_cpu_data.x86 = 0xf  boot_cpu_data.x86 = 0x11) {
+   unsigned a,b;
+   if (rdmsr_safe(MSR_VM_CR, a, b))
+   return 0;
+   a |= (1  3);  /* set SVM lock */
+   if (!wrmsr_safe(MSR_VM_CR, a, b))
+   return 1;
+   }
+   printk(KERN_ERR CPU does not support svm_lock\n);
+   return 0;
 }
+__setup(svm_lock, enable_svm_lock);
 
 static void __cpuinit detect_ht(struct cpuinfo_x86 *c)
 {
@@ -985,7 +1006,7 @@ static int show_cpuinfo(struct seq_file 
NULL, NULL, NULL, NULL,
constant_tsc, up, NULL, arch_perfmon,
pebs, bts, NULL, sync_rdtsc,
-   rep_good, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+   rep_good, virtualization_bios_disabled, NULL, NULL, NULL, 
NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
 
/* Intel-defined (#2) */
Index: linux/include/asm-i386/cpufeature.h
===
--- linux.orig/include/asm-i386/cpufeature.h
+++ linux/include/asm-i386/cpufeature.h
@@ -82,6 +82,7 @@
 /* 14 free */
 #define X86_FEATURE_SYNC_RDTSC (3*32+15)  /* RDTSC synchronizes the CPU */
 #define X86_FEATURE_REP_GOOD   (3*32+16) /* rep microcode works well on this 
CPU */
+#define X86_FEATURE_VIRT_DISABLED (3*32+17) /* Hardware virt. BIOS disabled */
 
 /* Intel-defined CPU features, CPUID level 0x0001 (ecx), word 4 */
 #define X86_FEATURE_XMM3   (4*32+ 0) /* Streaming SIMD Extensions-3 */
Index: linux/include/asm-i386/msr-index.h
===
--- linux.orig/include/asm-i386/msr-index.h
+++ linux/include/asm-i386/msr-index.h
@@ -98,6 +98,9 @@
 #define K8_MTRRFIXRANGE_DRAM_MODIFY0x0008 /* MtrrFixDramModEn bit */
 #define K8_MTRR_RDMEM_WRMEM_MASK   0x18181818 /* Mask: RdMem|WrMem*/
 
+/* SVM */
+#define MSR_VM_CR   0xc0010114
+
 /* K7 MSRs */
 #define MSR_K7_EVNTSEL00xc001
 #define MSR_K7_PERFCTR00xc0010004
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [patches] [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

[PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

[PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

16 matches

Site Navigation

Mail list logo

Footer information