lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 22 Sep 2007 21:05:39 +0200
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Andi Kleen <ak@...e.de>
Cc:	patches@...-64.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] [19/50] Experimental: detect if SVM is disabled by BIOS

On Sat, 2007-09-22 at 00:32 +0200, Andi Kleen wrote:
> Also allow to set svm lock.

Please use two separate patches. The detection and cpuinfo display is
not related to set svm lock.

> TBD double check, documentation, i386 support

Yes, documentation would be useful. See below.

> Signed-off-by: Andi Kleen <ak@...e.de>
> 
> ---
>  arch/x86_64/kernel/setup.c    |   25 +++++++++++++++++++++++--
>  include/asm-i386/cpufeature.h |    1 +
>  include/asm-i386/msr-index.h  |    3 +++
>  3 files changed, 27 insertions(+), 2 deletions(-)
> 
> Index: linux/arch/x86_64/kernel/setup.c
> ===================================================================
> --- linux.orig/arch/x86_64/kernel/setup.c
> +++ linux/arch/x86_64/kernel/setup.c
> @@ -565,7 +565,7 @@ static void __cpuinit early_init_amd(str
>  
>  static void __cpuinit init_amd(struct cpuinfo_x86 *c)
>  {
> -	unsigned level;
> +	unsigned level, flags, dummy;
>  
>  #ifdef CONFIG_SMP
>  	unsigned long value;
> @@ -634,7 +634,28 @@ static void __cpuinit init_amd(struct cp
>  	/* Family 10 doesn't support C states in MWAIT so don't use it */
>  	if (c->x86 == 0x10 && !force_mwait)
>  		clear_bit(X86_FEATURE_MWAIT, &c->x86_capability);
> +
> +	if (c->x86 >= 0xf && c->x86 <= 0x11 &&
> +	    !rdmsr_safe(MSR_VM_CR, &flags, &dummy) &&
> +	    (flags & 0x18))
> +		set_bit(X86_FEATURE_VIRT_DISABLED, &c->x86_capability);

Why the check for 0x18 ???? And please can we use understandable
constants for this.

bit 3 (SVM_LOCK) controls only the writeability of bit 4 (SVME_DISABLE),
which controls whether SVM is allowed to be enabled or not. 

bit 3	bit 4
0	0	SVM can be enabled in EFER, SVME_DISABLE is writeable
1	0	SVM can be enabled in EFER, SVME_DISABLE is not writeable
0	1	SVM can not be enabled in EFER, SVME_DISABLE is writeable
1	1	SVM can not be enabled in EFER, SVME_DISABLE is not writeable

So SVM is disabled, when bit 4 is set.

> +}
> +
> +static int enable_svm_lock(char *s)
> +{
> +	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
> +		boot_cpu_data.x86 >= 0xf && boot_cpu_data.x86 <= 0x11) {
> +		unsigned a,b;
> +		if (rdmsr_safe(MSR_VM_CR, &a, &b))
> +			return 0;
> +		a |= (1 << 3);	/* set SVM lock */

SVM_LOCK is read only according to data sheet. You can set bit 4
(SVME_DISABLE) to prevent KVM or what else using that feature.

	tglx




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ