https://bugs.winehq.org/show_bug.cgi?id=49221
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Fabian,
--- quote --- I'm assuming this is only for Intel CPUs. Is there a similar issue with AMD? --- quote ---
regarding VMX MSRs one would assume Intel only. I don't have an AMD processor so I can only simulate the code paths in the driver.
--- snip --- <preceding code collects basic cpuid(0), cpuid(1) information> r9b = flag(1) = "GenuineIntel" detected r14b = flag(1) = "AuthenticAMD" detected ... 00000001400088AA | xor ecx,ecx | 00000001400088AC | mov eax,1 | 00000001400088B1 | cpuid | 00000001400088B3 | mov eax,edx | 00000001400088B5 | shr eax,5 | 00000001400088B8 | and al,1 | 00000001400088BA | mov byte ptr ds:[rdi+4C],al | RDMSR/WRMSR support? 00000001400088BD | mov eax,edx | 00000001400088BF | shr eax,C | 00000001400088C2 | and al,1 | 00000001400088C4 | mov byte ptr ds:[rdi+4D],al | MTRR support? 00000001400088C7 | mov eax,edx | 00000001400088C9 | shr eax,6 | 00000001400088CC | and al,1 | 00000001400088CE | mov byte ptr ds:[rdi+4E],al | phys addr extensions? 00000001400088D1 | mov eax,edx | 00000001400088D3 | shr eax,10 | 00000001400088D6 | and al,1 | 00000001400088D8 | shr edx,1C | 00000001400088DB | mov byte ptr ds:[rdi+4B],al | page attribute table? 00000001400088DE | and dl,1 | 00000001400088E1 | mov eax,ecx | 00000001400088E3 | mov byte ptr ds:[rdi+49],dl | hyper-threading? 00000001400088E6 | shr eax,1F | 00000001400088E9 | and al,1 | 00000001400088EB | mov byte ptr ds:[rdi+50],al | hypervisor present? 00000001400088EE | test r9b,r9b | flag for vendor Intel 00000001400088F1 | je denuvo-anti-cheat.1400088F8 | ZF -> not Intel 00000001400088F3 | shr ecx,5 | has msr? 00000001400088F6 | jmp denuvo-anti-cheat.140008909 | 00000001400088F8 | test r14b,r14b | flag for vendor AMD 00000001400088FB | je denuvo-anti-cheat.140008921 | ZF -> not AMD 00000001400088FD | xor ecx,ecx | 00000001400088FF | mov eax,80000001 | Extended Processor Info 0000000140008904 | cpuid | 0000000140008906 | shr ecx,2 | AMD SVM enabled ? 0000000140008909 | and cl,1 | 000000014000890C | mov eax,7 | Extended Features 0000000140008911 | mov byte ptr ds:[rdi+4F],cl | has SVM or MSR support 0000000140008914 | xor ecx,ecx | 0000000140008916 | cpuid | 0000000140008918 | shr ebx,12 | 000000014000891B | and bl,1 | RDSEED support? 000000014000891E | mov byte ptr ds:[rdi+4A],bl | 1 = has RDSEED support 0000000140008921 | cmp byte ptr ds:[rdi+4C],1 | MSR support? 0000000140008925 | jne denuvo-anti-cheat.140008956 | 0000000140008927 | test r9b,r9b | flag for vendor Intel 000000014000892A | je denuvo-anti-cheat.14000893A | ZF -> not Intel 000000014000892C | cmp byte ptr ds:[rdi+4F],1 | SVM or MSR support? 0000000140008930 | jne denuvo-anti-cheat.14000893A | 0000000140008932 | mov rcx,rdi | 0000000140008935 | call denuvo-anti-cheat.140008AC0 | read VMX MSRs 000000014000893A | cmp byte ptr ds:[rdi+4D],1 | ... --- snip ---
If I'm not mistaken it seems possible to enter the code path that reads the VMX MSRs (subroutine 0x140008935) even on AMD cpus.
https://www.amd.com/system/files/TechDocs/25481.pdf
if CPUID Fn0000_0001_EDX Bit 5 = MSR: AMD model-specific registers
_and_
if CPUID Fn8000_0001_ECX Bit 2 = SVM: secure virtual machine.
Not sure how this can work. I know that Hypervisors/VMMs intercept all kinds of instructions, including RDMSR. But it would be strange to advertise VMX features on AMD by emulating these Intel MSRs. Maybe I'm wrong here and the code path can't be entered.
Could someone check what happens on AMD:
--- snip --- $ sudo rdmsr -x 0x480 --- snip ---
Regards