VIA C3 backdoor

[coypu%sdf.org@localhost]

Anyone watching this?
https://github.com/xoreaxeaxeax/rosenbridge
Looks like we'll want to disable ALTINST on VIA CPUs if it happens to be on already.

docs:
http://datasheets.chipdb.org/VIA/Nehemiah/VIA%20C3%20Nehemiah%20Datasheet%20R113.pdf
(page 82)

I'm guessing something like this (untested, I have no VIA CPUs), the
function is called cpu_probe_c3, but I'm not sure if it matches too
many VIA CPUs.

cpu_probe_winchip also looks like it would match the same CPUs...?
maybe move the VIA Eden cmpxchg8b instruction enable code from the
probe_winchip function to probe_c3 and make it only for family == 5?



Index: include/specialreg.h
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/include/specialreg.h,v
retrieving revision 1.129
diff -u -r1.129 specialreg.h
--- include/specialreg.h	7 Aug 2018 10:50:12 -0000	1.129
+++ include/specialreg.h	10 Aug 2018 14:08:05 -0000
@@ -792,6 +792,7 @@
 #define MSR_VIA_RNG_NOISE_B	0x00000100
 #define MSR_VIA_RNG_2NOISE	0x00000300
 #define MSR_VIA_ACE		0x00001107
+#define MSR_VIA_ACE_ALTINST	0x00000001
 #define MSR_VIA_ACE_ENABLE	0x10000000
 
 /*
Index: x86/identcpu.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/identcpu.c,v
retrieving revision 1.79
diff -u -r1.79 identcpu.c
--- x86/identcpu.c	4 Jul 2018 07:55:57 -0000	1.79
+++ x86/identcpu.c	10 Aug 2018 14:08:05 -0000
@@ -601,10 +601,13 @@
 			msr = rdmsr(MSR_VIA_ACE);
 			wrmsr(MSR_VIA_ACE, msr | MSR_VIA_ACE_ENABLE);
 		    }
-
 		}
 	}
 
+	/* Disable unsafe ALTINST mode if it's accidentally on */
+	msr = rdmsr(MSR_VIA_ACE);
+	wrmsr(MSR_VIA_ACE, msr & ~MSR_VIA_ACE_ALTINST);
+
 	/*
 	 * Determine L1 cache/TLB info.
 	 */