On Mon, Apr 24, 2023 at 10:53:57AM -0600, Dave Voutila wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: [email protected] 2023/04/24 10:53:57
>
> Modified files:
> sys/arch/amd64/amd64: vmm.c
>
> Log message:
> vmm(4): allow guests to enable and use supervisor IBT.
>
> Why should hosts have all the fun? Conditionally unmask the cpuid
> bits for IBT and allow r/w access to the supervisor CET msr.
>
> Will need revisiting when we introduce usage of userland CET msr.
>
> ok marlkin@
Running on older hardware where CET is not enumerated causes guests to
panic in cpu_fix_msrs() during RDMSR 0x6a2.
diff --git sys/arch/amd64/amd64/vmm.c sys/arch/amd64/amd64/vmm.c
index 42ac8007029..35b05033cdc 100644
--- sys/arch/amd64/amd64/vmm.c
+++ sys/arch/amd64/amd64/vmm.c
@@ -7059,7 +7059,7 @@ vmm_handle_cpuid(struct vcpu *vcpu)
*rcx &= ~SEFF0ECX_PKU;
/* Expose IBT bit if we've enabled CET on the host. */
- if (rcr4() | CR4_CET)
+ if (rcr4() & CR4_CET)
*rdx |= SEFF0EDX_IBT;
else
*rdx &= ~SEFF0EDX_IBT;
