On Mon, Apr 24, 2023 at 10:53:57AM -0600, Dave Voutila wrote: > CVSROOT: /cvs > Module name: src > Changes by: d...@cvs.openbsd.org 2023/04/24 10:53:57 > > Modified files: > sys/arch/amd64/amd64: vmm.c > > Log message: > vmm(4): allow guests to enable and use supervisor IBT. > > Why should hosts have all the fun? Conditionally unmask the cpuid > bits for IBT and allow r/w access to the supervisor CET msr. > > Will need revisiting when we introduce usage of userland CET msr. > > ok marlkin@
Running on older hardware where CET is not enumerated causes guests to panic in cpu_fix_msrs() during RDMSR 0x6a2. diff --git sys/arch/amd64/amd64/vmm.c sys/arch/amd64/amd64/vmm.c index 42ac8007029..35b05033cdc 100644 --- sys/arch/amd64/amd64/vmm.c +++ sys/arch/amd64/amd64/vmm.c @@ -7059,7 +7059,7 @@ vmm_handle_cpuid(struct vcpu *vcpu) *rcx &= ~SEFF0ECX_PKU; /* Expose IBT bit if we've enabled CET on the host. */ - if (rcr4() | CR4_CET) + if (rcr4() & CR4_CET) *rdx |= SEFF0EDX_IBT; else *rdx &= ~SEFF0EDX_IBT;