On Wed, Apr 26, 2023 at 07:39:38AM +0200, Anton Lindqvist wrote: > On Mon, Apr 24, 2023 at 10:53:57AM -0600, Dave Voutila wrote: > > CVSROOT: /cvs > > Module name: src > > Changes by: d...@cvs.openbsd.org 2023/04/24 10:53:57 > > > > Modified files: > > sys/arch/amd64/amd64: vmm.c > > > > Log message: > > vmm(4): allow guests to enable and use supervisor IBT. > > > > Why should hosts have all the fun? Conditionally unmask the cpuid > > bits for IBT and allow r/w access to the supervisor CET msr. > > > > Will need revisiting when we introduce usage of userland CET msr. > > > > ok marlkin@ > > Running on older hardware where CET is not enumerated causes guests to > panic in cpu_fix_msrs() during RDMSR 0x6a2.
vcpu_reset_regs_vmx() also has: if (rcr4() | CR4_CET) vmx_setmsrbrw(vcpu, MSR_S_CET); > > diff --git sys/arch/amd64/amd64/vmm.c sys/arch/amd64/amd64/vmm.c > index 42ac8007029..35b05033cdc 100644 > --- sys/arch/amd64/amd64/vmm.c > +++ sys/arch/amd64/amd64/vmm.c > @@ -7059,7 +7059,7 @@ vmm_handle_cpuid(struct vcpu *vcpu) > *rcx &= ~SEFF0ECX_PKU; > > /* Expose IBT bit if we've enabled CET on the host. */ > - if (rcr4() | CR4_CET) > + if (rcr4() & CR4_CET) > *rdx |= SEFF0EDX_IBT; > else > *rdx &= ~SEFF0EDX_IBT; > >