On Wed, Apr 26, 2023 at 07:39:38AM +0200, Anton Lindqvist wrote:
> On Mon, Apr 24, 2023 at 10:53:57AM -0600, Dave Voutila wrote:
> > CVSROOT: /cvs
> > Module name: src
> > Changes by: d...@cvs.openbsd.org 2023/04/24 10:53:57
> >
> > Modified files:
> > sys/arch/amd64/amd64: vmm.c
> >
> > Log message:
> > vmm(4): allow guests to enable and use supervisor IBT.
> >
> > Why should hosts have all the fun? Conditionally unmask the cpuid
> > bits for IBT and allow r/w access to the supervisor CET msr.
> >
> > Will need revisiting when we introduce usage of userland CET msr.
> >
> > ok marlkin@
>
> Running on older hardware where CET is not enumerated causes guests to
> panic in cpu_fix_msrs() during RDMSR 0x6a2.
vcpu_reset_regs_vmx() also has:
if (rcr4() | CR4_CET)
vmx_setmsrbrw(vcpu, MSR_S_CET);
>
> diff --git sys/arch/amd64/amd64/vmm.c sys/arch/amd64/amd64/vmm.c
> index 42ac8007029..35b05033cdc 100644
> --- sys/arch/amd64/amd64/vmm.c
> +++ sys/arch/amd64/amd64/vmm.c
> @@ -7059,7 +7059,7 @@ vmm_handle_cpuid(struct vcpu *vcpu)
> *rcx &= ~SEFF0ECX_PKU;
>
> /* Expose IBT bit if we've enabled CET on the host. */
> - if (rcr4() | CR4_CET)
> + if (rcr4() & CR4_CET)
> *rdx |= SEFF0EDX_IBT;
> else
> *rdx &= ~SEFF0EDX_IBT;
>
>
