CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2025/07/11 14:04:20
Modified files:
sys/arch/amd64/amd64: trap.c vector.S
Log message:
AMD SEV-ES guest: In vctrap() allow only CPUID from userspace.
CPUID is the only instruction we allow to raise a #VC exception
also from user space. All other instructions are limited to raise
#VC from kernel space only.
With respect to rdmsr/wrmsr, this is an additional safe-guard, as
these two instructions will raise a #GP anyway when the CPL is
greater than 0.
With respect to in/out, userland could be allowed to access IO
ports. However, our SEV-ES guest do not support this for now.
from hshoexer@; OK mlarkin@
