vmm(4): Suppress AMD HwPstate visibility to guests

On newer Ryzen/EPYC, we need to hide the HwPstate CPUID 80000007:EDX
field for HwPstate, or guests will try to access the MSRs associated
with those, and that will fail with #GP.

ok deraadt

diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c
index ecbdc0a..0d113e7 100644 (file)
--- a/sys/arch/amd64/amd64/identcpu.c
+++ b/sys/arch/amd64/amd64/identcpu.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: identcpu.c,v 1.137 2023/08/16 04:07:37 jsg Exp $      */
+/*     $OpenBSD: identcpu.c,v 1.138 2023/09/03 09:30:43 mlarkin Exp $  */
 /*     $NetBSD: identcpu.c,v 1.1 2003/04/26 18:39:28 fvdl Exp $        */
 
 /*
@@ -228,6 +228,7 @@ const struct {
 }, cpu_cpuid_perf_eax[] = {
        { CPUIDEAX_VERID,       "PERF" },
 }, cpu_cpuid_apmi_edx[] = {
+       { CPUIDEDX_HWPSTATE,    "HWPSTATE" },
        { CPUIDEDX_ITSC,        "ITSC" },
 }, cpu_amdspec_ebxfeatures[] = {
        { CPUIDEBX_INVLPGB,             "INVLPGB" },

diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c
index 352126d..6a63b02 100644 (file)
--- a/sys/arch/amd64/amd64/vmm_machdep.c
+++ b/sys/arch/amd64/amd64/vmm_machdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vmm_machdep.c,v 1.5 2023/08/15 08:27:29 miod Exp $ */
+/* $OpenBSD: vmm_machdep.c,v 1.6 2023/09/03 09:30:43 mlarkin Exp $ */
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -6319,7 +6319,7 @@ vmm_handle_cpuid(struct vcpu *vcpu)
                *rax = eax;
                *rbx = ebx;
                *rcx = ecx;
-               *rdx = edx;
+               *rdx = edx & VMM_APMI_EDX_MASK;
                break;
        case 0x80000008:        /* Phys bits info and topology (AMD) */
                *rax = eax;

diff --git a/sys/arch/amd64/include/specialreg.h b/sys/arch/amd64/include/specialreg.h
index 2d7c030..38edcca 100644 (file)
--- a/sys/arch/amd64/include/specialreg.h
+++ b/sys/arch/amd64/include/specialreg.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: specialreg.h,v 1.108 2023/08/16 04:07:37 jsg Exp $    */
+/*     $OpenBSD: specialreg.h,v 1.109 2023/09/03 09:30:43 mlarkin Exp $        */
 /*     $NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $      */
 /*     $NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $  */
 
@@ -329,6 +329,7 @@
  * "Advanced Power Management Information" bits (CPUID function 0x80000007):
  * EDX bits.
  */
+#define CPUIDEDX_HWPSTATE      (1 << 7)        /* Hardware P State Control */
 #define CPUIDEDX_ITSC          (1 << 8)        /* Invariant TSC */
 
 /*

diff --git a/sys/arch/amd64/include/vmmvar.h b/sys/arch/amd64/include/vmmvar.h
index e9f8384..a187c4f 100644 (file)
--- a/sys/arch/amd64/include/vmmvar.h
+++ b/sys/arch/amd64/include/vmmvar.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: vmmvar.h,v 1.91 2023/04/26 15:11:21 mlarkin Exp $     */
+/*     $OpenBSD: vmmvar.h,v 1.92 2023/09/03 09:30:43 mlarkin Exp $     */
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -559,6 +559,7 @@ struct vm_mprotect_ept_params {
     CPUIDEBX_STIBP | CPUIDEBX_IBRS_ALWAYSON | CPUIDEBX_STIBP_ALWAYSON | \
     CPUIDEBX_IBRS_PREF | CPUIDEBX_SSBD | CPUIDEBX_VIRT_SSBD | \
     CPUIDEBX_SSBD_NOTREQ)
+#define VMM_APMI_EDX_MASK ~(CPUIDEDX_HWPSTATE)
 
 /*
  * SEFF flags - copy from host minus: