From: guenther Date: Sun, 25 Feb 2024 22:33:09 +0000 (+0000) Subject: We don't do compat32 so MSR_CSTAR shouldn't be set up: delete the X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=073d4874bad48a3c63c4dc7856fc2e2a893a7964;p=openbsd We don't do compat32 so MSR_CSTAR shouldn't be set up: delete the Xsyscall32 stub and UCODE32 selector, set MSR_CSTAR to zero at CPU startup, and rezero on ACPI resume and VM exit. requested a while ago by deraadt@ AMD VM testing chris@ testing and ok krw@ --- diff --git a/sys/arch/amd64/amd64/acpi_wakecode.S b/sys/arch/amd64/amd64/acpi_wakecode.S index ddcdc74c3ed..da4759766be 100644 --- a/sys/arch/amd64/amd64/acpi_wakecode.S +++ b/sys/arch/amd64/amd64/acpi_wakecode.S @@ -1,4 +1,4 @@ -/* $OpenBSD: acpi_wakecode.S,v 1.49 2022/12/01 00:26:15 guenther Exp $ */ +/* $OpenBSD: acpi_wakecode.S,v 1.50 2024/02/25 22:33:09 guenther Exp $ */ /* * Copyright (c) 2001 Takanori Watanabe * Copyright (c) 2001 Mitsuru IWASAKI @@ -267,8 +267,8 @@ _ACPI_TRMP_LABEL(.Lacpi_long_mode_trampoline) wrmsr movl $MSR_CSTAR, %ecx - movl .Lacpi_saved_cstar, %eax - movl .Lacpi_saved_cstar+4, %edx + xorl %eax, %eax + xorl %edx, %edx wrmsr movl $MSR_SFMASK, %ecx @@ -691,8 +691,6 @@ _ACPI_TRMP_DATA_LABEL(.Lacpi_saved_star) .quad 0 _ACPI_TRMP_DATA_LABEL(.Lacpi_saved_lstar) .quad 0 -_ACPI_TRMP_DATA_LABEL(.Lacpi_saved_cstar) - .quad 0 _ACPI_TRMP_DATA_LABEL(.Lacpi_saved_sfmask) .quad 0 #if NLAPIC > 0 @@ -781,11 +779,6 @@ NENTRY(acpi_savecpu) movl %eax, .Lacpi_saved_star movl %edx, .Lacpi_saved_star+4 - movl $MSR_CSTAR, %ecx - rdmsr - movl %eax, .Lacpi_saved_cstar - movl %edx, .Lacpi_saved_cstar+4 - movl $MSR_LSTAR, %ecx rdmsr movl %eax, .Lacpi_saved_lstar diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c index 6c8e2b67d84..7f4cccf1739 100644 --- a/sys/arch/amd64/amd64/cpu.c +++ b/sys/arch/amd64/amd64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.182 2024/02/24 17:00:05 deraadt Exp $ */ +/* $OpenBSD: cpu.c,v 1.183 2024/02/25 22:33:09 guenther Exp $ */ /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */ /*- @@ -1184,10 +1184,10 @@ cpu_init_msrs(struct cpu_info *ci) { wrmsr(MSR_STAR, ((uint64_t)GSEL(GCODE_SEL, SEL_KPL) << 32) | - ((uint64_t)GSEL(GUCODE32_SEL, SEL_UPL) << 48)); + ((uint64_t)GSEL(GUDATA_SEL-1, SEL_UPL) << 48)); wrmsr(MSR_LSTAR, cpu_meltdown ? (uint64_t)Xsyscall_meltdown : (uint64_t)Xsyscall); - wrmsr(MSR_CSTAR, (uint64_t)Xsyscall32); + wrmsr(MSR_CSTAR, 0); wrmsr(MSR_SFMASK, PSL_NT|PSL_T|PSL_I|PSL_C|PSL_D|PSL_AC); wrmsr(MSR_FSBASE, 0); diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S index 1365cf9be5a..35311147460 100644 --- a/sys/arch/amd64/amd64/locore.S +++ b/sys/arch/amd64/amd64/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.145 2024/02/12 01:18:17 guenther Exp $ */ +/* $OpenBSD: locore.S,v 1.146 2024/02/25 22:33:09 guenther Exp $ */ /* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */ /* @@ -507,11 +507,6 @@ ENTRY(savectx) lfence END(savectx) -// XXX this should not behave like a nop -IDTVEC(syscall32) - sysret /* go away please */ -END(Xsyscall32) - /* * syscall insn entry. * Enter here with interrupts blocked; %rcx contains the caller's diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c index 9fa994bdceb..f58e6c585c1 100644 --- a/sys/arch/amd64/amd64/machdep.c +++ b/sys/arch/amd64/amd64/machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: machdep.c,v 1.290 2024/02/03 16:21:22 deraadt Exp $ */ +/* $OpenBSD: machdep.c,v 1.291 2024/02/25 22:33:09 guenther Exp $ */ /* $NetBSD: machdep.c,v 1.3 2003/05/07 22:58:18 fvdl Exp $ */ /*- @@ -1744,9 +1744,6 @@ init_x86_64(paddr_t first_avail) set_mem_segment(GDT_ADDR_MEM(cpu_info_primary.ci_gdt, GDATA_SEL), 0, 0xfffff, SDT_MEMRWA, SEL_KPL, 1, 0, 1); - set_mem_segment(GDT_ADDR_MEM(cpu_info_primary.ci_gdt, GUCODE32_SEL), 0, - atop(VM_MAXUSER_ADDRESS32) - 1, SDT_MEMERA, SEL_UPL, 1, 1, 0); - set_mem_segment(GDT_ADDR_MEM(cpu_info_primary.ci_gdt, GUDATA_SEL), 0, atop(VM_MAXUSER_ADDRESS) - 1, SDT_MEMRWA, SEL_UPL, 1, 0, 1); diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index 7cc3759171c..943797dde8b 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.18 2024/02/12 02:57:14 jsg Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.19 2024/02/25 22:33:09 guenther Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -2734,7 +2734,7 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs) msr_store[2].vms_index = MSR_LSTAR; msr_store[2].vms_data = rdmsr(MSR_LSTAR); msr_store[3].vms_index = MSR_CSTAR; - msr_store[3].vms_data = rdmsr(MSR_CSTAR); + msr_store[3].vms_data = 0; msr_store[4].vms_index = MSR_SFMASK; msr_store[4].vms_data = rdmsr(MSR_SFMASK); msr_store[5].vms_index = MSR_KERNELGSBASE; diff --git a/sys/arch/amd64/amd64/vmm_support.S b/sys/arch/amd64/amd64/vmm_support.S index 7b7d9f28181..aadfb4a9610 100644 --- a/sys/arch/amd64/amd64/vmm_support.S +++ b/sys/arch/amd64/amd64/vmm_support.S @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_support.S,v 1.24 2023/11/28 00:17:48 dv Exp $ */ +/* $OpenBSD: vmm_support.S,v 1.25 2024/02/25 22:33:09 guenther Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -225,12 +225,6 @@ skip_init: pushq %rax pushq %rdx - /* XXX - unused? */ - movq $MSR_CSTAR, %rcx - rdmsr - pushq %rax - pushq %rdx - movq $MSR_SFMASK, %rcx rdmsr pushq %rax @@ -483,9 +477,9 @@ restore_host: movq $MSR_SFMASK, %rcx wrmsr - /* XXX - unused? */ - popq %rdx - popq %rax + /* make sure guest doesn't bleed into host */ + xorl %edx, %edx + xorl %eax, %eax movq $MSR_CSTAR, %rcx wrmsr @@ -584,12 +578,6 @@ ENTRY(svm_enter_guest) pushq %rax pushq %rdx - /* XXX - unused? */ - movq $MSR_CSTAR, %rcx - rdmsr - pushq %rax - pushq %rdx - movq $MSR_SFMASK, %rcx rdmsr pushq %rax @@ -696,9 +684,9 @@ restore_host_svm: movq $MSR_SFMASK, %rcx wrmsr - /* XXX - unused? */ - popq %rdx - popq %rax + /* make sure guest doesn't bleed into host */ + xorl %edx, %edx + xorl %eax, %eax movq $MSR_CSTAR, %rcx wrmsr diff --git a/sys/arch/amd64/include/segments.h b/sys/arch/amd64/include/segments.h index 87de2c08240..308639a6baa 100644 --- a/sys/arch/amd64/include/segments.h +++ b/sys/arch/amd64/include/segments.h @@ -1,4 +1,4 @@ -/* $OpenBSD: segments.h,v 1.16 2024/01/19 18:38:16 kettenis Exp $ */ +/* $OpenBSD: segments.h,v 1.17 2024/02/25 22:33:09 guenther Exp $ */ /* $NetBSD: segments.h,v 1.1 2003/04/26 18:39:47 fvdl Exp $ */ /*- @@ -247,16 +247,15 @@ void cpu_init_idt(void); * Then comes the predefined TSS descriptor. * There are NGDT_SYS of them. * - * The particular order of the UCODE32, UDATA, and UCODE descriptors is - * required by the syscall/sysret instructions. + * The particular order of the UDATA and UCODE descriptors is + * required by the sysretq instruction. */ #define GNULL_SEL 0 /* Null descriptor */ #define GCODE_SEL 1 /* Kernel code descriptor */ #define GDATA_SEL 2 /* Kernel data descriptor */ -#define GUCODE32_SEL 3 /* User 32bit code descriptor (unused) */ -#define GUDATA_SEL 4 /* User data descriptor */ -#define GUCODE_SEL 5 /* User code descriptor */ -#define NGDT_MEM 6 +#define GUDATA_SEL 3 /* User data descriptor */ +#define GUCODE_SEL 4 /* User code descriptor */ +#define NGDT_MEM 5 #define GPROC0_SEL 0 /* common TSS */ #define NGDT_SYS 1