From: deraadt Date: Mon, 30 Jan 2023 00:10:39 +0000 (+0000) Subject: We have determined that enough HV have correct PKU handling now, X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fb41201ee8edf8ffafd5d23e3f703579b85ad89d;p=openbsd We have determined that enough HV have correct PKU handling now, so don't be paranoid about it anymore. What does this mean? If the HV above you is broken, userland programs in the guest could crash, the guest might even be quite unusable. So fix the hypervisor. The best way to raise the bar on hypervisor quality is for guests to behave like they are on a real machine, and then sucky hypervisors have to get fixed. ps. if using vmd as your hypervisor, use syspatch... --- diff --git a/sys/arch/amd64/amd64/pmap.c b/sys/arch/amd64/amd64/pmap.c index d6b6fcbf7be..9a474f23775 100644 --- a/sys/arch/amd64/amd64/pmap.c +++ b/sys/arch/amd64/amd64/pmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.c,v 1.160 2023/01/29 16:23:15 deraadt Exp $ */ +/* $OpenBSD: pmap.c,v 1.161 2023/01/30 00:10:39 deraadt Exp $ */ /* $NetBSD: pmap.c,v 1.3 2003/05/08 18:13:13 thorpej Exp $ */ /* @@ -665,10 +665,11 @@ pmap_bootstrap(paddr_t first_avail, paddr_t max_pa) */ if (cpuid_level >= 0x7) { uint32_t ecx, dummy; + CPUID_LEAF(0x7, 0, dummy, dummy, ecx, dummy); - if ((ecx & SEFF0ECX_PKU) && - (cpu_ecxfeature & CPUIDECX_HV) == 0) { + if (ecx & SEFF0ECX_PKU) { lcr4(rcr4() | CR4_PKE); + uvm_xonlymmu = 1; pg_xo = PG_XO; } }