From 159fde136b98719c58737948f2e7fbf648c1c470 Mon Sep 17 00:00:00 2001
From: dv <dv@openbsd.org>
Date: Mon, 24 Apr 2023 16:53:57 +0000
Subject: [PATCH] vmm(4): allow guests to enable and use supervisor IBT.

Why should hosts have all the fun? Conditionally unmask the cpuid
bits for IBT and allow r/w access to the supervisor CET msr.

Will need revisiting when we introduce usage of userland CET msr.

ok marlkin@
---
 sys/arch/amd64/amd64/vmm.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sys/arch/amd64/amd64/vmm.c b/sys/arch/amd64/amd64/vmm.c
index 22dce4e0294..42ac8007029 100644
--- a/sys/arch/amd64/amd64/vmm.c
+++ b/sys/arch/amd64/amd64/vmm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmm.c,v 1.339 2023/04/22 18:27:28 guenther Exp $	*/
+/*	$OpenBSD: vmm.c,v 1.340 2023/04/24 16:53:57 dv Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -3519,6 +3519,10 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs)
 	vmx_setmsrbr(vcpu, MSR_MISC_ENABLE);
 	vmx_setmsrbr(vcpu, MSR_TSC);
 
+	/* If host supports CET, pass through access to the guest. */
+	if (rcr4() | CR4_CET)
+		vmx_setmsrbrw(vcpu, MSR_S_CET);
+
 	/* XXX CR0 shadow */
 	/* XXX CR4 shadow */
 
@@ -7053,6 +7057,12 @@ vmm_handle_cpuid(struct vcpu *vcpu)
 				*rcx |= SEFF0ECX_PKU;
 			else
 				*rcx &= ~SEFF0ECX_PKU;
+
+			/* Expose IBT bit if we've enabled CET on the host. */
+			if (rcr4() | CR4_CET)
+				*rdx |= SEFF0EDX_IBT;
+			else
+				*rdx &= ~SEFF0EDX_IBT;
 		} else {
 			/* Unsupported subleaf */
 			DPRINTF("%s: function 0x07 (SEFF) unsupported subleaf "
-- 
2.20.1