From f362d116c78078fc5658fb93c9f0d8f4c0db15e1 Mon Sep 17 00:00:00 2001
From: dv <dv@openbsd.org>
Date: Sun, 16 Apr 2023 01:50:12 +0000
Subject: [PATCH] vmm(4): save and restore Intel CET state on vm entry/exit.

---
 sys/arch/amd64/amd64/vmm.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sys/arch/amd64/amd64/vmm.c b/sys/arch/amd64/amd64/vmm.c
index d8c8abc96f3..8db981f1b81 100644
--- a/sys/arch/amd64/amd64/vmm.c
+++ b/sys/arch/amd64/amd64/vmm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmm.c,v 1.337 2023/01/30 14:05:36 dv Exp $	*/
+/*	$OpenBSD: vmm.c,v 1.338 2023/04/16 01:50:12 dv Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -3192,6 +3192,11 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs)
 		ctrlval = vcpu->vc_vmx_exit_ctls;
 	}
 
+	if (rcr4() & CR4_CET)
+		want1 |= IA32_VMX_LOAD_HOST_CET_STATE;
+	else
+		want0 |= IA32_VMX_LOAD_HOST_CET_STATE;
+
 	if (vcpu_vmx_compute_ctrl(ctrlval, ctrl, want1, want0, &exit)) {
 		DPRINTF("%s: error computing exit controls\n", __func__);
 		ret = EINVAL;
@@ -3231,6 +3236,11 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs)
 		ctrlval = vcpu->vc_vmx_entry_ctls;
 	}
 
+	if (rcr4() & CR4_CET)
+		want1 |= IA32_VMX_LOAD_GUEST_CET_STATE;
+	else
+		want0 |= IA32_VMX_LOAD_GUEST_CET_STATE;
+
 	if (vcpu_vmx_compute_ctrl(ctrlval, ctrl, want1, want0, &entry)) {
 		ret = EINVAL;
 		goto exit;
-- 
2.20.1