From fbddb143adfdac0535cb24c50035f98acdd09915 Mon Sep 17 00:00:00 2001 From: dv Date: Thu, 19 Jan 2023 15:52:51 +0000 Subject: [PATCH] Restrict vmm(4) exposed cpuid extended feature flags. We don't emulate or support most of the EAX=7,ECX=0 feature bits, so restrict the mask further to just UMIP. ok deraadt@ --- sys/arch/amd64/include/vmmvar.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sys/arch/amd64/include/vmmvar.h b/sys/arch/amd64/include/vmmvar.h index 7897c777fc5..4a248ecad61 100644 --- a/sys/arch/amd64/include/vmmvar.h +++ b/sys/arch/amd64/include/vmmvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmmvar.h,v 1.86 2023/01/10 01:09:14 dv Exp $ */ +/* $OpenBSD: vmmvar.h,v 1.87 2023/01/19 15:52:51 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -662,7 +662,6 @@ struct vm_mprotect_ept_params { * MPX (SEFF0EBX_MPX) * PCOMMIT (SEFF0EBX_PCOMMIT) * PT (SEFF0EBX_PT) - * AVX512VBMI (SEFF0ECX_AVX512VBMI) */ #define VMM_SEFF0EBX_MASK ~(SEFF0EBX_TSC_ADJUST | SEFF0EBX_SGX | \ SEFF0EBX_HLE | SEFF0EBX_INVPCID | \ @@ -674,7 +673,7 @@ struct vm_mprotect_ept_params { SEFF0EBX_AVX512BW | SEFF0EBX_AVX512VL) /* ECX mask contains the bits to include */ -#define VMM_SEFF0ECX_MASK (SEFF0ECX_PREFETCHWT1 | SEFF0ECX_UMIP | SEFF0ECX_PKU) +#define VMM_SEFF0ECX_MASK (SEFF0ECX_UMIP) /* EDX mask contains the bits to include */ #define VMM_SEFF0EDX_MASK (SEFF0EDX_MD_CLEAR) -- 2.20.1