Dave Voutila <dv@sisu.io> writes:

> ratchov@ found and bisected the issue and we're incorrectly advertising
> capabilities to Intel guests that most likely do not exist. This value
> shouldn't be hardcoded, regardless. Apparently Linux guests on older
> Intel hardware will start doing naughty things and panic/reboot.
>
> mbuhl: I'm guessing this affected your machine, too.
>
> In practice, no vmm-capable host should have a value < 0x80000008 here,
> but we currently don't emulate anything beyond 0x8000001f so this should
> at least be capped.
>
> We should be using more of an allow-list of feature bits for some of
> this SEV stuff, but that's a separate concern.
>

As pointed out by deraadt@, MIN() is already defined in sys/param.h.


diff refs/heads/master refs/heads/vmm-cpuid-sev
commit - 98bc733b08604094f4138174a0ee0bb9faaca4bd
commit + 3a97ccb5bf35e9482ac906670bc6603f018c3f0a
blob - 0e8e2a526454e064ce45b2b64fb7ff16f0508189
blob + d53361d577792b005189f6fae63b96378e476840
--- sys/arch/amd64/amd64/vmm_machdep.c
+++ sys/arch/amd64/amd64/vmm_machdep.c
@@ -6282,7 +6282,8 @@ vmm_handle_cpuid(struct vcpu *vcpu)
 		*rdx = 0;
 		break;
 	case 0x80000000:	/* Extended function level */
-		*rax = 0x8000001f; /* curcpu()->ci_pnfeatset */
+		/* We don't emulate past 0x8000001f currently. */
+		*rax = MIN(curcpu()->ci_pnfeatset, 0x8000001f);
 		*rbx = 0;
 		*rcx = 0;
 		*rdx = 0;