On Wed, Sep 04, 2024 at 10:10:43AM -0400, Dave Voutila wrote:
> 
> Dave Voutila <dv@sisu.io> writes:
> 
> > ratchov@ found and bisected the issue and we're incorrectly advertising
> > capabilities to Intel guests that most likely do not exist. This value
> > shouldn't be hardcoded, regardless. Apparently Linux guests on older
> > Intel hardware will start doing naughty things and panic/reboot.
> >
> > mbuhl: I'm guessing this affected your machine, too.
> >
> > In practice, no vmm-capable host should have a value < 0x80000008 here,
> > but we currently don't emulate anything beyond 0x8000001f so this should
> > at least be capped.
> >
> > We should be using more of an allow-list of feature bits for some of
> > this SEV stuff, but that's a separate concern.
> >
> 
> As pointed out by deraadt@, MIN() is already defined in sys/param.h.

Or use min(9) to avoid double evaluation of arguments?

Host:
cpu0: AMD EPYC 3151 4-Core Processor, 2700.00 MHz, 17-01-02, patch 0800126f
cpu0: cpuid 8000001F eax=f<SME,SEV,PFLUSH_MSR,SEVES> ecx=f edx=1
Guest:
cpu0: AMD EPYC 3151 4-Core Processor, 2700.01 MHz, 17-01-02
cpu0: cpuid 8000001F eax=f<SME,SEV,PFLUSH_MSR,SEVES> ecx=f edx=1

SEV still passed to guest.  OK bluhm@

> diff refs/heads/master refs/heads/vmm-cpuid-sev
> commit - 98bc733b08604094f4138174a0ee0bb9faaca4bd
> commit + 3a97ccb5bf35e9482ac906670bc6603f018c3f0a
> blob - 0e8e2a526454e064ce45b2b64fb7ff16f0508189
> blob + d53361d577792b005189f6fae63b96378e476840
> --- sys/arch/amd64/amd64/vmm_machdep.c
> +++ sys/arch/amd64/amd64/vmm_machdep.c
> @@ -6282,7 +6282,8 @@ vmm_handle_cpuid(struct vcpu *vcpu)
>  		*rdx = 0;
>  		break;
>  	case 0x80000000:	/* Extended function level */
> -		*rax = 0x8000001f; /* curcpu()->ci_pnfeatset */
> +		/* We don't emulate past 0x8000001f currently. */
> +		*rax = MIN(curcpu()->ci_pnfeatset, 0x8000001f);
>  		*rbx = 0;
>  		*rcx = 0;
>  		*rdx = 0;