On Thu, Jul 03, 2025 at 01:41:57PM +0200, Hans-Jörg Höxer wrote:
> Hi,
>
> On Wed, Jul 02, 2025 at 11:46:38AM -0700, Mike Larkin wrote:
> > > @@ -357,6 +359,8 @@ vctrap(struct trapframe *frame)
> > >  		break;
> > >  	    }
> > >  	case SVM_VMEXIT_IOIO: {
> > > +		if (user)
> > > +			return 0;	/* not allowed from userspace */
> >
> > Does this not break cases that use the IOPB for port access from usermode?
>
> yes, it does break usermode IO access.  Right now I'd like to avoid
> supporting usermode IO access.
>
> If we need that in the future, we can implement supoort.  This would
> involve taking mechanisms like SMAP into account and more elaborate
> IO emulation.
>

probably doesn't really need to be implemented right now, as both of you
point out. Makes sense.

-ml


> > >  		switch (*rip) {
> > >  		case 0x66: {
> > >  			switch (*(rip + 1)) {
> > > @@ -505,7 +509,7 @@ kerntrap(struct trapframe *frame)
> > >  #endif /* NISA > 0 */
> > >
> > >  	case T_VC:
> > > -		if (vctrap(frame))
> > > +		if (vctrap(frame, 0))
> > >  			return;
> > >  		goto we_re_toast;
> > >  	}
> > > @@ -588,9 +592,11 @@ usertrap(struct trapframe *frame)
> > >  		    : ILL_BADSTK;
> > >  		break;
> > >  	case T_VC:
> > > -		vctrap(frame);
> > > -		goto out;
> > > -
> > > +		if (vctrap(frame, 1))
> > > +			goto out;
> > > +		sig = SIGILL;
> > > +		code = ILL_PRVOPC;
> > > +		break;
> > >  	case T_PAGEFLT:			/* page fault */
> > >  		if (!uvm_map_inentry(p, &p->p_spinentry, PROC_STACK(p),
> > >  		    "[%s]%d/%d sp=%lx inside %lx-%lx: not MAP_STACK\n",
> > > diff --git a/sys/arch/amd64/amd64/vector.S b/sys/arch/amd64/amd64/vector.S
> > > index 59823862c18..4181ab216d0 100644
> > > --- a/sys/arch/amd64/amd64/vector.S
> > > +++ b/sys/arch/amd64/amd64/vector.S
> > > @@ -553,6 +553,7 @@ IDTVEC(vctrap_early)
> > >  	TRAP_ENTRY_KERN		/* early #VC has to be in kernel mode */
> > >  	cld
> > >  	movq	%rsp, %rdi
> > > +	movq	$0x0, %rsi
> > >  	call	vctrap
> > >  	movq	$0,-8(%rsp)
> > >  	INTRFASTEXIT
> >
> >