On Sat, Aug 02, 2025 at 06:48:45PM +0200, Hans-Jörg Höxer wrote:
> Hi,
>
> when running on Linux/KVM with SEV-ES enabled, writes to dr[67] raise a
> #VC trap.  We have no means to emulate writes to dr[67] unsing the MSR
> protocol.  Thus skip these instructions, when #VC is raised in locore0.
>
> Take care,
> HJ.
> -------------------------------------------------------------------------------

ok mlarkin


> commit a828cde1a3afe67870b45225aa08ea253e00030c
> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> Date:   Wed Jul 2 18:52:34 2025 +0200
>
>     SEV-ES: Handle #VC in locore0 due to dr[67] write intercepts
>
>     When running on Linux/KVM with SEV-ES enabled, writes to dr[67]
>     raise a #VC trap.  We have no means to emulate writes to dr[67]
>     unsing the MSR protocol.  Thus skip these instructions, when #VC
>     is raised in locore0.
>
>     On vmm(4)/vmd(8) we are runnign in compat mode and writes to dr[67]
>     are not intercepted; thus only adjust the 32-bit case.
>
> diff --git a/sys/arch/amd64/amd64/locore0.S b/sys/arch/amd64/amd64/locore0.S
> index 11e3458603a..4d7374324f6 100644
> --- a/sys/arch/amd64/amd64/locore0.S
> +++ b/sys/arch/amd64/amd64/locore0.S
> @@ -916,6 +916,11 @@ locore_vc_trap32:
>  	pushl	%ecx
>  	pushl	%edx
>
> +	cmpl	$SVM_VMEXIT_DR6_WRITE, 16(%esp)
> +	je	.Lskip_movdb32
> +	cmpl	$SVM_VMEXIT_DR7_WRITE, 16(%esp)
> +	je	.Lskip_movdb32
> +
>  	cmpl	$SVM_VMEXIT_CPUID, 16(%esp)
>  	jne	.Lterminate32
>
> @@ -942,7 +947,16 @@ locore_vc_trap32:
>  	popl	%ebx
>  	popl	%eax
>  	addl	$4, %esp
> -	addl	$2, (%esp)
> +	addl	$2, (%esp)		/* skip cpuid */
> +	iret
> +
> +.Lskip_movdb32:
> +	popl	%edx
> +	popl	%ecx
> +	popl	%ebx
> +	popl	%eax
> +	addl	$4, %esp
> +	addl	$3, (%esp)		/* skip mov,%db */
>  	iret
>
>  .Lterminate32: