From: Hans-Jörg Höxer <hshoexer@genua.de>
Subject: SEV-ES: Handle #VC in locore0 due to dr[67] write intercepts
To: <tech@openbsd.org>
Date: Sat, 2 Aug 2025 18:48:45 +0200

Hi,

when running on Linux/KVM with SEV-ES enabled, writes to dr[67] raise a
#VC trap.  We have no means to emulate writes to dr[67] unsing the MSR
protocol.  Thus skip these instructions, when #VC is raised in locore0.

Take care,
HJ.
-------------------------------------------------------------------------------
commit a828cde1a3afe67870b45225aa08ea253e00030c
Author: Hans-Joerg Hoexer <hshoexer@genua.de>
Date:   Wed Jul 2 18:52:34 2025 +0200

    SEV-ES: Handle #VC in locore0 due to dr[67] write intercepts
    
    When running on Linux/KVM with SEV-ES enabled, writes to dr[67]
    raise a #VC trap.  We have no means to emulate writes to dr[67]
    unsing the MSR protocol.  Thus skip these instructions, when #VC
    is raised in locore0.
    
    On vmm(4)/vmd(8) we are runnign in compat mode and writes to dr[67]
    are not intercepted; thus only adjust the 32-bit case.

diff --git a/sys/arch/amd64/amd64/locore0.S b/sys/arch/amd64/amd64/locore0.S
index 11e3458603a..4d7374324f6 100644
--- a/sys/arch/amd64/amd64/locore0.S
+++ b/sys/arch/amd64/amd64/locore0.S
@@ -916,6 +916,11 @@ locore_vc_trap32:
 	pushl	%ecx
 	pushl	%edx
 
+	cmpl	$SVM_VMEXIT_DR6_WRITE, 16(%esp)
+	je	.Lskip_movdb32
+	cmpl	$SVM_VMEXIT_DR7_WRITE, 16(%esp)
+	je	.Lskip_movdb32
+
 	cmpl	$SVM_VMEXIT_CPUID, 16(%esp)
 	jne	.Lterminate32
 
@@ -942,7 +947,16 @@ locore_vc_trap32:
 	popl	%ebx
 	popl	%eax
 	addl	$4, %esp
-	addl	$2, (%esp)
+	addl	$2, (%esp)		/* skip cpuid */
+	iret
+
+.Lskip_movdb32:
+	popl	%edx
+	popl	%ecx
+	popl	%ebx
+	popl	%eax
+	addl	$4, %esp
+	addl	$3, (%esp)		/* skip mov,%db */
 	iret
 
 .Lterminate32: