CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/02/16 08:08:41
Modified files:
sys/arch/amd64/amd64: vmm_machdep.c
Log message:
vmm(4): Ignore VMGEXIT request and inject #UD
SEV guest userland processes are allowed to issue the vmgexit
instruction. However, guest userland has no access to the GHCB.
VMEXITs with exit reason SVM_VMEXIT_VMGEXIT initiated by the guest
kernel will always provide a valid GHCB request.
Moreover, as the guest kernel makes sure, that the GHCB contains
no request when guest userland is running, a rouge guest userland
process can only force repeated VMEXITs with an empty GHCB.
Therefore, in vmm(4)'s vmgexit handler inject #UD when the exit
reason is not updated with data from the GHCB and stays on
SVM_VMEXIT_VMGEXIT.
ok mlarkin@
