vmd: Allow only upward migration

This restricts receiving vms from hosts with more cpu features.

Tested on
broadwell -> skylake (works)
skylake -> broadwell (don't work)

ok mlarkin@

2 files changed, 70 insertions, 67 deletions

diff --git a/sys/arch/amd64/amd64/vmm.c b/sys/arch/amd64/amd64/vmm.c
index 5262b37b949..fb8303c5e1c 100644
--- a/sys/arch/amd64/amd64/vmm.c
+++ b/sys/arch/amd64/amd64/vmm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmm.c,v 1.167 2017/08/20 05:14:16 mlarkin Exp $	*/
+/*	$OpenBSD: vmm.c,v 1.168 2017/08/20 21:15:32 pd Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -5379,41 +5379,8 @@ vmm_handle_cpuid(struct vcpu *vcpu)
 		/* mask off host's APIC ID, reset to vcpu id */
 		*rbx = cpu_ebxfeature & 0x0000FFFF;
 		*rbx |= (vcpu->vc_id & 0xFF) << 24;
-		/*
-		 * clone host capabilities minus:
-		 *  debug store (CPUIDECX_DTES64, CPUIDECX_DSCPL, CPUID_DS)
-		 *  monitor/mwait (CPUIDECX_MWAIT)
-		 *  vmx (CPUIDECX_VMX)
-		 *  smx (CPUIDECX_SMX)
-		 *  speedstep (CPUIDECX_EST)
-		 *  thermal (CPUIDECX_TM2, CPUID_ACPI, CPUID_TM)
-		 *  context id (CPUIDECX_CNXTID)
-		 *  silicon debug (CPUIDECX_SDBG)
-		 *  xTPR (CPUIDECX_XTPR)
-		 *  perf/debug (CPUIDECX_PDCM)
-		 *  pcid (CPUIDECX_PCID)
-		 *  direct cache access (CPUIDECX_DCA)
-		 *  x2APIC (CPUIDECX_X2APIC)
-		 *  apic deadline (CPUIDECX_DEADLINE)
-		 *  apic (CPUID_APIC)
-		 *  psn (CPUID_PSN)
-		 *  self snoop (CPUID_SS)
-		 *  hyperthreading (CPUID_HTT)
-		 *  pending break enabled (CPUID_PBE)
-		 *  MTRR (CPUID_MTRR)
-		 * plus:
-		 *  hypervisor (CPUIDECX_HV)
-		 */
-		*rcx = (cpu_ecxfeature | CPUIDECX_HV) &
-		    ~(CPUIDECX_EST | CPUIDECX_TM2 | CPUIDECX_MWAIT |
-		    CPUIDECX_PDCM | CPUIDECX_VMX | CPUIDECX_DTES64 |
-		    CPUIDECX_DSCPL | CPUIDECX_SMX | CPUIDECX_CNXTID |
-		    CPUIDECX_SDBG | CPUIDECX_XTPR | CPUIDECX_PCID |
-		    CPUIDECX_DCA | CPUIDECX_X2APIC | CPUIDECX_DEADLINE);
-		*rdx = curcpu()->ci_feature_flags &
-		    ~(CPUID_ACPI | CPUID_TM | CPUID_HTT |
-		      CPUID_DS | CPUID_APIC | CPUID_PSN |
-		      CPUID_SS | CPUID_PBE | CPUID_MTRR);
+		*rcx = (cpu_ecxfeature | CPUIDECX_HV) & VMM_CPUIDECX_MASK;
+		*rdx = curcpu()->ci_feature_flags & VMM_CPUIDEDX_MASK;
 		break;
 	case 0x02:	/* Cache and TLB information */
 		*rax = eax;
@@ -5461,37 +5428,9 @@ vmm_handle_cpuid(struct vcpu *vcpu)
 		break;
 	case 0x07:	/* SEFF */
 		if (*rcx == 0) {
-			/*
-			 * SEFF flags - copy from host minus:
-			 *  SGX (SEFF0EBX_SGX)
-			 *  HLE (SEFF0EBX_HLE)
-			 *  INVPCID (SEFF0EBX_INVPCID)
-			 *  RTM (SEFF0EBX_RTM)
-			 *  PQM (SEFF0EBX_PQM)
-			 *  AVX512F (SEFF0EBX_AVX512F)
-			 *  AVX512DQ (SEFF0EBX_AVX512DQ)
-			 *  AVX512IFMA (SEFF0EBX_AVX512IFMA)
-			 *  AVX512PF (SEFF0EBX_AVX512PF)
-			 *  AVX512ER (SEFF0EBX_AVX512ER)
-			 *  AVX512CD (SEFF0EBX_AVX512CD)
-			 *  AVX512BW (SEFF0EBX_AVX512BW)
-			 *  AVX512VL (SEFF0EBX_AVX512VL)
-			 *  MPX (SEFF0EBX_MPX)
-			 *  PCOMMIT (SEFF0EBX_PCOMMIT)
-			 *  PT (SEFF0EBX_PT)
-			 *  AVX512VBMI (SEFF0ECX_AVX512VBMI)
-			 */
 			*rax = 0;	/* Highest subleaf supported */
-			*rbx = curcpu()->ci_feature_sefflags_ebx &
-			    ~(SEFF0EBX_SGX | SEFF0EBX_HLE | SEFF0EBX_INVPCID |
-			      SEFF0EBX_RTM | SEFF0EBX_PQM | SEFF0EBX_MPX |
-			      SEFF0EBX_PCOMMIT | SEFF0EBX_PT |
-			      SEFF0EBX_AVX512F | SEFF0EBX_AVX512DQ |
-			      SEFF0EBX_AVX512IFMA | SEFF0EBX_AVX512PF |
-			      SEFF0EBX_AVX512ER | SEFF0EBX_AVX512CD |
-			      SEFF0EBX_AVX512BW | SEFF0EBX_AVX512VL);
-			*rcx = curcpu()->ci_feature_sefflags_ecx &
-			    ~(SEFF0ECX_AVX512VBMI);
+			*rbx = curcpu()->ci_feature_sefflags_ebx & VMM_SEFF0EBX_MASK;
+			*rcx = curcpu()->ci_feature_sefflags_ecx & VMM_SEFF0ECX_MASK;
 			*rdx = 0;
 		} else {
 			/* Unsupported subleaf */
diff --git a/sys/arch/amd64/include/vmmvar.h b/sys/arch/amd64/include/vmmvar.h
index 4dddc8bf354..4847fa3defa 100644
--- a/sys/arch/amd64/include/vmmvar.h
+++ b/sys/arch/amd64/include/vmmvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmmvar.h,v 1.46 2017/08/14 18:29:41 mlarkin Exp $	*/
+/*	$OpenBSD: vmmvar.h,v 1.47 2017/08/20 21:15:32 pd Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -505,6 +505,70 @@ struct vm_rwregs_params {
 #define VMM_IOC_READREGS _IOWR('V', 7, struct vm_rwregs_params) /* Get registers */
 #define VMM_IOC_WRITEREGS _IOW('V', 8, struct vm_rwregs_params) /* Set registers */
 
+
+/* CPUID masks */
+/*
+ * clone host capabilities minus:
+ *  debug store (CPUIDECX_DTES64, CPUIDECX_DSCPL, CPUID_DS)
+ *  monitor/mwait (CPUIDECX_MWAIT)
+ *  vmx (CPUIDECX_VMX)
+ *  smx (CPUIDECX_SMX)
+ *  speedstep (CPUIDECX_EST)
+ *  thermal (CPUIDECX_TM2, CPUID_ACPI, CPUID_TM)
+ *  context id (CPUIDECX_CNXTID)
+ *  silicon debug (CPUIDECX_SDBG)
+ *  xTPR (CPUIDECX_XTPR)
+ *  perf/debug (CPUIDECX_PDCM)
+ *  pcid (CPUIDECX_PCID)
+ *  direct cache access (CPUIDECX_DCA)
+ *  x2APIC (CPUIDECX_X2APIC)
+ *  apic deadline (CPUIDECX_DEADLINE)
+ *  apic (CPUID_APIC)
+ *  psn (CPUID_PSN)
+ *  self snoop (CPUID_SS)
+ *  hyperthreading (CPUID_HTT)
+ *  pending break enabled (CPUID_PBE)
+ *  MTRR (CPUID_MTRR)
+ */
+#define VMM_CPUIDECX_MASK ~(CPUIDECX_EST | CPUIDECX_TM2 | CPUIDECX_MWAIT | \
+    CPUIDECX_PDCM | CPUIDECX_VMX | CPUIDECX_DTES64 | \
+    CPUIDECX_DSCPL | CPUIDECX_SMX | CPUIDECX_CNXTID | \
+    CPUIDECX_SDBG | CPUIDECX_XTPR | CPUIDECX_PCID | \
+    CPUIDECX_DCA | CPUIDECX_X2APIC | CPUIDECX_DEADLINE)
+#define VMM_CPUIDEDX_MASK ~(CPUID_ACPI | CPUID_TM | \
+    CPUID_HTT | CPUID_DS | CPUID_APIC | \
+    CPUID_PSN | CPUID_SS | CPUID_PBE | \
+    CPUID_MTRR)
+
+/*
+ * SEFF flags - copy from host minus:
+ *  SGX (SEFF0EBX_SGX)
+ *  HLE (SEFF0EBX_HLE)
+ *  INVPCID (SEFF0EBX_INVPCID)
+ *  RTM (SEFF0EBX_RTM)
+ *  PQM (SEFF0EBX_PQM)
+ *  AVX512F (SEFF0EBX_AVX512F)
+ *  AVX512DQ (SEFF0EBX_AVX512DQ)
+ *  AVX512IFMA (SEFF0EBX_AVX512IFMA)
+ *  AVX512PF (SEFF0EBX_AVX512PF)
+ *  AVX512ER (SEFF0EBX_AVX512ER)
+ *  AVX512CD (SEFF0EBX_AVX512CD)
+ *  AVX512BW (SEFF0EBX_AVX512BW)
+ *  AVX512VL (SEFF0EBX_AVX512VL)
+ *  MPX (SEFF0EBX_MPX)
+ *  PCOMMIT (SEFF0EBX_PCOMMIT)
+ *  PT (SEFF0EBX_PT)
+ *  AVX512VBMI (SEFF0ECX_AVX512VBMI)
+ */
+#define VMM_SEFF0EBX_MASK ~(SEFF0EBX_SGX | SEFF0EBX_HLE | SEFF0EBX_INVPCID | \
+    SEFF0EBX_RTM | SEFF0EBX_PQM | SEFF0EBX_MPX | \
+    SEFF0EBX_PCOMMIT | SEFF0EBX_PT | \
+    SEFF0EBX_AVX512F | SEFF0EBX_AVX512DQ | \
+    SEFF0EBX_AVX512IFMA | SEFF0EBX_AVX512PF | \
+    SEFF0EBX_AVX512ER | SEFF0EBX_AVX512CD | \
+    SEFF0EBX_AVX512BW | SEFF0EBX_AVX512VL)
+#define VMM_SEFF0ECX_MASK ~(SEFF0ECX_AVX512VBMI)
+
 #ifdef _KERNEL
 
 #define VMX_FAIL_LAUNCH_UNKNOWN 1