OS-6676 bhyve intr handling should be KPTI-friendly

Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Jerry Jelinek <jerry.jelinek@joyent.com>

2 files changed, 10 insertions, 16 deletions

diff --git a/usr/src/uts/i86pc/io/vmm/intel/vmx.c b/usr/src/uts/i86pc/io/vmm/intel/vmx.c
index 2689766193..71a4f7b0fc 100644
--- a/usr/src/uts/i86pc/io/vmm/intel/vmx.c
+++ b/usr/src/uts/i86pc/io/vmm/intel/vmx.c
@@ -838,19 +838,8 @@ vmx_trigger_hostintr(int vector)
 	func = ((long)gd->gd_hioffset << 16 | gd->gd_looffset);
 	vmx_call_isr(func);
 #else
-	uintptr_t func;
-	gate_desc_t *dp;
-
 	VERIFY(vector >= 32 && vector <= 255);
-	dp = &CPU->cpu_m.mcpu_idt[vector];
-
-	VERIFY(dp->sgd_ist == 0);
-	VERIFY(dp->sgd_p == 1);
-
-	func = (((uint64_t)dp->sgd_hi64offset << 32) |
-	    ((uint64_t)dp->sgd_hioffset << 16) |
-	    dp->sgd_looffset);
-	vmx_call_isr(func);
+	vmx_call_isr(vector - 32);
 #endif /* __FreeBSD__ */
 }
 
diff --git a/usr/src/uts/i86pc/io/vmm/intel/vmx_support.s b/usr/src/uts/i86pc/io/vmm/intel/vmx_support.s
index 8efa3ed172..b97df10b68 100644
--- a/usr/src/uts/i86pc/io/vmm/intel/vmx_support.s
+++ b/usr/src/uts/i86pc/io/vmm/intel/vmx_support.s
@@ -283,10 +283,10 @@ ALTENTRY(vmx_exit_guest)
 SET_SIZE(vmx_enter_guest)
 
 /*
- * %rdi = interrupt handler entry point
+ * %rdi = trapno
  *
- * Calling sequence described in the "Instruction Set Reference" for the "INT"
- * instruction in Intel SDM, Vol 2.
+ * We need to do enough to convince cmnint - and its iretting tail - that we're
+ * a legit interrupt stack frame.
  */
 ENTRY_NP(vmx_call_isr)
 	pushq	%rbp
@@ -297,8 +297,13 @@ ENTRY_NP(vmx_call_isr)
 	pushq	%r11		/* %rsp */
 	pushfq			/* %rflags */
 	pushq	$KCS_SEL	/* %cs */
+	leaq	.iret_dest(%rip), %rcx
+	pushq	%rcx		/* %rip */
+	pushq	$0		/* err */
+	pushq	%rdi		/* trapno */
 	cli
-	call	*%rdi		/* %rip (and call) */
+	jmp	cmnint		/* %rip (and call) */
+.iret_dest:
 	popq	%rbp
 	ret
 SET_SIZE(vmx_call_isr)