2 files changed, 31 insertions, 5 deletions

diff --git a/pkg/sentry/platform/ring0/kernel_amd64.go b/pkg/sentry/platform/ring0/kernel_amd64.go
index 117e86104..0d2b0f7dc 100644
--- a/pkg/sentry/platform/ring0/kernel_amd64.go
+++ b/pkg/sentry/platform/ring0/kernel_amd64.go
@@ -163,7 +163,6 @@ func IsCanonical(addr uint64) bool {
 // the case for amd64, but may not be the case for other architectures.
 //
 // Precondition: the Rip, Rsp, Fs and Gs registers must be canonical.
-
 //
 //go:nosplit
 func (c *CPU) SwitchToUser(switchOpts SwitchOpts) (vector Vector) {
@@ -237,6 +236,27 @@ func start(c *CPU) {
 	wrmsr(_MSR_CSTAR, kernelFunc(sysenter))
 }
 
+// SetCPUIDFaulting sets CPUID faulting per the boolean value.
+//
+// True is returned if faulting could be set.
+//
+//go:nosplit
+func SetCPUIDFaulting(on bool) bool {
+	// Per the SDM (Vol 3, Table 2-43), PLATFORM_INFO bit 31 denotes support
+	// for CPUID faulting, and we enable and disable via the MISC_FEATURES MSR.
+	if rdmsr(_MSR_PLATFORM_INFO)&_PLATFORM_INFO_CPUID_FAULT != 0 {
+		features := rdmsr(_MSR_MISC_FEATURES)
+		if on {
+			features |= _MISC_FEATURE_CPUID_TRAP
+		} else {
+			features &^= _MISC_FEATURE_CPUID_TRAP
+		}
+		wrmsr(_MSR_MISC_FEATURES, features)
+		return true // Setting successful.
+	}
+	return false
+}
+
 // ReadCR2 reads the current CR2 value.
 //
 //go:nosplit
diff --git a/pkg/sentry/platform/ring0/x86.go b/pkg/sentry/platform/ring0/x86.go
index 3d437a77c..f489fcecb 100644
--- a/pkg/sentry/platform/ring0/x86.go
+++ b/pkg/sentry/platform/ring0/x86.go
@@ -50,10 +50,16 @@ const (
 	_EFER_LMA = 0x400
 	_EFER_NX  = 0x800
 
-	_MSR_STAR         = 0xc0000081
-	_MSR_LSTAR        = 0xc0000082
-	_MSR_CSTAR        = 0xc0000083
-	_MSR_SYSCALL_MASK = 0xc0000084
+	_MSR_STAR          = 0xc0000081
+	_MSR_LSTAR         = 0xc0000082
+	_MSR_CSTAR         = 0xc0000083
+	_MSR_SYSCALL_MASK  = 0xc0000084
+	_MSR_PLATFORM_INFO = 0xce
+	_MSR_MISC_FEATURES = 0x140
+
+	_PLATFORM_INFO_CPUID_FAULT = 1 << 31
+
+	_MISC_FEATURE_CPUID_TRAP = 0x1
 )
 
 const (