On Tue, Nov 25, 2025 at 10:41:45AM +0100, Stefan Fritsch wrote:
> Hi,
>
> On Thu, 18 Sep 2025, Stefan Fritsch wrote:
> > one remaining problem with SEV-ES is that we don't support multiprocessor
>
> for multiprocessor support with SEV-ES, we need to handle WBINDV in the
> VC trap handler.
>
> This is the the first part of the larger diff that I have sent in the
> mail quoted above.
>
> ok?
>

I don't understand this. We're saying if the guest does a WBINVD, we inject that
back into the guest via a #VC, but then in the trap handler we ... do nothing?
We just advance %rip?

What happened to the guest's desired wbinvd/wbnoinvd?

see below

-ml

> Cheers,
> Stefan
>
>
> diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c
> index 0feb17cbdee..d953e6b54f5 100644
> --- a/sys/arch/amd64/amd64/trap.c
> +++ b/sys/arch/amd64/amd64/trap.c
> @@ -445,6 +445,16 @@ vctrap(struct trapframe *frame, int user, int *sig, int *code)
>  		}
>  		panic("unexpected MMIO in kernelspace");
>  		/* NOTREACHED */
> +	case SVM_VMEXIT_WBINVD:
> +		/*
> +		 * There is no special GHCB request for WBNOINVD.
> +		 * Signal WBINVD to emulate WBNOINVD.

where is the emulation being done?

> +		 */
> +		if (*rip == 0xf3)
> +			frame->tf_rip += 3;
> +		else
> +			frame->tf_rip += 2;
> +		break;
>  	default:
>  		panic("invalid exit code 0x%llx", ghcb_regs.exitcode);
>  	}
> --
> 2.39.5
>
>