From: Hans-Jörg Höxer <Hans-Joerg_Hoexer@genua.de>
Subject: AMD SEV 2/5: ccp(4): provide ioctl for guestshutdown
To: <tech@openbsd.org>, <mlarkin@nested.page>, <dv@sisu.io>, <alexander.bluhm@gmx.net>
Cc: <Hans-Joerg_Hoexer@genua.de>
Date: Wed, 28 Aug 2024 15:24:18 +0200

Hi,

this diff provides a new ioctl for simplified guest shutdown.  Will be
used by vmd(8).

Note:  The current ioctl of ccp directly map to actual commands to the
ccp/psp.  This new one combines two commands (deactive and decommission).
Therefore I choose to give it a ioctl number on the high end.  There might
be more ioctl like this one in the future.

Take care,
HJ.

---------------------------------------------------------------------------
commit 2ca5c48ca6b945017eb16f0a9bd9a333cb51b69c
Author: Hans-Joerg Hoexer <hshoexer@genua.de>
Date:   Tue Aug 13 17:36:21 2024 +0200

    ccp(4): provide ioctl for guestshutdown
    
    To shutdown a SEV-enabled guest, we have first to deactivate the
    guest context in ccp(4), then decommission the guest context.  To
    simplify guest shutdown combine these two operations in a single
    ioctl.  As this ioctl does not directly map to a single ccp command
    use a high number for this ioctl.  There will be more ioctls like
    this one.

diff --git a/sys/dev/ic/ccp.c b/sys/dev/ic/ccp.c
index 5981ae43450..05d39599276 100644
--- a/sys/dev/ic/ccp.c
+++ b/sys/dev/ic/ccp.c
@@ -563,6 +563,29 @@ psp_deactivate(struct psp_deactivate *udeact)
 	return (0);
 }
 
+int
+psp_guest_shutdown(struct psp_guest_shutdown *ugshutdown)
+{
+	struct psp_deactivate	deact;
+	struct psp_decommission	decom;
+	int			ret;
+
+	bzero(&deact, sizeof(deact));
+	deact.handle = ugshutdown->handle;
+	if ((ret = psp_deactivate(&deact)) != 0)
+		return (ret);
+
+	if ((ret = psp_df_flush()) != 0)
+		return (ret);
+
+	bzero(&decom, sizeof(decom));
+	decom.handle = ugshutdown->handle;
+	if ((ret = psp_decommission(&decom)) != 0)
+		return (ret);
+
+	return (0);
+}
+
 int
 psp_snp_get_pstatus(struct psp_snp_platform_status *ustatus)
 {
@@ -641,6 +664,9 @@ pspioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
 	case PSP_IOC_DEACTIVATE:
 		ret = psp_deactivate((struct psp_deactivate *)data);
 		break;
+	case PSP_IOC_GUEST_SHUTDOWN:
+		ret = psp_guest_shutdown((struct psp_guest_shutdown *)data);
+		break;
 	case PSP_IOC_SNP_GET_PSTATUS:
 		ret =
 		    psp_snp_get_pstatus((struct psp_snp_platform_status *)data);
diff --git a/sys/dev/ic/ccpvar.h b/sys/dev/ic/ccpvar.h
index 65efe847912..a42cb96167e 100644
--- a/sys/dev/ic/ccpvar.h
+++ b/sys/dev/ic/ccpvar.h
@@ -243,6 +243,11 @@ struct psp_init {
 } __packed;
 
 
+struct psp_guest_shutdown {
+	/* Input parameter for PSP_CMD_GUEST_SHUTDOWN */
+	uint32_t		handle;
+} __packed;
+
 /* Selection of PSP commands of the SEV-SNP ABI Version 1.55 */
 
 #define PSP_CMD_SNP_PLATFORMSTATUS	0x81
@@ -272,6 +277,7 @@ struct psp_snp_platform_status {
 #define PSP_IOC_ACTIVATE	_IOW('P', 9, struct psp_activate)
 #define PSP_IOC_DEACTIVATE	_IOW('P', 10, struct psp_deactivate)
 #define PSP_IOC_SNP_GET_PSTATUS	_IOR('P', 11, struct psp_snp_platform_status)
+#define PSP_IOC_GUEST_SHUTDOWN	_IOW('P', 255, struct psp_guest_shutdown)
 #endif	/* __amd64__ */
 
 #ifdef _KERNEL