From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: SEV support in vmm breaking Intel VMX guests
To: Dave Voutila <dv@sisu.io>
Cc: tech@openbsd.org, Alexandre Ratchov <ratchov@openbsd.org>, Moritz Buhl <mbuhl@openbsd.org>, Hans-Joerg Hoexer <hshoexer@genua.de>
Date: Wed, 04 Sep 2024 07:59:00 -0600

Dave Voutila <dv@sisu.io> wrote:

> ratchov@ found and bisected the issue and we're incorrectly advertising
> capabilities to Intel guests that most likely do not exist. This value
> shouldn't be hardcoded, regardless. Apparently Linux guests on older
> Intel hardware will start doing naughty things and panic/reboot.

[...]

> @@ -59,6 +59,8 @@ void *l1tf_flush_region;
>  				vcpu_vmx_check_cap(x, IA32_VMX_##y ##_CTLS, \
>  				IA32_VMX_##z, 0) ? "Yes" : "No");
> 
> +#define MIN(a,b)	(((a)<(b))?(a):(b))

If I am not mistaken, this is already provided by sys/param.h