From: Hans-Jörg Höxer <hshoexer@genua.de>
Subject: SEV-ES: vmm(4): GHCB MSR protocol for guest termination
To: <tech@openbsd.org>
Date: Tue, 20 May 2025 14:05:36 +0200

Hi,

the last diff for vmm(4):
    
    Another service requested by a SEV-ES enabled guest through the
    GHCB MSR protocol is guest termination.

With this, vmm(4) will be able to run a SEV-ES enabled guest.  Next step
will be some small diffs for vmd(8) to configure and enable SEV-ES guests.

The final series of diffs will provide the guest side changes for SEV-ES.

Take care,
HJ.

----------------------------------------------------------------------------
commit b05e41c5c2fcc16fc61888a07fd323896d83c9b6
Author: Hans-Joerg Hoexer <hshoexer@genua.de>
Date:   Thu Jan 16 12:08:31 2025 +0100

    vmm(4): GHCB MSR protocol for guest termination
    
    Another service requested by a SEV-ES enabled guest through the
    GHCB MSR protocol is guest termination.

diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c
index 2e90b7340f2..defbc47de2a 100644
--- a/sys/arch/amd64/amd64/vmm_machdep.c
+++ b/sys/arch/amd64/amd64/vmm_machdep.c
@@ -4537,8 +4537,11 @@ svm_handle_gexit(struct vcpu *vcpu)
 		 */
 		req = (vmcb->v_ghcb_gpa & 0xffffffff);
 
-		/* we only support cpuid */
-		if ((req & ~PG_FRAME) != MSR_PROTO_CPUID_REQ)
+		/* We only support cpuid and terminate. */
+		if ((req & ~PG_FRAME) == MSR_PROTO_TERMINATE) {
+			DPRINTF("%s: guest requests termination\n", __func__);
+			return (1);
+		} else if ((req & ~PG_FRAME) != MSR_PROTO_CPUID_REQ)
 			return (EINVAL);
 
 		/* Emulate CPUID */