From: Mike Larkin <mlarkin@nested.page>
Subject: Re: SEV-ES: vmm(4): GHCB MSR protocol for guest termination
To: tech@openbsd.org
Date: Tue, 20 May 2025 17:59:04 -0700

On Tue, May 20, 2025 at 02:05:36PM +0200, Hans-Jörg Höxer wrote:
> Hi,
>
> the last diff for vmm(4):
>
>     Another service requested by a SEV-ES enabled guest through the
>     GHCB MSR protocol is guest termination.
>
> With this, vmm(4) will be able to run a SEV-ES enabled guest.  Next step
> will be some small diffs for vmd(8) to configure and enable SEV-ES guests.
>
> The final series of diffs will provide the guest side changes for SEV-ES.
>
> Take care,
> HJ.
>

ok mlarkin


> ----------------------------------------------------------------------------
> commit b05e41c5c2fcc16fc61888a07fd323896d83c9b6
> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> Date:   Thu Jan 16 12:08:31 2025 +0100
>
>     vmm(4): GHCB MSR protocol for guest termination
>
>     Another service requested by a SEV-ES enabled guest through the
>     GHCB MSR protocol is guest termination.
>
> diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c
> index 2e90b7340f2..defbc47de2a 100644
> --- a/sys/arch/amd64/amd64/vmm_machdep.c
> +++ b/sys/arch/amd64/amd64/vmm_machdep.c
> @@ -4537,8 +4537,11 @@ svm_handle_gexit(struct vcpu *vcpu)
>  		 */
>  		req = (vmcb->v_ghcb_gpa & 0xffffffff);
>
> -		/* we only support cpuid */
> -		if ((req & ~PG_FRAME) != MSR_PROTO_CPUID_REQ)
> +		/* We only support cpuid and terminate. */
> +		if ((req & ~PG_FRAME) == MSR_PROTO_TERMINATE) {
> +			DPRINTF("%s: guest requests termination\n", __func__);
> +			return (1);
> +		} else if ((req & ~PG_FRAME) != MSR_PROTO_CPUID_REQ)
>  			return (EINVAL);
>
>  		/* Emulate CPUID */