CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/06/27 11:23:49
Modified files:
sys/arch/amd64/amd64: ghcb.c locore0.S machdep.c trap.c vector.S
sys/arch/amd64/include: cpufunc.h ghcb.h segments.h
Log message:
Allocate GHCB and handle #VC trap early in AMD SEV-ES guest.
When the kernel runs as SEV-ES guest, claim two pages to be used
for GHCB communication with vmm(4). As the guest wants to share
these two pages with vmm(4) host, re-map them as plain text. Do
this as soon as we reach long mode.
Arriving in init_x86_64(), reset the IDT used during locore0 and
install a new #VC trap handler. This is the actual handler the
kernel will use from now on. However, as we are not fully up and
running yet, use a simple and kernel-only entry stub for the #VC
exception. At the end of early bootstrap, init_x86_64() will install
the actual and final IDT.
For now this will reset and disable the #VC handler. Therefore,
SEV-ES enabled guest are not working yet.
The #VC handler vctrap() is also hooked into kerntrap() and usertrap().
Communication with vmm(4) using the GHCB protocol is also ready.
However, the actual handling of cpuid, in/out, wrmsr/rdmsr is left
out for now. Again, SEV-ES enabled guest are not working yet.
from hshoexer@; OK mlarkin@
