CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/01/15 05:11:51
Modified files:
sys/arch/amd64/amd64: ghcb.c
Log message:
In SEV-ES mode, guest userland is allowed to execute the vmgexit
instruction, although it has no control over the GHCB. Therefore,
it is important that the GHCB does not contain a valid request after
use.
In all "vmgexit paths" the GHCB is cleared by ghcb_sync_in() (it
calls ghcb_clear()) after returning from the hypervisor back into
the guest.
However, in _ghcb_mem_rw() I missed this when requesting MMIO writes
from the hypervisor. The diff below corrects this.
I want to keep this pattern in all vmgexit paths:
ghcb_sync_out
vmgexit
ghcb_verify_bm
ghcb_sync_in
Therefore, I shuffled some code around instead of just calling
vmgexit_clear() in the else branch.
ok mlarkin@
