summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2024-09-01 19:25:07 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2024-09-01 19:25:07 +0000
commit0b6946c9308f5619cd6d263b45390b82e634a49b (patch)
treee0635c1ab81df6daaae3d08a93bbacd66bc18585 /sys
parenta9d3ff88975cb5047b8b79df01936a073d9bc4e9 (diff)
For AMD SEV provide ioctl(2) in cpp(4) to shutdown guest.
To shutdown a SEV-enabled guest, first deactivate the guest context in ccp(4), then decommission the guest context. Combine these two operations in a single ioctl to simplify guest shutdown for vmd(8). As this ioctl does not directly map to a single ccp command, use a high number for the ioctl. More ioctls like this one will come. from hshoexer@; OK mlarkin@
Diffstat (limited to 'sys')
-rw-r--r--sys/dev/ic/ccp.c29
-rw-r--r--sys/dev/ic/ccpvar.h8
2 files changed, 35 insertions, 2 deletions
diff --git a/sys/dev/ic/ccp.c b/sys/dev/ic/ccp.c
index 6829f81e50f..42ae5f8e7c2 100644
--- a/sys/dev/ic/ccp.c
+++ b/sys/dev/ic/ccp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ccp.c,v 1.8 2024/09/01 17:13:46 bluhm Exp $ */
+/* $OpenBSD: ccp.c,v 1.9 2024/09/01 19:25:06 bluhm Exp $ */
/*
* Copyright (c) 2018 David Gwynne <dlg@openbsd.org>
@@ -565,6 +565,29 @@ psp_deactivate(struct psp_deactivate *udeact)
}
int
+psp_guest_shutdown(struct psp_guest_shutdown *ugshutdown)
+{
+ struct psp_deactivate deact;
+ struct psp_decommission decom;
+ int ret;
+
+ bzero(&deact, sizeof(deact));
+ deact.handle = ugshutdown->handle;
+ if ((ret = psp_deactivate(&deact)) != 0)
+ return (ret);
+
+ if ((ret = psp_df_flush()) != 0)
+ return (ret);
+
+ bzero(&decom, sizeof(decom));
+ decom.handle = ugshutdown->handle;
+ if ((ret = psp_decommission(&decom)) != 0)
+ return (ret);
+
+ return (0);
+}
+
+int
psp_snp_get_pstatus(struct psp_snp_platform_status *ustatus)
{
struct ccp_softc *sc = ccp_softc;
@@ -642,6 +665,9 @@ pspioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
case PSP_IOC_DEACTIVATE:
ret = psp_deactivate((struct psp_deactivate *)data);
break;
+ case PSP_IOC_GUEST_SHUTDOWN:
+ ret = psp_guest_shutdown((struct psp_guest_shutdown *)data);
+ break;
case PSP_IOC_SNP_GET_PSTATUS:
ret =
psp_snp_get_pstatus((struct psp_snp_platform_status *)data);
@@ -668,6 +694,7 @@ pledge_ioctl_psp(struct proc *p, long com)
case PSP_IOC_LAUNCH_MEASURE:
case PSP_IOC_LAUNCH_FINISH:
case PSP_IOC_ACTIVATE:
+ case PSP_IOC_GUEST_SHUTDOWN:
return (0);
default:
return (pledge_fail(p, EPERM, PLEDGE_VMM));
diff --git a/sys/dev/ic/ccpvar.h b/sys/dev/ic/ccpvar.h
index 65efe847912..7add1e0a46e 100644
--- a/sys/dev/ic/ccpvar.h
+++ b/sys/dev/ic/ccpvar.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ccpvar.h,v 1.3 2024/06/13 17:59:08 bluhm Exp $ */
+/* $OpenBSD: ccpvar.h,v 1.4 2024/09/01 19:25:06 bluhm Exp $ */
/*
* Copyright (c) 2018 David Gwynne <dlg@openbsd.org>
@@ -243,6 +243,11 @@ struct psp_init {
} __packed;
+struct psp_guest_shutdown {
+ /* Input parameter for PSP_CMD_GUEST_SHUTDOWN */
+ uint32_t handle;
+} __packed;
+
/* Selection of PSP commands of the SEV-SNP ABI Version 1.55 */
#define PSP_CMD_SNP_PLATFORMSTATUS 0x81
@@ -272,6 +277,7 @@ struct psp_snp_platform_status {
#define PSP_IOC_ACTIVATE _IOW('P', 9, struct psp_activate)
#define PSP_IOC_DEACTIVATE _IOW('P', 10, struct psp_deactivate)
#define PSP_IOC_SNP_GET_PSTATUS _IOR('P', 11, struct psp_snp_platform_status)
+#define PSP_IOC_GUEST_SHUTDOWN _IOW('P', 255, struct psp_guest_shutdown)
#endif /* __amd64__ */
#ifdef _KERNEL