From 6302f867eaf516cb97b76fcca963511a5ce8b545 Mon Sep 17 00:00:00 2001
From: sf <sf@openbsd.org>
Date: Wed, 26 Nov 2025 13:48:57 +0000
Subject: [PATCH] SEV-ES: Implement wbinvd in the trap handler

When MP is enabled, OpenBSD uses the WBINVD instruction. With SEV-ES,
this causes a VC trap if the hypervisor has the WBINVD intercept enabled.
In the trap handler, simply forward the WBINVD exit to the hypervisor.

From Sebastian Sturm

ok mlarkin hshoexer
---
 sys/arch/amd64/amd64/trap.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c
index 0feb17cbdee..2e5728e3853 100644
--- a/sys/arch/amd64/amd64/trap.c
+++ b/sys/arch/amd64/amd64/trap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: trap.c,v 1.115 2025/10/22 14:31:24 hshoexer Exp $	*/
+/*	$OpenBSD: trap.c,v 1.116 2025/11/26 13:48:57 sf Exp $	*/
 /*	$NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $	*/
 
 /*-
@@ -445,6 +445,16 @@ vctrap(struct trapframe *frame, int user, int *sig, int *code)
 		}
 		panic("unexpected MMIO in kernelspace");
 		/* NOTREACHED */
+	case SVM_VMEXIT_WBINVD:
+		/*
+		 * There is no special GHCB request for WBNOINVD.
+		 * Signal WBINVD to emulate WBNOINVD.
+		 */
+		if (*rip == 0xf3)
+			frame->tf_rip += 3;
+		else
+			frame->tf_rip += 2;
+		break;
 	default:
 		panic("invalid exit code 0x%llx", ghcb_regs.exitcode);
 	}