[PATCH v2 1/6] x86/sev: Define the #HV doorbell page structure

From: Melody Wang
Date: Tue Sep 10 2024 - 02:04:30 EST

Next message: Melody Wang: "[PATCH v2 2/6] KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event"
Previous message: Melody Wang: "[PATCH v2 0/6] Add SEV-SNP restricted injection hypervisor support"
In reply to: Melody Wang: "[PATCH v2 0/6] Add SEV-SNP restricted injection hypervisor support"
Next in thread: Melody Wang: "[PATCH v2 2/6] KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Restricted injection is a feature which enforces additional interrupt and event
injection security protections for a SEV-SNP guest. It disables all
hypervisor-based interrupt queuing and event injection of all vectors except
a new exception vector, #HV (28), which is reserved for SNP guest use, but
never generated by hardware. #HV is only allowed to be injected into VMSAs that
execute with Restricted Injection.

The guests running with the SNP restricted injection feature active limit the
host to ringing a doorbell with a #HV exception.

Define two fields in the #HV doorbell page: a pending event field, and an
EOI assist.

Create the structure definition for the #HV doorbell page as per GHCB
specification.

Co-developed-by: Thomas Lendacky <thomas.lendacky@xxxxxxx>
Signed-off-by: Thomas Lendacky <thomas.lendacky@xxxxxxx>
Signed-off-by: Melody Wang <huibo.wang@xxxxxxx>
---
arch/x86/include/asm/svm.h | 41 ++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)

diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index f0dea3750ca9..2b1f4c8daf19 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -516,6 +516,47 @@ struct ghcb {
u32 ghcb_usage;
} __packed;

+/*
+ * Hypervisor doorbell page:
+ *
+ * Used when restricted injection is enabled for a VM. One page in size that
+ * is shared between the guest and hypervisor to communicate exception and
+ * interrupt events.
+ */
+struct hvdb_events {
+ /* First 64 bytes of HV doorbell page defined in GHCB specification */
+ union {
+ struct {
+ /* Interrupt vector being injected */
+ u8 vector;
+
+ /* Non-maskable event field (NMI, etc.) */
+ u8 nm_events;
+ };
+
+ struct {
+ /* Non-maskable event indicators */
+ u16 reserved1: 8,
+ nmi: 1,
+ mce: 1,
+ reserved2: 5,
+ no_further_signal: 1;
+ };
+
+ u16 pending_events;
+ };
+
+ u8 no_eoi_required;
+
+ u8 reserved3[61];
+};
+
+struct hvdb {
+ struct hvdb_events events;
+
+ /* Remainder of the page is for software use */
+ u8 reserved[PAGE_SIZE - sizeof(struct hvdb_events)];
+};

#define EXPECTED_VMCB_SAVE_AREA_SIZE 744
#define EXPECTED_GHCB_SAVE_AREA_SIZE 1032
--
2.34.1

Next message: Melody Wang: "[PATCH v2 2/6] KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event"
Previous message: Melody Wang: "[PATCH v2 0/6] Add SEV-SNP restricted injection hypervisor support"
In reply to: Melody Wang: "[PATCH v2 0/6] Add SEV-SNP restricted injection hypervisor support"
Next in thread: Melody Wang: "[PATCH v2 2/6] KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]