[v2,1/6] x86/sev: Define the #HV doorbell page structure

Message ID	e4a96bea85f2581d82a3a47839289460e84b0589.1725945912.git.huibo.wang@amd.com (mailing list archive)
State	New, archived
Headers	show Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2085.outbound.protection.outlook.com [40.107.96.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 997B813AD09; Tue, 10 Sep 2024 06:04:19 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C From: Melody Wang <huibo.wang@amd.com> To: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <x86@kernel.org> CC: Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com>, Tom Lendacky <thomas.lendacky@amd.com>, Ashish Kalra <ashish.kalra@amd.com>, Michael Roth <michael.roth@amd.com>, Melody Wang <huibo.wang@amd.com> Subject: [PATCH v2 1/6] x86/sev: Define the #HV doorbell page structure Date: Tue, 10 Sep 2024 06:03:31 +0000 Message-ID: <e4a96bea85f2581d82a3a47839289460e84b0589.1725945912.git.huibo.wang@amd.com> In-Reply-To: <cover.1725945912.git.huibo.wang@amd.com> References: <cover.1725945912.git.huibo.wang@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Add SEV-SNP restricted injection hypervisor support \| expand [v2,0/6] Add SEV-SNP restricted injection hypervisor support [v2,1/6] x86/sev: Define the #HV doorbell page structure [v2,2/6] KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event [v2,3/6] KVM: SVM: Inject #HV when restricted injection is active [v2,4/6] KVM: SVM: Inject NMIs when restricted injection is active [v2,5/6] KVM: SVM: Inject MCEs when restricted injection is active [v2,6/6] KVM: SVM: Enable restricted injection for an SEV-SNP guest

Message ID

e4a96bea85f2581d82a3a47839289460e84b0589.1725945912.git.huibo.wang@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB03.amd.com; pr=C
From: Melody Wang <huibo.wang@amd.com>
To: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <x86@kernel.org>
CC: Sean Christopherson <seanjc@google.com>, Paolo Bonzini
	<pbonzini@redhat.com>, Tom Lendacky <thomas.lendacky@amd.com>, Ashish Kalra
	<ashish.kalra@amd.com>, Michael Roth <michael.roth@amd.com>, Melody Wang
	<huibo.wang@amd.com>
Subject: [PATCH v2 1/6] x86/sev: Define the #HV doorbell page structure
Date: Tue, 10 Sep 2024 06:03:31 +0000
Message-ID: 
 <e4a96bea85f2581d82a3a47839289460e84b0589.1725945912.git.huibo.wang@amd.com>
In-Reply-To: <cover.1725945912.git.huibo.wang@amd.com>
References: <cover.1725945912.git.huibo.wang@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Sep 2024 06:04:15.2508
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 053a64e3-318c-4101-bba9-08dcd15e665e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB03.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	CO1PEPF000075F2.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9120

Series

Add SEV-SNP restricted injection hypervisor support | expand

Commit Message

Melody (Huibo) Wang Sept. 10, 2024, 6:03 a.m. UTC

Restricted injection is a feature which enforces additional interrupt and event
injection security protections for a SEV-SNP guest. It disables all
hypervisor-based interrupt queuing and event injection of all vectors except
a new exception vector, #HV (28), which is reserved for SNP guest use, but
never generated by hardware. #HV is only allowed to be injected into VMSAs that
execute with Restricted Injection.

The guests running with the SNP restricted injection feature active limit the
host to ringing a doorbell with a #HV exception.

Define two fields in the #HV doorbell page: a pending event field, and an
EOI assist.

Create the structure definition for the #HV doorbell page as per GHCB
specification.

Co-developed-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Melody Wang <huibo.wang@amd.com>
---
 arch/x86/include/asm/svm.h | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index f0dea3750ca9..2b1f4c8daf19 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -516,6 +516,47 @@  struct ghcb {
 	u32 ghcb_usage;
 } __packed;
 
+/*
+ * Hypervisor doorbell page:
+ *
+ * Used when restricted injection is enabled for a VM. One page in size that
+ * is shared between the guest and hypervisor to communicate exception and
+ * interrupt events.
+ */
+struct hvdb_events {
+	/* First 64 bytes of HV doorbell page defined in GHCB specification */
+	union {
+		struct {
+			/* Interrupt vector being injected */
+			u8 vector;
+
+			/* Non-maskable event field (NMI, etc.) */
+			u8 nm_events;
+		};
+
+		struct {
+			/* Non-maskable event indicators */
+			u16 reserved1:		8,
+			    nmi:		1,
+			    mce:		1,
+			    reserved2:		5,
+			    no_further_signal:	1;
+		};
+
+		u16 pending_events;
+	};
+
+	u8 no_eoi_required;
+
+	u8 reserved3[61];
+};
+
+struct hvdb {
+	struct hvdb_events events;
+
+	/* Remainder of the page is for software use */
+	u8 reserved[PAGE_SIZE - sizeof(struct hvdb_events)];
+};
 
 #define EXPECTED_VMCB_SAVE_AREA_SIZE		744
 #define EXPECTED_GHCB_SAVE_AREA_SIZE		1032

[v2,1/6] x86/sev: Define the #HV doorbell page structure

Commit Message

Patch