[PATCH 01/60] x86/sev: Define the #HV doorbell page structure

Mon, 08 Jun 2026 07:55:14 -0700 

From: Melody Wang <[email protected]>

Restricted injection is a feature which enforces additional interrupt and
event injection security protections for a SEV-SNP guest. It disables all
hypervisor-based interrupt queuing and event injection of all vectors except
a new exception vector, #HV (28), which is reserved for SNP guest use, but
never generated by hardware. #HV is only allowed to be injected into VMSAs
that execute with Restricted Injection.

The guests running with the SNP restricted injection feature active limit the
host to ringing a doorbell with a #HV exception.

Define two fields in the #HV doorbell page: a pending event field, and an EOI
assist.

Create the structure definition for the #HV doorbell page as per GHCB
specification.

Co-developed-by: Thomas Lendacky <[email protected]>
Signed-off-by: Thomas Lendacky <[email protected]>
Signed-off-by: Melody Wang <[email protected]>
Signed-off-by: Joerg Roedel <[email protected]>
---
 arch/x86/include/asm/svm.h | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index bcfeb5e7c0ed..9822b0b346ae 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -252,6 +252,39 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
 #define SVM_TSC_RATIO_MAX      0x000000ffffffffffULL
 #define SVM_TSC_RATIO_DEFAULT  0x0100000000ULL
 
+/*
+ * Hypervisor doorbell page:
+ *
+ * Used when Restricted Injection is enabled for a VM. One page in size that
+ * is shared between the guest and hypervisor to communicate exception and
+ * interrupt events.
+ */
+struct hvdb_events {
+       /* First 64 bytes of HV doorbell page defined in GHCB specification */
+       union {
+               struct {
+                       /* Non-maskable event indicators */
+                       u16 vector:             8,
+                           nmi:                1,
+                           mce:                1,
+                           reserved2:          5,
+                           no_further_signal:  1;
+               };
+
+               u16 pending_events;
+       };
+
+       u8 no_eoi_required;
+
+       u8 reserved3[61];
+};
+
+struct hvdb {
+       struct hvdb_events events;
+
+       /* Remainder of the page is for software use */
+       u8 reserved[PAGE_SIZE - sizeof(struct hvdb_events)];
+};
 
 /* AVIC */
 #define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK   (0xFFULL)
-- 
2.53.0

Reply via email to