[PATCH 01/60] x86/sev: Define the #HV doorbell page structure
From: Jörg Rödel <joro@8bytes.org>
Date: 2026-06-08 14:43:11
Also in:
kvm, kvm-riscv, kvmarm, linux-mips, lkml, loongarch
Subsystem:
kernel virtual machine for x86 (kvm/x86), the rest, x86 architecture (32-bit and 64-bit) · Maintainers:
Sean Christopherson, Paolo Bonzini, Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen
From: Melody Wang <redacted> Restricted injection is a feature which enforces additional interrupt and event injection security protections for a SEV-SNP guest. It disables all hypervisor-based interrupt queuing and event injection of all vectors except a new exception vector, #HV (28), which is reserved for SNP guest use, but never generated by hardware. #HV is only allowed to be injected into VMSAs that execute with Restricted Injection. The guests running with the SNP restricted injection feature active limit the host to ringing a doorbell with a #HV exception. Define two fields in the #HV doorbell page: a pending event field, and an EOI assist. Create the structure definition for the #HV doorbell page as per GHCB specification. Co-developed-by: Thomas Lendacky <thomas.lendacky@amd.com> Signed-off-by: Thomas Lendacky <thomas.lendacky@amd.com> Signed-off-by: Melody Wang <redacted> Signed-off-by: Joerg Roedel <redacted> --- arch/x86/include/asm/svm.h | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index bcfeb5e7c0ed..9822b0b346ae 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h@@ -252,6 +252,39 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_TSC_RATIO_MAX 0x000000ffffffffffULL #define SVM_TSC_RATIO_DEFAULT 0x0100000000ULL +/* + * Hypervisor doorbell page: + * + * Used when Restricted Injection is enabled for a VM. One page in size that + * is shared between the guest and hypervisor to communicate exception and + * interrupt events. + */ +struct hvdb_events { + /* First 64 bytes of HV doorbell page defined in GHCB specification */ + union { + struct { + /* Non-maskable event indicators */ + u16 vector: 8, + nmi: 1, + mce: 1, + reserved2: 5, + no_further_signal: 1; + }; + + u16 pending_events; + }; + + u8 no_eoi_required; + + u8 reserved3[61]; +}; + +struct hvdb { + struct hvdb_events events; + + /* Remainder of the page is for software use */ + u8 reserved[PAGE_SIZE - sizeof(struct hvdb_events)]; +}; /* AVIC */ #define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK (0xFFULL)
--
2.53.0