From nobody Mon May 11 08:30:36 2026 Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011004.outbound.protection.outlook.com [40.93.194.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B9DF288AD; Fri, 24 Apr 2026 17:43:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.194.4 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052586; cv=fail; b=hnqB/z96P+ini/8pTU95eZCFzeU9crRGA4gGlqkpUpMMJ4g846sg7fUIIjqTA7p/e95gGkYZAgpjbFTnfgCAFsTFFm9Om06KV+niXrCZaQr4aaxni8QJnyUC4DeZQKSLgP+jXa6iNfPGtluZSYje++Sy8qw+9jHjSaXPqYS96EE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052586; c=relaxed/simple; bh=kgJ+GeupMS3S9NyfTGpitSE9mo5zo4cZGfAJM+hdAjs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lumXxGWeahdBpMxmeKIhaIjPexxGtRafpBGj1Sc1NAxpGn54dea1EP+HBl1joZLQOgf4pzB9VzE4luGv0G/S6ftKJnB56wdyCG8HgLCXdEp6TkWUnIxVeD29UNlB3oz1XO8Ko1UcE2NWzKe06FoENjDuKgZI2csRXPkFAihVwio= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UlwdLhaB; arc=fail smtp.client-ip=40.93.194.4 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UlwdLhaB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HIQe3IBnbWWwaBerqo9IxTbYjiVa3Y3jVq8YhuH17q7voDTFvhratAelQaJyYwjk29T5rBcK8HhVFdXHM8qRyQkjivtSVZaBKbS43t8HVUH8shyiOqpSPos3OrDWZzCp6D5BQ+9NSuNt5yf1OeaRpr5EmKjuODCqJabHGsFDj/jtyIJeZxF6+TVT3C0aWoM7CWTj7E7Tn7448A46eNqCAUDECING/rXsm1nhQPyFBBaoiINGgNdHffN8tfO6i8Pqw2ptBvu9866osVcnSGejE6bFQFYuzmptWvzoK1oS9TwlBK1+NjSwh/PrH8QFv8ALb3NZ2vJkGjmYYAmUeSvnVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w9RPexNeBttsmvrNwZ0q1oLXMeCZdzmXjxUCRXOEi84=; b=iw9HfghfKIjkVWsSPEufYE5bkgYFBuMtz6dJFn8eHVrMeeIXZlrMyL+Y6sBiTDk2xa0NlNF21h+l2ofiUZl+lZ8X45ID75zEnhy5BLwgF54iteTdq2kHsOCwwBKfH6IzMSHN0ssgE19oGaiLC7dnsIQwB9cT3ziJhYmKsvdzhnAvKw+LkyiWnlaThgbPEWhEkLidVXtdKnkLOu3drOtaim+c0PcYzXqmqhE7PTX0IymveJuXogeEFGnQ8aFMsDDgWjk233mhJjPEO0sUly277d0asT7/x1MK/hJXx7hIQTZKMK13b1d7V56IcDZ8Hy3XNJRt4SEGxYGUGHnh+r4msw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w9RPexNeBttsmvrNwZ0q1oLXMeCZdzmXjxUCRXOEi84=; b=UlwdLhaB+SIM73q3/y4jJVqUlY1IvZ9YRXB7USMPv3z8U6/sMLEMYjd87bGg5NOFyTpp5rF0OQxWsF48Vl+iqs0zwd6aanrnS2W/xbcElVpDLpXXsnCNH2afbbk9cWKYEgDfa+Q+kGdigQpOjNSFyc+t+JwkAbe5btiB6YeJKDU= Received: from BN9PR03CA0420.namprd03.prod.outlook.com (2603:10b6:408:111::35) by DS0PR12MB9040.namprd12.prod.outlook.com (2603:10b6:8:f5::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.21; Fri, 24 Apr 2026 17:42:58 +0000 Received: from BN2PEPF00004FC0.namprd04.prod.outlook.com (2603:10b6:408:111:cafe::26) by BN9PR03CA0420.outlook.office365.com (2603:10b6:408:111::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:42:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by BN2PEPF00004FC0.mail.protection.outlook.com (10.167.243.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:42:58 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:42:57 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH v4 1/7] x86/sev: Define the #HV doorbell page structure Date: Fri, 24 Apr 2026 17:42:05 +0000 Message-ID: <9d2fd7cf59a31e7df23fe24fb3c177c2a272d4a6.1777048608.git.huibo.wang@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FC0:EE_|DS0PR12MB9040:EE_ X-MS-Office365-Filtering-Correlation-Id: 3f02d0c2-f3ca-4cb7-74ad-08dea228ec8f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700016|82310400026|1800799024|376014|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: Q1VBImQ6qcoy4K5IKex4NmGtp7xsQhu2hjxrmjACE9Zo1QDufG3nfGUgZ8ZsduUmwObmLOIq+DuZFmbRSR9mG1qWfeZKTJUxaRHihS6l1VuOntDmSewc4OATOFVI0Wf+Hskc+JaLrKMVenUDy35pxZgmZsQChL+pAJb2e/z1BoyQh/6diX7ObIPWLQOaCh/c+hLRpAu7EVpQLoDUh9s4qKzyaXszRk/UoiSXoe9gY7StmOMdgyS1wOrXe9U+YriP+aLZmt750zFllGPsiiev0O6F3MvxJ4TfkGae3Si+9q6uAphoh6oufpot3qM5CByeTbQBsr92IwaPuYykIiw1dFv3Pyal3Mlr4rLzeybPD3VgA9TGROpVrIJVGIiCtB5Gi3vX1idfDWf+rl8JIG9+X2sh1u8YTbfH2svZuOZa2EgYtV5W/uVqUixAgYc0QfzNptczhS+LHdCVkrCMeu0s+iahqyPfh8d1iPCLUEl4t0BMKualLt407av2NkxUP5J7eV82iEBjzCFzwEjItoacGrNyLwWgrECow4vaSFVTWzK1uY5EOBDH6is9XBZs6Psli2a5KMhOtmyjXpFbIy2ZcUq6uIaxHRH/q887PKayT/MT3wL3xmQXqyf9NIPJDYJiFTp5VgQCmoKxQrDUDuSn4iiEguozBnSg30z+KvpvLYvgwcItbkgGzIqZ+Jdq3x1smG+CuI7H0gaOW3gdx9v60up1g4efxOrp7x4P8R5tN0KW3+ZftMm7YALU5w+7NESHvYOOpBCv2yAfiLks3U4vAA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700016)(82310400026)(1800799024)(376014)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: TbPfdMLZJGMy2a4/RRK7Ls7XcCQFK6ppZUng/kZohy32PXOmvGBCNV4bbyXoEuJl/1mJUS0kkggdeSE/IzHDtxXG1Xkw0RfKjAy1cos/AH+J4Lsc93AefxiD3xLTKzhxhKqNbJYaaZ9S5K4sIbGE7RnSwJUzHbDsbPs0WJSBwWgmFXhb2Bk/KTiDo7VXJxUT8d1Ex9ZTx6rVru/WGjC/oaUX3gUORJ7mFSWzLI6RCsKKSlrVhQbx3dQPNDtbqBdv+P7WYR/Gt5nx5i1xquG2EDCpIm1Qmy+wD7CKxYW3UcG83jJa6qiBXFPRJTEFKeyVJ9t2GUdQUEUMvkrUkOsYCtBbwEMa9rI1Hk/65h8gYLzSulHJl6rJEeWVkdL4SXE8oJxg5Du/kGD73OYwn/YbQhtw0Y82ANRaSjgbizAZ2be9njhESIV/HgzSqX4PUkWJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:42:58.3964 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3f02d0c2-f3ca-4cb7-74ad-08dea228ec8f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FC0.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB9040 Content-Type: text/plain; charset="utf-8" Restricted injection is a feature which enforces additional interrupt and event injection security protections for a SEV-SNP guest. It disables all hypervisor-based interrupt queuing and event injection of all vectors except a new exception vector, #HV (28), which is reserved for SNP guest use, but never generated by hardware. #HV is only allowed to be injected into VMSAs that execute with Restricted Injection. The guests running with the SNP restricted injection feature active limit t= he host to ringing a doorbell with a #HV exception. Define two fields in the #HV doorbell page: a pending event field, and an E= OI assist. Create the structure definition for the #HV doorbell page as per GHCB specification. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/include/asm/svm.h | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index bcfeb5e7c0ed..9822b0b346ae 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -252,6 +252,39 @@ struct __attribute__ ((__packed__)) vmcb_control_area { #define SVM_TSC_RATIO_MAX 0x000000ffffffffffULL #define SVM_TSC_RATIO_DEFAULT 0x0100000000ULL =20 +/* + * Hypervisor doorbell page: + * + * Used when Restricted Injection is enabled for a VM. One page in size th= at + * is shared between the guest and hypervisor to communicate exception and + * interrupt events. + */ +struct hvdb_events { + /* First 64 bytes of HV doorbell page defined in GHCB specification */ + union { + struct { + /* Non-maskable event indicators */ + u16 vector: 8, + nmi: 1, + mce: 1, + reserved2: 5, + no_further_signal: 1; + }; + + u16 pending_events; + }; + + u8 no_eoi_required; + + u8 reserved3[61]; +}; + +struct hvdb { + struct hvdb_events events; + + /* Remainder of the page is for software use */ + u8 reserved[PAGE_SIZE - sizeof(struct hvdb_events)]; +}; =20 /* AVIC */ #define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK (0xFFULL) --=20 2.43.0 From nobody Mon May 11 08:30:36 2026 Received: from DM5PR21CU001.outbound.protection.outlook.com (mail-centralusazon11011061.outbound.protection.outlook.com [52.101.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B36B23FC41; Fri, 24 Apr 2026 17:43:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.62.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052612; cv=fail; b=qAQ9sJPkKzETSt5UdAkuuFgZUBhoXBWmBRLRRygb5OOBB5lE6aW2lp1hgudmcAXiY60oBVtawDl3cQgLz6n6ZsWKSqCB5x9XmFHgGYzrzCf2LnlBb4S5UTyzcSVkOlgo+45IYyucqHRhl3FWIBwkAqTxzhdl3x3FhM9hvPJhyMY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052612; c=relaxed/simple; bh=9mtZ41fuecLxhDpswCp20fQf3pTxIlNvje5R7Ixe08I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jLmJuBbXS0tSzxBSLFR+MqmEfYELklBWQPqKKl+MS+rsMc020LZUsLtOayJwg3VeRMWgcqP8KdvNaQEcUjmHAdCedNYfm0Xuq9EklMnLXC6znAc47wMYblXHKfps0kfNgxrlv/KPeowNy9VG3y8eszine1juCC4iASerXg/3EMk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=d0tY/Byv; arc=fail smtp.client-ip=52.101.62.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="d0tY/Byv" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c2eWOTjbO7eg+PgqGgFA6+c8KGqW0CglLeEOvRi+ALKFRokRbuv8TSjfU9LJbJKJ82NR7UVKfo3SBwqS7TtHj8AiokStykb7jjrzGkekZAAKkxfahqyQWU7mdzzNBkFwrZ8N9mtkHkJ78Ic0gUMbv4JX5mjx+5CuSdCiff6o0Hle8GLKih+cwYT2788soPuAiRR+nK49U2kh9YwxTfiNpV1MCV0qUTxXvE7o9lwfvEQmOzlWkrUah8yY5Ky4vII+ccj+brPdzJVzd/b38sMjfmNjkpz1iWMBhdU6KPDZD0xZryr6Qs88T1/5o8393jR/7CpKqYdzjlU2dWEqYofKiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pVFe7TZv+2UVL8gLu4MZJJqxaBqtrG100wkz26pyWy8=; b=aRtAkIkVs2lqkTJbccn7r8TUKqXAJr/DhaXlYt99IEgPxbns7scEbdJHyfyhBprcM04dZqbYnS9SskICThJLPuwJgi7dMIbtBPvTjdeEzpimqjUQFa31WO4s7UQUuzBmHnEwUS11FZHvtSOxwI+x12CxFausg7OVqwUKT//quNIAb6LYBCERTc4VEveoRIWdmxmAhH4yHRVlOdRZuOGxGn0XG8IO0UNdWFHDIjb19GOwBjCLLXyvdkYEMraF00rFvDV1zsflpNFI7hlPSWkgcnRGzF40ycwsZ8PNHOIqzVacMAnT9qaL3zU1Zf9RenOKLDgJR1vbjs90U8bR71IKgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pVFe7TZv+2UVL8gLu4MZJJqxaBqtrG100wkz26pyWy8=; b=d0tY/Byvezp1s5OWnyeQLNJiSkgWZ/x/ipC3tQ02jrCDOTKG/JVeqTOH2nbdRi/dG41AKf635CwgsPOkEBJZZpDOK/k/AKIqUi5EFozrXkUjMqCE8YzRv8cRbhpujlxvnciM7e7WX9WHEg+DRRFHzQodeYLG/WeWmlS6ZYV5uM4= Received: from BL1PR13CA0083.namprd13.prod.outlook.com (2603:10b6:208:2b8::28) by SJ2PR12MB9087.namprd12.prod.outlook.com (2603:10b6:a03:562::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Fri, 24 Apr 2026 17:43:26 +0000 Received: from BL02EPF00029927.namprd02.prod.outlook.com (2603:10b6:208:2b8:cafe::10) by BL1PR13CA0083.outlook.office365.com (2603:10b6:208:2b8::28) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:43:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by BL02EPF00029927.mail.protection.outlook.com (10.167.249.52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:43:25 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:43:23 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH v4 2/7] KVM: SVM: Add support for the SEV-SNP #HV doorbell page NAE event Date: Fri, 24 Apr 2026 17:42:06 +0000 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF00029927:EE_|SJ2PR12MB9087:EE_ X-MS-Office365-Filtering-Correlation-Id: 257f1b92-320a-4ac8-f3f5-08dea228fcf1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|36860700016|22082099003|18002099003|56012099003; X-Microsoft-Antispam-Message-Info: RhfPcNUlsAKqAYdZo3XprGJ11LgRM33QOhASX5Xxhh+gbhnSlU/clO3JEzQJsphrEuuTxhK1JHwPoUeU81TPOKFtHNXfmbOtosXYXFWqWLnVkdvROD2N97pwkuWXRAiipb4XxXxwjexXk2NFodafAs0j91BxNW7lzeeiQSx7jFczQTMW94uDeqfF/dJWIcW9qU3NS6jdjL8roPmLHvwQaDX6xCBBpZ1QAGu5izZCoWzKyH7Np445pphbgPWYwFrg5ykKMZoFFWH4ABozjQEQi4AzgDye4UlAB5Y2HWo1CSVmWWWMQGO7moZLjm9Za75vtVnaV9tuq1IIHWnQQ2gxEfBZE0LKF/q+SfbsxLi4+IT0FTNCu1YZ0hPlmRu4zw80BD9U7PSutqL47H1W7IjyevUkSrTi9glrq45dFiskTeJ9J7y5H/JkjtefPjmdHN1eE6TnKCBt4pFSCNrxyOZosMnDwrjGV7BXtapU6LDhTNxRelcsfrHN8AsA5EBszCKBFQ+Pd48inEqmpamyGlKUPgDZd5rw8Y0/7q3ySNxbToO0gijOU9aToLPn7PluHTMb5NeWZAYTjtBmoX98RDuxNF43IVmzEVz/PfIXCZMa98UQg9jRcuvkpofkZc4lk5cVXct171wWFX8XuM5N2+w4J3vHey2ZYv1+TDwmPu2/fLaXe5l8pZhPvHkimH8JCMcR0URhb5Avx3SKmH/IPIjLGcXSD86UoMojJkLd7r43/MPDnX1+8JWfR+TOoKiaE8lgmxkIq8TIw4P4xAEtM92Fhw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(36860700016)(22082099003)(18002099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: gsZe12CKLChucOzWS2Ck80j0WGznilm0KRkWxAxap2e1zc9dHXj06IydHP0/bDDcf0xPAeCWyxJ08kg2EklxpGdOd3DolBYgLvm7YzEC1CxD6R55m7jFYiHgAPSuOnyEIbqUY0RVYRZk9/Pr58xoCrxWrdTRquVQveaFoNszdKQOJqvV0HnTrF4gRxAdEPuNhjMs5Q37oeUBTTVChTo7N1nwWlQq3jSQghvG2RBUgXjXezRFb+teKKD5A00lYHw4CJ8+yLnfLRZVxzXp/W7fLMvlN/B8Fa7C80j1RZHctkPDBOEfDrdwzxKSqqF62W89bT4Wcx8R8AsP8ydeQ6yfHS0lC0WSSpHv81+zVpNQF4qTsCco18Ur496+kFYm+nUf6U5Is/iReSKqt6nPU9NxrTda5+FikqCbWL+v+L2djFs69+LBymj/TnVK/wU+uVTb X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:43:25.8937 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 257f1b92-320a-4ac8-f3f5-08dea228fcf1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF00029927.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB9087 Content-Type: text/plain; charset="utf-8" To support Restricted Injection, the SEV-SNP guest must register a doorbell page for use with #HV. This is done using the #HV doorbell page NAE event. This event consists of four actions: GET_PREFERRED, SET, QUERY, CLEAR. Implement it per the GHCB specification. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/include/uapi/asm/svm.h | 5 +++ arch/x86/kvm/svm/sev.c | 71 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 3 ++ arch/x86/kvm/svm/svm.h | 2 + 4 files changed, 81 insertions(+) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/sv= m.h index 010a45c9f614..d84a13ac4627 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -117,6 +117,11 @@ #define SVM_VMGEXIT_AP_CREATE_ON_INIT 0 #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 +#define SVM_VMGEXIT_HVDB_PAGE 0x80000014ull +#define SVM_VMGEXIT_HVDB_GET_PREFERRED 0 +#define SVM_VMGEXIT_HVDB_SET 1 +#define SVM_VMGEXIT_HVDB_QUERY 2 +#define SVM_VMGEXIT_HVDB_CLEAR 3 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018ull #define SVM_VMGEXIT_SAVIC 0x8000001aull #define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0 diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c2126b3c3072..f09c4236fb5e 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3553,6 +3553,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *= svm) control->exit_info_1 =3D=3D control->exit_info_2) goto vmgexit_err; break; + case SVM_VMGEXIT_HVDB_PAGE: + if (!is_sev_snp_guest(vcpu)) + goto vmgexit_err; + break; default: reason =3D GHCB_ERR_INVALID_EVENT; goto vmgexit_err; @@ -4299,6 +4303,65 @@ static int snp_handle_ext_guest_req(struct vcpu_svm = *svm, gpa_t req_gpa, gpa_t r return 1; /* resume guest */ } =20 +static int sev_snp_hv_doorbell_page(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu =3D &svm->vcpu; + struct kvm_host_map hvdb_map; + gpa_t hvdb_gpa; + u64 request; + + if (!is_sev_snp_guest(vcpu)) + return -EINVAL; + + request =3D svm->vmcb->control.exit_info_1; + hvdb_gpa =3D svm->vmcb->control.exit_info_2; + + switch (request) { + case SVM_VMGEXIT_HVDB_GET_PREFERRED: + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, ~0ULL); + break; + case SVM_VMGEXIT_HVDB_SET: + svm->sev_es.hvdb_gpa =3D INVALID_PAGE; + + if (!PAGE_ALIGNED(hvdb_gpa)) { + vcpu_unimpl(vcpu, "vmgexit: unaligned #HV doorbell page address [%#llx]= from guest\n", + hvdb_gpa); + return -EINVAL; + } + + if (!page_address_valid(vcpu, hvdb_gpa)) { + vcpu_unimpl(vcpu, "vmgexit: invalid #HV doorbell page address [%#llx] f= rom guest\n", + hvdb_gpa); + return -EINVAL; + } + + /* Map and unmap the GPA just to be sure the GPA is valid */ + if (kvm_vcpu_map(vcpu, gpa_to_gfn(hvdb_gpa), &hvdb_map)) { + vcpu_unimpl(vcpu, "vmgexit: error mapping #HV doorbell page [%#llx] fro= m guest\n", + hvdb_gpa); + return -EINVAL; + } + kvm_vcpu_unmap(vcpu, &hvdb_map); + + svm->sev_es.hvdb_gpa =3D hvdb_gpa; + fallthrough; + case SVM_VMGEXIT_HVDB_QUERY: + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, svm->sev_es.hvdb_gpa); + break; + case SVM_VMGEXIT_HVDB_CLEAR: + svm->sev_es.hvdb_gpa =3D INVALID_PAGE; + break; + default: + svm->sev_es.hvdb_gpa =3D INVALID_PAGE; + + vcpu_unimpl(vcpu, "vmgexit: invalid #HV doorbell page request [%#llx] fr= om guest\n", + request); + return -EINVAL; + } + + return 0; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control =3D &svm->vmcb->control; @@ -4566,6 +4629,14 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) case SVM_VMGEXIT_EXT_GUEST_REQUEST: ret =3D snp_handle_ext_guest_req(svm, control->exit_info_1, control->exi= t_info_2); break; + case SVM_VMGEXIT_HVDB_PAGE: + if (sev_snp_hv_doorbell_page(svm)) { + ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT); + } + + ret =3D 1; + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=3D%#llx, exit_info_2=3D%#= llx\n", diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index e7fdd7a9c280..826d60527297 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1266,6 +1266,9 @@ static void __svm_vcpu_reset(struct kvm_vcpu *vcpu) =20 svm->nmi_masked =3D false; svm->awaiting_iret_completion =3D false; + + if (is_sev_es_guest(vcpu)) + svm->sev_es.hvdb_gpa =3D INVALID_PAGE; } =20 static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index a10668d17a16..4ab58307bf75 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -267,6 +267,8 @@ struct vcpu_sev_es_state { gpa_t snp_vmsa_gpa; bool snp_ap_waiting_for_reset; bool snp_has_guest_vmsa; + + gpa_t hvdb_gpa; }; =20 struct vcpu_svm { --=20 2.43.0 From nobody Mon May 11 08:30:36 2026 Received: from PH0PR06CU001.outbound.protection.outlook.com (mail-westus3azon11011009.outbound.protection.outlook.com [40.107.208.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD5E5288AD; Fri, 24 Apr 2026 17:44:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.208.9 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052642; cv=fail; b=iX0lpzEMUfiToa571aNM+30bJxv3X5bqKib0AgiiLkIDgl8RIMTWiHLJvRnrolT1bTfr6ViMqg7qfTmgzB4/Qxd53A/E4m5xL1KFbJtKV25NJ8YvqvWLvyaNbuHiaZSsUPd0jkOc1aHxk/gCY6yooK/VMDiD4FMiaNDeVYoC4lw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052642; c=relaxed/simple; bh=6Mmur1PBLk3bGFEQuvv6cXbdHIVhKvcVm2YTIcPxU6Y=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QAOQ/gWh06cuJBdt7nXxX00ao5i70aX+kYX7tHZY784J3S5J0UdI3XJFF1i5tmJpu1PpK2/hj9hny2ZlMcEn5OFHlXF672bQrfHqbcFYCGVITxHsc1o8MA1UPvCaD/5xi61VgBd3NFrg0xVyANGRSGCWODEKFX85PFwDZ5szdM4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tf+bQU+8; arc=fail smtp.client-ip=40.107.208.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tf+bQU+8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VdTULx2zFzts3mWeuq/m4oJ5UzdTwLYckrBmFc1RNrtMs3+lySxTgg1VyFV0f6r1M6ptC18lT3VR5t9AWfQsWDPMM482jRKZ7em210iQmqh+y3bW2HgMC5PTG32B2v5e2W2PPVqI/OMrq22pAa2Whj9WPwgHxdmSPcDRZblD2JnJqtOXXL8HidYt2VRjPd9IRCyfixoQMYNV2eHuY5szptQdZ4e+EY2+M6vGvZ4tP7JoZCamqBNvJaM5qjE4ZEFTI46f7fy4dV1zHRWvbSykTph/6wBxG+XH3OiNgzGbJGLg3CdekSxPRKmI3QLwfsevJzmjPz6cOfElrcqNCDefOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GjiTZWvGMKEqrE8P24CMX3ZTnlS7VBQZLm6QA7bREGs=; b=hHP8eWbwFZkuGuSux+orcdqvryDcB2ep/WS8rlt4tOQjv5J54fbsE/Xb5C1vQhlvQlZVYNe+ZzJBWyrxpPW3BSf5RXHson+2FbcfXkietXLHpBKn35iCdYMUIDJ142jDmzg902E8fgtFHqAQSBAqpvNzixOr2Nzcp9oOAtAloFNxfYI7shIsRRveoy8ArqW1XB68BY2vbUO824HnBAw92ZKLjyOoQ7/T8tdPpqvAhGLNzRgvyGfN3jf0sARNBfA7Ha6Ksaj61D6hD8aE//lkpL0uAAgiTrhAXUgIUkgTJzHW1rric396Sjmw8NDjoJrg3r7M+vZ4P7uCn850oaSAFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GjiTZWvGMKEqrE8P24CMX3ZTnlS7VBQZLm6QA7bREGs=; b=tf+bQU+8IanfE7IaaIp/J+r5A1BmZb6XrSBc7F7brqwN7vTcDcuITnjwx01BbvRDUsaTSNrlztWeAiaZPcAESx68DX+DipcGJLt/YHTHK2lU7q+/X7cWEk3gNZ3Li6/bUUG55Kj4bjSqqwVdOJKvBV6PSwKowPoQpBnfkcVB/7w= Received: from IA1P220CA0001.NAMP220.PROD.OUTLOOK.COM (2603:10b6:208:461::15) by DS0PR12MB9322.namprd12.prod.outlook.com (2603:10b6:8:1bd::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Fri, 24 Apr 2026 17:43:52 +0000 Received: from BL02EPF00029928.namprd02.prod.outlook.com (2603:10b6:208:461:cafe::43) by IA1P220CA0001.outlook.office365.com (2603:10b6:208:461::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:43:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by BL02EPF00029928.mail.protection.outlook.com (10.167.249.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:43:52 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:43:51 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH v4 3/7] KVM: SVM: Inject #HV when Restricted Injection is active Date: Fri, 24 Apr 2026 17:42:07 +0000 Message-ID: <954d023cc355d1ab867c7f983c8fa830b29ee659.1777048608.git.huibo.wang@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF00029928:EE_|DS0PR12MB9322:EE_ X-MS-Office365-Filtering-Correlation-Id: 5d6107ac-291e-4ae7-dbfd-08dea2290c90 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|82310400026|36860700016|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: NbSq/JtIDVnUxzuLrnNGYGO6QdvcX+R+enxj862q3hdnQgUCVVc9Gtd6R7ZijX/pwJvgUHgqkSL8UjYZPiJ6GTOkknu2yGoLvgW3eyLh2uZSFFg+BttDKEG2RAGsxtXhUmK6/NsLCbeOVCRzb6Iil67HdiQWEMr5EuIHFW75jch6/hmg/7yREitgx/W+eXWYuTQE3XAPwx2x4ff1KwZBKl3vauGnlNTAJXJGsJAQR+QbYMFK/5YAJDC8UmJJdimI/FnveEkm2W1bwC8kDLSDz6aK00qGiC4VIx7IB39r2j39kFF4BbN0JU/RUfSCdWAbzmA+zN76XgU4ikkNJQxyb5tevtALu8jrzLCkoQ1SUlZShn2wD338cEYJOGTzNGGEZBeiEqrKK1wE4NVuH+JzizYpY0NknfLJQlTmglhjWiAjHExTh5bHR42qS2YMUuKunPOPpHGB6N7LKXHWr0827ssSw3ctvP6hx07ouxrUBBxULW7omnW4tndBPp4wyscXsH8/LnS/B4HNMWU0XbxPXWOJ7U0SNSCJj6mA6iiNT1e6UwYWA9MmwlPXyxBNq/Cq0pt3228ONtIPp+UJ+Lr5QYN53wg2R8UPbQnhRMwZsgnJRV8e755z+jEUwph4QiTdWTav/O1xCKW8um66lXgd8ue5KDE8FdXfH8Ru3oN2GoJhRISB07IRai6qI12mA5tPfC47/evRpHGphblJgZNdiazZKeLzWSNVyXWYMZZCwu7iBze1O5DYoPDYEjxj/Ju5vh/SSx/YcwBJrHLttmXm0w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(82310400026)(36860700016)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: sqWIh54R9XijY5uL6ytxEEJb9+kXZQGm0SzjRlxW3kE1uV0qO9cL8Fcm+B3W5P7e7/90UnoC9cyE4+6rD5aNO2L354r3C4+U+WNVJ1CWqAplRAVDT33LcAINS2/XbeBMYhFd+haXqoC6YN7hDQOlzS/0FZ7O/581YUjo9Bu0bZaRo4SklfSl9czmHq15kP4FkoeI5Lqi9NcEWALc381uhRQbBe+ay17KZ/IssZJuIcGpuhaDljds0zfPlYv2jsaaAiYffKcoyheXrSHoAP1N44o/CC01EQmBmsIMkkoqNn9dCViyumAwl78TrkkviaDsMaazm9rf0Qf2BgzAaxWu50f3bo9aYvjGyaQjSMX/DcjK5uNM1iHPyXC9TaDne8jnuOcNTk+vq1FdpCPmhT0xHK4mOAqnjNLQ4mMmUyMe/GgaeL5ORUEP7PK5tH6InMQA X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:43:52.0923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5d6107ac-291e-4ae7-dbfd-08dea2290c90 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF00029928.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB9322 Content-Type: text/plain; charset="utf-8" When Restricted Injection is active, only #HV exceptions can be injected in= to the SEV-SNP guest. Detect that, and then follow the #HV doorbell communicat= ion from the GHCB specification to inject the interrupt or exception. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/kvm/svm/sev.c | 164 +++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 14 +++- arch/x86/kvm/svm/svm.h | 21 ++++++ 3 files changed, 197 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f09c4236fb5e..509a4f8b5073 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -5321,3 +5321,167 @@ void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu,= struct vmcb_save_area *vmsa) =20 free_page((unsigned long)vmsa); } + +static void prepare_hv_injection(struct vcpu_svm *svm, struct hvdb *hvdb) +{ + if (hvdb->events.no_further_signal) + return; + + svm->vmcb->control.event_inj =3D HV_VECTOR | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID; + svm->vmcb->control.event_inj_err =3D 0; + + hvdb->events.no_further_signal =3D 1; +} + +static void unmap_hvdb(struct kvm_vcpu *vcpu, struct kvm_host_map *map) +{ + kvm_vcpu_unmap(vcpu, map); +} + +static struct hvdb *map_hvdb(struct kvm_vcpu *vcpu, struct kvm_host_map *m= ap) +{ + struct vcpu_svm *svm =3D to_svm(vcpu); + + if (!VALID_PAGE(svm->sev_es.hvdb_gpa)) + return NULL; + + if (kvm_vcpu_map(vcpu, gpa_to_gfn(svm->sev_es.hvdb_gpa), map)) { + vcpu_unimpl(vcpu, "snp: error mapping #HV doorbell page [%#llx] from gue= st\n", + svm->sev_es.hvdb_gpa); + + return NULL; + } + + return map->hva; +} + +static void __sev_snp_inject(enum inject_type type, struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm =3D to_svm(vcpu); + struct kvm_host_map hvdb_map; + struct hvdb *hvdb; + + hvdb =3D map_hvdb(vcpu, &hvdb_map); + if (!hvdb) { + WARN_ONCE(1, "Restricted Injection enabled, hvdb page mapping failed\n"); + return; + } + + hvdb->events.vector =3D vcpu->arch.interrupt.nr; + + prepare_hv_injection(svm, hvdb); + + unmap_hvdb(vcpu, &hvdb_map); +} + +bool sev_snp_queue_exception(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm =3D to_svm(vcpu); + + if (!sev_snp_is_rinj_active(vcpu)) + return false; + + /* + * Restricted Injection is enabled, only #HV is supported. + * If the vector is not HV_VECTOR, do not inject the exception, + * then return true to skip the original injection path. + */ + if (WARN_ONCE(vcpu->arch.exception.vector !=3D HV_VECTOR, + "Restricted Injection enabled, exception vector %u injection not s= upported\n", + vcpu->arch.exception.vector)) + return true; + + /* + * An intercept likely occurred during #HV delivery, so re-inject it + * using the current HVDB pending event values. + */ + svm->vmcb->control.event_inj =3D HV_VECTOR | + SVM_EVTINJ_TYPE_EXEPT | + SVM_EVTINJ_VALID; + svm->vmcb->control.event_inj_err =3D 0; + + return true; +} + +bool sev_snp_inject(enum inject_type type, struct kvm_vcpu *vcpu) +{ + if (!sev_snp_is_rinj_active(vcpu)) + return false; + + __sev_snp_inject(type, vcpu); + + return true; +} + +void sev_snp_cancel_injection(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm =3D to_svm(vcpu); + struct kvm_host_map hvdb_map; + struct hvdb *hvdb; + + if (!sev_snp_is_rinj_active(vcpu)) + return; + + if (!svm->vmcb->control.event_inj) + return; + + if (WARN_ONCE((svm->vmcb->control.event_inj & SVM_EVTINJ_VEC_MASK) !=3D H= V_VECTOR, + "Restricted Injection enabled, %u vector not supported\n", + svm->vmcb->control.event_inj & SVM_EVTINJ_VEC_MASK)) + return; + + /* + * Copy the information in the doorbell page into the event injection + * fields to complete the cancellation flow. + */ + hvdb =3D map_hvdb(vcpu, &hvdb_map); + if (!hvdb) + return; + + if (!hvdb->events.pending_events) { + /* No pending events, then event_inj field should be 0 */ + WARN_ON_ONCE(svm->vmcb->control.event_inj); + goto out; + } + + /* Copy info back into event_inj field (replaces #HV) */ + svm->vmcb->control.event_inj =3D SVM_EVTINJ_VALID; + + if (hvdb->events.vector) + svm->vmcb->control.event_inj |=3D hvdb->events.vector | + SVM_EVTINJ_TYPE_INTR; + + hvdb->events.pending_events =3D 0; + +out: + unmap_hvdb(vcpu, &hvdb_map); +} + +/* + * sev_snp_blocked() is for each vector - interrupt, NMI and MCE. It is + * checking if there is an interrupt handled by the guest when + * another interrupt is pending. So hvdb->events.vector will be used for + * checking while no_further_signal is signaling to the guest that a #HV + * is presented by the hypervisor. So no_further_signal is checked when + * a #HV needs to be presented to the guest. + */ +bool sev_snp_blocked(enum inject_type type, struct kvm_vcpu *vcpu) +{ + struct kvm_host_map hvdb_map; + struct hvdb *hvdb; + bool blocked; + + /* Indicate interrupts are blocked if doorbell page can't be mapped */ + hvdb =3D map_hvdb(vcpu, &hvdb_map); + if (!hvdb) + return true; + + /* Indicate interrupts blocked based on guest acknowledgment */ + blocked =3D !!hvdb->events.vector; + + unmap_hvdb(vcpu, &hvdb_map); + + return blocked; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 826d60527297..739cffe12cd1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -392,6 +392,9 @@ static void svm_inject_exception(struct kvm_vcpu *vcpu) svm_update_soft_interrupt_rip(vcpu, ex->vector)) return; =20 + if (sev_snp_queue_exception(vcpu)) + return; + svm->vmcb->control.event_inj =3D ex->vector | SVM_EVTINJ_VALID | (ex->has_error_code ? SVM_EVTINJ_VALID_ERR : 0) @@ -3807,9 +3810,11 @@ static void svm_inject_irq(struct kvm_vcpu *vcpu, bo= ol reinjected) } =20 trace_kvm_inj_virq(intr->nr, intr->soft, reinjected); - ++vcpu->stat.irq_injections; =20 - svm->vmcb->control.event_inj =3D intr->nr | SVM_EVTINJ_VALID | type; + if (!sev_snp_inject(INJECT_IRQ, vcpu)) + svm->vmcb->control.event_inj =3D intr->nr | SVM_EVTINJ_VALID | type; + + ++vcpu->stat.irq_injections; } =20 static void svm_fixup_nested_rips(struct kvm_vcpu *vcpu) @@ -3984,6 +3989,9 @@ bool svm_interrupt_blocked(struct kvm_vcpu *vcpu) if (!gif_set(svm)) return true; =20 + if (sev_snp_is_rinj_active(vcpu)) + return sev_snp_blocked(INJECT_IRQ, vcpu); + if (is_guest_mode(vcpu)) { /* As long as interrupts are being delivered... */ if ((svm->nested.ctl.int_ctl & V_INTR_MASKING_MASK) @@ -4334,6 +4342,8 @@ static void svm_cancel_injection(struct kvm_vcpu *vcp= u) struct vcpu_svm *svm =3D to_svm(vcpu); struct vmcb_control_area *control =3D &svm->vmcb->control; =20 + sev_snp_cancel_injection(vcpu); + control->exit_int_info =3D control->event_inj; control->exit_int_info_err =3D control->event_inj_err; control->event_inj =3D 0; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 4ab58307bf75..b4627884c36f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -55,6 +55,10 @@ extern int tsc_aux_uret_slot __ro_after_init; =20 extern struct kvm_x86_ops svm_x86_ops __initdata; =20 +enum inject_type { + INJECT_IRQ, +}; + /* * Clean bits in VMCB. * VMCB_ALL_CLEAN_MASK might also need to @@ -968,6 +972,17 @@ void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t en= d); int sev_gmem_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn, bool is_pri= vate); struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vcpu *vcpu); void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu, struct vmcb_save_area = *vmsa); +bool sev_snp_queue_exception(struct kvm_vcpu *vcpu); +bool sev_snp_inject(enum inject_type type, struct kvm_vcpu *vcpu); +void sev_snp_cancel_injection(struct kvm_vcpu *vcpu); +bool sev_snp_blocked(enum inject_type type, struct kvm_vcpu *vcpu); +static inline bool sev_snp_is_rinj_active(struct kvm_vcpu *vcpu) +{ + struct kvm_sev_info *sev =3D &to_kvm_svm(vcpu->kvm)->sev_info; + + return is_sev_snp_guest(vcpu) && + (sev->vmsa_features & SVM_SEV_FEAT_RESTRICTED_INJECTION); +}; #else static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp) { @@ -1005,6 +1020,12 @@ static inline struct vmcb_save_area *sev_decrypt_vms= a(struct kvm_vcpu *vcpu) return NULL; } static inline void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu, struct v= mcb_save_area *vmsa) {} + +static inline bool sev_snp_queue_exception(struct kvm_vcpu *vcpu) { return= false; } +static inline bool sev_snp_inject(enum inject_type type, struct kvm_vcpu *= vcpu) { return false; } +static inline void sev_snp_cancel_injection(struct kvm_vcpu *vcpu) {} +static inline bool sev_snp_blocked(enum inject_type type, struct kvm_vcpu = *vcpu) { return false; } +static inline bool sev_snp_is_rinj_active(struct kvm_vcpu *vcpu) { return = false; } #endif =20 /* vmenter.S */ --=20 2.43.0 From nobody Mon May 11 08:30:36 2026 Received: from PH7PR06CU001.outbound.protection.outlook.com (mail-westus3azon11010067.outbound.protection.outlook.com [52.101.201.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AC4F3E51CE; Fri, 24 Apr 2026 17:44:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.201.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052666; cv=fail; b=dcwXvhN9+84HKTAkgHBEErboyB3oISCX5OPWeEoYSo+HVUeFOrSdeHF960SWDrnpe1Xc86YLOv0HSXIq8b1oAg8989jeOy8rMs3shYVHfDpXVw31axJ5RgtgyLn/rdQBzANLHPbzUcvVr9qxVX8003VYB5VY5MTsmLAQ8mwCY8o= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052666; c=relaxed/simple; bh=ru49WWwQ/SvD+6Rih9tj+G4pL3EKWYYElme8/pwny8k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=iaxXflTT3XnQVYmt+/im+R0rNAodAsHEJM1cbNxn614KM9Yun3JS9PTM0RpqKCyoGZo/iChI3pNVoWV9pb+cgMI+IYGiETn4DxBByPIK1p/CQ0Xf19ZXWGWk4t2+Ou2XZ7XS2kbYjVuXQUdFA5mzVZdcENf4Mk8aSIpMViZ/ybg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=A3pRWlr3; arc=fail smtp.client-ip=52.101.201.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="A3pRWlr3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ObPjX4F7ti3vsbIn1EjIIeTntpxd9eKRwC9hznROZuUcq3e4JukJjHH2+XCYo0CarbsK8IKOmEwZTLRnSckypQHjPE6KzALk6LaXoCukcQZNlwzOs9+9K9zqYNocy1Gyogeh2ynvZPhyvSfn7ZtAw5E6pNVhioVGdR0z6JcwizS6mqA0ZBzjVi+TLKa5IcuFxfQn3a8qvRkTb8LOF+4+oZrezV+aFr1ODcaS5Pxhhb+8sx+tjPtmZshI1atF20dY148G8F8Ef6K8eEOMg8TDYkCrl5i3yWPVPFo0BQiZG++Rn3rv/GZ8oJa9DfHDpKHpnRQWKHOBKUiEv98FQuqQ+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NQSAsg9kc+3egGHicWrwKCgL0Cg/oFKzxUcFVnVrWac=; b=PwUlUkZNFByoSmaY6iN+RTDhoWDC97Ahl+uGHz9NNqYGbbtipaWSEfuZlgoHZPrP7kx6xHiQ90y+8pXpzC2HpChiL8OWWI7WFo4K57Q8V5h6Y3DvilPWiya7jllgWPOY44z4HUjSucSJ2efQWYlkLjy6qyctt9W36jmv8V9Qs3xQqUugy2B2dNqDsQC6cAH6LxXuAJoOJnIesAV2kYd1H7pwHMO+ztSUjj98/6htK27fYMSU/ELIgpqqQ07TcqDHrsxi42m1d6+24FIP+aY6N0eMvKKyvhN0lrMYgUqlQKh01UPTvSDtvr8n0ZdC0fnm5SudOuTQpslf5M2MStZyhw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NQSAsg9kc+3egGHicWrwKCgL0Cg/oFKzxUcFVnVrWac=; b=A3pRWlr3f64zUrb0r9nbhg7m5H4GkgzntiHALuIlwJYDELudoHqMuw3yCt7nxaGWtS6gkLRExF/O+AwVef0WnHtYy+Qvaij6ufQxQnojFEhhxi9y9s0GbuY1CDrbdPLpD/UNdTZr9W90Y0V14Pohk6aSeK8/eAe2GhzoF1egPAo= Received: from BN0PR04CA0032.namprd04.prod.outlook.com (2603:10b6:408:e8::7) by SA5PPFB29794CA1.namprd12.prod.outlook.com (2603:10b6:80f:fc04::8dd) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.20; Fri, 24 Apr 2026 17:44:20 +0000 Received: from BL02EPF0002992A.namprd02.prod.outlook.com (2603:10b6:408:e8:cafe::3d) by BN0PR04CA0032.outlook.office365.com (2603:10b6:408:e8::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:44:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by BL02EPF0002992A.mail.protection.outlook.com (10.167.249.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:44:20 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:44:17 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH v4 4/7] KVM: SVM: Inject NMIs when Restricted Injection is active Date: Fri, 24 Apr 2026 17:42:08 +0000 Message-ID: <4ffbc51b5793aedc56f0be34e727ad7621ee0598.1777048608.git.huibo.wang@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF0002992A:EE_|SA5PPFB29794CA1:EE_ X-MS-Office365-Filtering-Correlation-Id: 90b9c1e4-7eaa-469b-7a5d-08dea2291d5e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700016|376014|1800799024|82310400026|56012099003|18002099003|22082099003; X-Microsoft-Antispam-Message-Info: RyD4sl3EInua3oTRzalPq3AMp7TD1JeBBDOCp7mKSHKUetDSn1jaq397PexhOYsKiBKmVew0r7tH7Ql3Y8L8KxadFbNrJQz52/BKJh9G7At93xnsFmNQ3NJe1O/17H+mwtLLSSBUh4PBbkpuaOBN2ert7SMPKw9fLqFb3qThQVOCrQ1rUJp6d828vsehHT8cMnvWuClzsQ8pw1xdMxBpoNLutlkC+Mf9ZI3ffq/a7mm7LyUNe5sVl6Dd1d+0pMIpWVwMxxJpnh5l2gXRXCrk1EkTs2Q0g7waDGxmtews5K826PeRfwv9XhWw4dwhFgXv9BGDyz/9nfKNEzNS8wtuaoOYrpshsfnkHNFv6Plh48ZmgXWZoXuSTyT1LwaioQPedlLBdfj/Jr9C6yPtW4jwEWHYXL9QDO96kdiyNhEvIhaYhtinCztd5RaBmxdlB4fCuyBQBcL68xqPWmmZPIM5fqyLFh1Xqlzxsz/q/SgHZACWzKXc6k+cLM9NlB51idLFbqDZnKtID+QLhv/Uzeby1X/xLg9EMRpbjnXq3GETywekoxiqU6U6y8HvfyFsFkOBcCqG4nB66zkk+xGmGuZ3/8Ud2worptSypB3/ctHky8aL0WEpKzGvmy5v0GPnsItWbosDjXD7nVgZzfH6yzrSYe9ei0xFyEtBoh7sZQb0dvtq1I4jxIgPUbM3tCvF9kfx9nmu8inXV0PEZUtSmQYzg1U5+Vww7uZUfYtwNAq+nFtTSjQbt19mZYHYV889HeNF+vF7qB4W1BenV8u9Iq9TtA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700016)(376014)(1800799024)(82310400026)(56012099003)(18002099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: qOfAPICP8vGYl5Ggw/vJwlOBRxwT7tAgo9Wt/pIXC19VZ29LeJ3wignuFDQI6YjbjnoT1PK0ER7oelbo0vV+UJpbuZOHd3w15xxxSjzQN1tQXpDti5sGYzKxfB8nYtgH1YhjAMPZG9TSF1bl2apBoqBlrH3llEkawWKbpAzP8zeCiONgtwyDBfErPlhNvIRn5xyf1Dl85wNS+42q7AWxAJW1pjzZR0GBIZ2y3bojHSGzW/6YXsdywLC0yLdFgxdsOiqaQhlq++jVTZRW8yzSrPCfBfxVFEWLU0HWF4UExSuvtxsmDpy5lmWPr/d+jXj1tRo9j+1jaKXkrgID5zpeK2luTL6ADQcjamZ8Fp98FUNjA4NTHsjlkEuYHxiu9/cjMTzgOobyBNuHcaaUXm2E8/dIV9eVEKfIsHfnH8xvMYDyZXYVsGsjC6Vk+xgCdQ2o X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:44:20.2843 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 90b9c1e4-7eaa-469b-7a5d-08dea2291d5e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0002992A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA5PPFB29794CA1 Content-Type: text/plain; charset="utf-8" When Restricted Injection is active, only #HV exceptions can be injected into the SEV-SNP guest. Detect that, and then follow the #HV doorbell communication from the GHCB specification to inject NMIs. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/kvm/svm/sev.c | 19 ++++++++++++++++--- arch/x86/kvm/svm/svm.c | 8 ++++++++ arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 509a4f8b5073..61e1e54deb07 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -5369,7 +5369,10 @@ static void __sev_snp_inject(enum inject_type type, = struct kvm_vcpu *vcpu) return; } =20 - hvdb->events.vector =3D vcpu->arch.interrupt.nr; + if (type =3D=3D INJECT_NMI) + hvdb->events.nmi =3D 1; + else + hvdb->events.vector =3D vcpu->arch.interrupt.nr; =20 prepare_hv_injection(svm, hvdb); =20 @@ -5449,10 +5452,17 @@ void sev_snp_cancel_injection(struct kvm_vcpu *vcpu) /* Copy info back into event_inj field (replaces #HV) */ svm->vmcb->control.event_inj =3D SVM_EVTINJ_VALID; =20 + /* + * KVM only injects a single event each time (prepare_hv_injection), + * so when events.nmi is true, the vector will be zero + */ if (hvdb->events.vector) svm->vmcb->control.event_inj |=3D hvdb->events.vector | SVM_EVTINJ_TYPE_INTR; =20 + if (hvdb->events.nmi) + svm->vmcb->control.event_inj |=3D SVM_EVTINJ_TYPE_NMI; + hvdb->events.pending_events =3D 0; =20 out: @@ -5478,8 +5488,11 @@ bool sev_snp_blocked(enum inject_type type, struct k= vm_vcpu *vcpu) if (!hvdb) return true; =20 - /* Indicate interrupts blocked based on guest acknowledgment */ - blocked =3D !!hvdb->events.vector; + /* Indicate NMIs and interrupts blocked based on guest acknowledgment */ + if (type =3D=3D INJECT_NMI) + blocked =3D hvdb->events.nmi; + else + blocked =3D !!hvdb->events.vector; =20 unmap_hvdb(vcpu, &hvdb_map); =20 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 739cffe12cd1..925e284374b6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3727,6 +3727,9 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 + if (sev_snp_inject(INJECT_NMI, vcpu)) + goto status; + svm->vmcb->control.event_inj =3D SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; =20 if (svm->nmi_l1_to_l2) @@ -3741,6 +3744,8 @@ static void svm_inject_nmi(struct kvm_vcpu *vcpu) svm->nmi_masked =3D true; svm_set_iret_intercept(svm); } + +status: ++vcpu->stat.nmi_injections; } =20 @@ -3957,6 +3962,9 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu) if (!gif_set(svm)) return true; =20 + if (sev_snp_is_rinj_active(vcpu)) + return sev_snp_blocked(INJECT_NMI, vcpu); + if (is_guest_mode(vcpu) && nested_exit_on_nmi(svm)) return false; =20 diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index b4627884c36f..16cb76b9fdd5 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -57,6 +57,7 @@ extern struct kvm_x86_ops svm_x86_ops __initdata; =20 enum inject_type { INJECT_IRQ, + INJECT_NMI, }; =20 /* --=20 2.43.0 From nobody Mon May 11 08:30:36 2026 Received: from BYAPR05CU005.outbound.protection.outlook.com (mail-westusazon11010058.outbound.protection.outlook.com [52.101.85.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BBE8288AD; Fri, 24 Apr 2026 17:44:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.85.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052695; cv=fail; b=sSvQ3qKdkH5uwWYLWrMmBlQWy8zyl7EqXy+MZP5D1pLVN8ui7r01vwJFueyFTNdQkCw7Rgi2PDF6OJupu3YbJzs9SVGcBms/d4rFkSBY/NQkj126B5bT9mMfGOIfKicmCb4nu7PJ+GRXAFV1XkTVzImEslDl8+rjHhxuazKlin4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777052695; c=relaxed/simple; bh=Qp87BENs8m7xnRm9JzX/gcUG7CdahfuN2Vy2jGRJnBc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Tf+jmolnZ9rmAe/g2jkby3ba0NCTdnX+YE8LXBI8VJcQyhKaqMph7mXU84/tRi3qNNb7baRuS9Cy3ompumEJh/vlqknQrDvJfL58EczAJjZDLIsLBTx/wc52GOBLVwq7ocgq07CR67kl20CEzdxjC55VvGb4YiAjW/HLgsCREUI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wamKIKsD; arc=fail smtp.client-ip=52.101.85.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wamKIKsD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Vs6qw4+cH4n2/aa9FVcoDnsFIfDYJI5X98Vdmas3SOkUzHs6edCzZC4ekNnRhhfr6qPCkcAWM/0BPP/I4ol815byqQ68cJriCK1O2S+qPJqF/ZKSAqNs/lLie/ONFL8no0tZT3idnvLR4qCpJHw2z0wDbQfHYeLCnoxay14Gkvk6Y/2SOWqjRkQD7QZQovoLrc7U3T/ssj1C4ec4XCPO/Xlnd1m5l0SXsEhzRE5uePKNCJ7aMaGsQmEUWeAq7RLSJCGeJ/C9SDH/nR8i1uISrkgWCopOKb2c8JD6RA7nfFKv1SytQPhv5JvgjxVkdWBNN3F+lSByle8znU+pbxsGeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p9dYgZREWi/ysJKxhXtLOcsxMtzFN0nw5MnVYYm82aU=; b=rb212UAHPgA27jo90ZEJbBVtPbn4ewJX5ayNUVllsO4pGy0fqDD7mFVduxYvy//WVGLbiu7zhzETE4pCub3NCmXiq0ql4WEwghhmDGYIJvnyFFLRIK6Vp0uHBpZFlQjk6xrQs3eDNCFHGPOGYiLeEX5qjxRCGqoIne3Z0BDiQEiFE3n8CNMaj7IKSo4+APAYt6l4ug1MNg54RB5qZ8BOujDd1sUNBYzy2kAOFZNBMaTnFY8b+EjizMG/DWEkvNG17PK7GbR9Pff7426Ra3vkv/lzPo69FTuOuZAws7DGJcCoRGTe7Ew54CIeW6zMf/WH4fWFcTxWP2/Mm4FhxVyVXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p9dYgZREWi/ysJKxhXtLOcsxMtzFN0nw5MnVYYm82aU=; b=wamKIKsDJT2wnKdmxP8y4aDHn1skDTQOamfGNpwO9DFpHHdLrl+uE51USZ7d+0+Tm+ZjbnVOGRehz4326EIgO5W/Gs8+fEzr/UOMEkwwY26pwvL5Nft6iZbW9Nm2bAS/WxjEIQb+uXh0cR9QhrOR4doOZRyHHiAYvYzrP0rvgWs= Received: from MN2PR16CA0049.namprd16.prod.outlook.com (2603:10b6:208:234::18) by BY5PR12MB4083.namprd12.prod.outlook.com (2603:10b6:a03:20d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Fri, 24 Apr 2026 17:44:49 +0000 Received: from BL02EPF00029929.namprd02.prod.outlook.com (2603:10b6:208:234:cafe::b3) by MN2PR16CA0049.outlook.office365.com (2603:10b6:208:234::18) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:44:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by BL02EPF00029929.mail.protection.outlook.com (10.167.249.54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:44:48 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:44:47 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH v4 5/7] KVM: SVM: Inject MCEs when Restricted Injection is active Date: Fri, 24 Apr 2026 17:42:09 +0000 Message-ID: <51f8c478c5fc09b3bdeb8329c682a01fbe0ea5db.1777048608.git.huibo.wang@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF00029929:EE_|BY5PR12MB4083:EE_ X-MS-Office365-Filtering-Correlation-Id: 48930d4d-88b4-4413-cf32-08dea2292e57 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700016|376014|1800799024|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: qPUVZ/3wVXbrn4uLTj8nDTYi9yFzjChYXFaXnf83tttMbcniaWASGK9/sYFa4fPyJlFryMiCGsLyl7cw3iJhcRxeA/COdSPrwzxumnue1HJ+jOuD7yCymOJGGQWiqXcmsmBDHnrpxtpxXM4Ms9QDw86gG3+egLoMESw7K8xI1EVpv5wCquFY1DadeddGNj4e1VzqP/kBrJDjFPDLyFfoKG+g3vp4yEqcBFGCWZrmMyPjI6hoM2Z6eHh3AAfLN4wW38zRRR5wC/JrkvQshQYsupr/jAmcq7LFmLfpelHQCiEN4EyBAtxd2rofvbBEEx50x0lrO3qDR5N8lc7ggVRq0zRhD2vqyFgPNZdSEQbVH5AyK7zi0aC/u8e6PbfTktAVn66cvo0U42bueqSB6uHHS3JXzjLKvriN9gltohKcbWLVSvLAP2duGA8R0K27aJAqVAN7+qbGt5Id1xIxGkO1Bfro26k77nfRyVpsOZepVM53QS5RgEUOpAf6p0fYmAtfco851OvWI96TFpwwfCOI38oKZZVQcs5nbSPJuOIVlOAJ1mEYaz+OD+WKLw8Bov/jjVWp7X4rWIr2ABUWWysuKySWMMXTzx54grRQpFKLmqWRnq/gtzi3zze7RVWNLa8A9nyJkeB6QaDWxS1vLzPmR+pNdrZAaXAS7BcH4foiDsXsr9sqH4qdhGd8SKylihXdA1d5Yfk43J0u4J6a5xiThyeBsah+QEc57InWLz0XmCafzANGmv66PTj+sw3k/Cw0PrFnAmkU7ULKfSgnpJpG5Q== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700016)(376014)(1800799024)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: k0ECEmdyf3eu3E3kFYpHoPfmzi52jLIQeM7fwnbFYSXLuho+7f+mB+j/xj5QqEkdXbcqdUzOVoOKhiMEXqqjp+BZXhU49L07WG3iOf1wbNJIomgxsFv6eWJW84eyq0O1m/rmF93ggQgTgl2lQUm786lyZm6KdB1BmxCY/6nHV75vuskZPwBd9HO9TcKdvOw5pFe8mRZXSgMErkfgFnzzi4K2zAACqdERiH01dH/JzFmTkE8B9gP/7WbljqJ85QwLyGylhJ+AyU5OXk+RPqx4WJ0gZSHBoM21T7yf0IkCQDAa79hODXc9Du/upFx0D+b9iTNg3VnY6JION5HgfTNyOF4/nWLEoMdwJCHxc39MMqd/Q+LSHo3Ce1zOkOTR5+QMpvMT1M3DsfSMWyVm+f5vWQWeIxvgPSpDKfYdw1iQ+0JbYLozeE69IPpL8cQw3g9+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:44:48.7679 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 48930d4d-88b4-4413-cf32-08dea2292e57 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF00029929.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4083 Content-Type: text/plain; charset="utf-8" When Restricted Injection is active, only #HV exceptions can be injected into the SEV-SNP guest. Detect that, and then follow the #HV doorbell communication from the GHCB specification to inject the MCEs. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/sev.c | 16 ++++++++++++++-- arch/x86/kvm/svm/svm.c | 17 +++++++++++++++++ arch/x86/kvm/svm/svm.h | 2 ++ arch/x86/kvm/vmx/main.c | 10 ++++++++++ arch/x86/kvm/vmx/vmx.c | 5 +++++ arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 7 +++++++ 9 files changed, 58 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-= x86-ops.h index 3776cf5382a2..c8bff1e9325e 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -79,6 +79,7 @@ KVM_X86_OP(inject_exception) KVM_X86_OP(cancel_injection) KVM_X86_OP(interrupt_allowed) KVM_X86_OP(nmi_allowed) +KVM_X86_OP_OPTIONAL(mce_allowed) KVM_X86_OP(get_nmi_mask) KVM_X86_OP(set_nmi_mask) KVM_X86_OP(enable_nmi_window) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index c470e40a00aa..2e445fbc6796 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1860,6 +1860,7 @@ struct kvm_x86_ops { void (*cancel_injection)(struct kvm_vcpu *vcpu); int (*interrupt_allowed)(struct kvm_vcpu *vcpu, bool for_injection); int (*nmi_allowed)(struct kvm_vcpu *vcpu, bool for_injection); + int (*mce_allowed)(struct kvm_vcpu *vcpu); bool (*get_nmi_mask)(struct kvm_vcpu *vcpu); void (*set_nmi_mask)(struct kvm_vcpu *vcpu, bool masked); /* Whether or not a virtual NMI is pending in hardware. */ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 61e1e54deb07..2483357bdd97 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -5371,6 +5371,8 @@ static void __sev_snp_inject(enum inject_type type, s= truct kvm_vcpu *vcpu) =20 if (type =3D=3D INJECT_NMI) hvdb->events.nmi =3D 1; + else if (type =3D=3D INJECT_MCE) + hvdb->events.mce =3D 1; else hvdb->events.vector =3D vcpu->arch.interrupt.nr; =20 @@ -5386,6 +5388,11 @@ bool sev_snp_queue_exception(struct kvm_vcpu *vcpu) if (!sev_snp_is_rinj_active(vcpu)) return false; =20 + if (vcpu->arch.exception.vector =3D=3D MC_VECTOR) { + __sev_snp_inject(INJECT_MCE, vcpu); + return true; + } + /* * Restricted Injection is enabled, only #HV is supported. * If the vector is not HV_VECTOR, do not inject the exception, @@ -5454,7 +5461,7 @@ void sev_snp_cancel_injection(struct kvm_vcpu *vcpu) =20 /* * KVM only injects a single event each time (prepare_hv_injection), - * so when events.nmi is true, the vector will be zero + * so when events.nmi is true, the MCE and vector will be zero. */ if (hvdb->events.vector) svm->vmcb->control.event_inj |=3D hvdb->events.vector | @@ -5463,6 +5470,9 @@ void sev_snp_cancel_injection(struct kvm_vcpu *vcpu) if (hvdb->events.nmi) svm->vmcb->control.event_inj |=3D SVM_EVTINJ_TYPE_NMI; =20 + if (hvdb->events.mce) + svm->vmcb->control.event_inj |=3D MC_VECTOR | SVM_EVTINJ_TYPE_EXEPT; + hvdb->events.pending_events =3D 0; =20 out: @@ -5488,9 +5498,11 @@ bool sev_snp_blocked(enum inject_type type, struct k= vm_vcpu *vcpu) if (!hvdb) return true; =20 - /* Indicate NMIs and interrupts blocked based on guest acknowledgment */ + /* Indicate NMIs, MCEs and interrupts blocked based on guest acknowledgme= nt */ if (type =3D=3D INJECT_NMI) blocked =3D hvdb->events.nmi; + else if (type =3D=3D INJECT_MCE) + blocked =3D hvdb->events.mce; else blocked =3D !!hvdb->events.vector; =20 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 925e284374b6..68bf30ab3a12 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4038,6 +4038,22 @@ static int svm_interrupt_allowed(struct kvm_vcpu *vc= pu, bool for_injection) return 1; } =20 +bool svm_mce_blocked(struct kvm_vcpu *vcpu) +{ + if (sev_snp_is_rinj_active(vcpu)) + return sev_snp_blocked(INJECT_MCE, vcpu); + + return false; +} + +static int svm_mce_allowed(struct kvm_vcpu *vcpu) +{ + if (svm_mce_blocked(vcpu)) + return 0; + + return 1; +} + static void svm_enable_irq_window(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); @@ -5351,6 +5367,7 @@ struct kvm_x86_ops svm_x86_ops __initdata =3D { .cancel_injection =3D svm_cancel_injection, .interrupt_allowed =3D svm_interrupt_allowed, .nmi_allowed =3D svm_nmi_allowed, + .mce_allowed =3D svm_mce_allowed, .get_nmi_mask =3D svm_get_nmi_mask, .set_nmi_mask =3D svm_set_nmi_mask, .enable_nmi_window =3D svm_enable_nmi_window, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 16cb76b9fdd5..9254a463041a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -58,6 +58,7 @@ extern struct kvm_x86_ops svm_x86_ops __initdata; enum inject_type { INJECT_IRQ, INJECT_NMI, + INJECT_MCE, }; =20 /* @@ -798,6 +799,7 @@ void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long c= r4); void disable_nmi_singlestep(struct vcpu_svm *svm); bool svm_smi_blocked(struct kvm_vcpu *vcpu); bool svm_nmi_blocked(struct kvm_vcpu *vcpu); +bool svm_mce_blocked(struct kvm_vcpu *vcpu); bool svm_interrupt_blocked(struct kvm_vcpu *vcpu); void svm_set_gif(struct vcpu_svm *svm, bool value); int svm_invoke_exit_handler(struct kvm_vcpu *vcpu, u64 exit_code); diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index dbebddf648be..f9c4703dda54 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -812,6 +812,15 @@ static void vt_cancel_hv_timer(struct kvm_vcpu *vcpu) } #endif =20 +static int vt_mce_allowed(struct kvm_vcpu *vcpu) +{ + if (is_td_vcpu(vcpu)) + return 0; + + return vmx_mce_allowed(vcpu); +} + + static void vt_setup_mce(struct kvm_vcpu *vcpu) { if (is_td_vcpu(vcpu)) @@ -945,6 +954,7 @@ struct kvm_x86_ops vt_x86_ops __initdata =3D { .cancel_injection =3D vt_op(cancel_injection), .interrupt_allowed =3D vt_op(interrupt_allowed), .nmi_allowed =3D vt_op(nmi_allowed), + .mce_allowed =3D vt_op(mce_allowed), .get_nmi_mask =3D vt_op(get_nmi_mask), .set_nmi_mask =3D vt_op(set_nmi_mask), .enable_nmi_window =3D vt_op(enable_nmi_window), diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a29896a9ef14..7aa728c1e946 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5210,6 +5210,11 @@ int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, boo= l for_injection) return !vmx_interrupt_blocked(vcpu); } =20 +int vmx_mce_allowed(struct kvm_vcpu *vcpu) +{ + return 1; +} + int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr) { void __user *ret; diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index d09abeac2b56..b75dfe7f039d 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -92,6 +92,7 @@ void vmx_inject_exception(struct kvm_vcpu *vcpu); void vmx_cancel_injection(struct kvm_vcpu *vcpu); int vmx_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection); int vmx_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection); +int vmx_mce_allowed(struct kvm_vcpu *vcpu); bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu); void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked); void vmx_enable_nmi_window(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 0a1b63c63d1a..420f1ec0dcfb 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10789,6 +10789,12 @@ static int kvm_check_and_inject_events(struct kvm_= vcpu *vcpu, kvm_update_dr7(vcpu); } =20 + if (vcpu->arch.exception.vector =3D=3D MC_VECTOR) { + r =3D static_call(kvm_x86_mce_allowed)(vcpu); + if (!r) + goto out_except; + } + kvm_inject_exception(vcpu); =20 vcpu->arch.exception.pending =3D false; @@ -10796,6 +10802,7 @@ static int kvm_check_and_inject_events(struct kvm_v= cpu *vcpu, =20 can_inject =3D false; } +out_except: =20 /* Don't inject interrupts if the user asked to avoid doing so */ if (vcpu->guest_debug & KVM_GUESTDBG_BLOCKIRQ) --=20 2.43.0 From nobody Mon May 11 08:30:36 2026 Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010009.outbound.protection.outlook.com [52.101.193.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E687A3D8102; Fri, 24 Apr 2026 17:50:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.193.9 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777053036; cv=fail; b=ouAnwk2kfHhjmT9KbvOhuKLpDkOSxo/dBsykrVpJ89nMXkVZY8MBu0DwAMbQPACt2SG/GDp+1H6+B7+S09FCxvMobIR0SLn8gD+H0pLa8OCWb7WG3pJe6LETjQW5rozrpM2Q5TGmvGIiYAzNyVoI3+E9s1R8v/VnQe/tqAd1GXk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777053036; c=relaxed/simple; bh=FaGokt2CTOtTnEi7XHoJPeF80XY8S6DcWXewafWuE4I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RO8TG7LMY0ouMCEf+jjE2H/MAdt53Z2sXfeIVbpB5tvtcGjVEedDY/iPl/Juk3pzEiWPNm6gc681t0zvGGuVQs6e4J4Ve5Y5jeZ/026hrWdnj5aC/MfMRC1vWIJyhTH3g6RbRnmMAnRObpb/ohShje6bxc7NFQtUu1uA8NZkjso= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=twUj5jHP; arc=fail smtp.client-ip=52.101.193.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="twUj5jHP" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BEfSkAHgm2sC0gd1lNw8qGncCbkwcOeQv5JzG4SQhqgV+DDNJZZI4OKeGHRdU0rqgb51aSwpQ+3DE4WFMxHDLTmF1/yGVu9draV9ukwEU63vE6v2QZZRk3ohhGmSg47JSKzseiSRRWdxica1loOcKiRqk4SObVCMOmS/4rhXELIjJvs2tRFwvgvgH+V79UoJkogwgqyi2Vb2nL4YBZd7nW115y+UcRxtG99zwa8blyR+ItYglEAWTCPlX08gkjipZ09xmMk2rA+MLmhRuaF2rF4it08bBmDH0EtYOMHW0+YXETyVeF/qv5LQ5hHvTQqgy6mg08eesO+VjCje5yEyOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UN+Z3tjmhW4SDPKdoAq7Zk3yURH1g2wrAiCHAjEkKxk=; b=uBo+sAEkgHh6ZufJsA40eQj3xY4FFnxsErApk6i9SCIwRkxrQFmRcyXVShzxpRamEDw3lz44L+7L5M0GIh25exia83EbHhYUgaCI/UlwJvMWMaybJ4v1FIms+JdAuZudIevH+2Fr6fLL7QN6lZyPGHY6gPPhWslM1/HpY8pNqmydQoJ08H5bRRZ2nSq2aOT643qICVV/qtkYZ4KlkvC/XbWDP4z/1ZuKHvZNE1ilm+/0VoklCHghQItebiBhvY8+niymldHi4JFxBhYLUx2Lptfb7sFBHxhXK34nLmrDBBXeVyz10PclbknOFnV+9NnPFpFD/tOXeq9ZYOSMSUi8Tg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UN+Z3tjmhW4SDPKdoAq7Zk3yURH1g2wrAiCHAjEkKxk=; b=twUj5jHP5uSPiJZ2rQAXBDL/cv9W30U/SVLR3I5/OInB7sigDVSbVWRl7uWvCp0C4Jd0fXSXaeCTkxEx+dLMRSpkU7EuuPnthjzBlU6ve9oXLwsLqffxT9F6yOA0bL94vozI/weTEMVo2LgISKHpg0HcxCEAr9axR2pesepbjas= Received: from SA0PR11CA0207.namprd11.prod.outlook.com (2603:10b6:806:1bc::32) by DM4PR12MB6375.namprd12.prod.outlook.com (2603:10b6:8:a2::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Fri, 24 Apr 2026 17:50:27 +0000 Received: from SA2PEPF00003AE4.namprd02.prod.outlook.com (2603:10b6:806:1bc:cafe::f1) by SA0PR11CA0207.outlook.office365.com (2603:10b6:806:1bc::32) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:50:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SA2PEPF00003AE4.mail.protection.outlook.com (10.167.248.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:50:26 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:50:25 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH 6/7] KVM: SVM: Add support for the SEV-SNP #HV IPI NAE event Date: Fri, 24 Apr 2026 17:50:07 +0000 Message-ID: <20260424175007.4057-1-huibo.wang@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA2PEPF00003AE4:EE_|DM4PR12MB6375:EE_ X-MS-Office365-Filtering-Correlation-Id: 3a48fb9d-e229-45c2-aa6c-08dea229f787 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|82310400026|36860700016|18002099003|56012099003|22082099003; X-Microsoft-Antispam-Message-Info: GDlVdhKpTaiAqzLknRF6blI0/L8ueF0uhPGOB2Jf5Ld+QhqwA0FLvoZBU8qUVafnZq9+aqLUCyeYylPI5a6h53lm1oFNxZh+zyi6WQswKMGtek9KshFdCffS/l6MLjv7AHJlXH0s/ft+wbDYWbOhc+ijJvbgazHsGV+TLErOX1wazdAmcye09QVQDGvaSD6YZ6ablac7WZEbXUFinSXHu6/bA5DIqsL8U9Kmn4CEp/Q11FHcgQl9K2O+HzLeKaHw64Sd8b74Pv+Ny9z1gsoGq5f+awtKSQxnL/68d/qwMlpvqMfH4GRfRoDsvNlcIymEtBH8D+X+oY8mmblZA7o8E+yB4fMhZRJPpu/qLKc7eKw6h+gJRyX0dEyOg6VT37V3U8ufnI0IRGZj3sxEN0qzSMnqROaXJL+q6g+sj/05HAxknuUI0qwLiBtrPGgEE07/+2ORE7FXxhKsxcexKoSaO4VtEPyWejdxKClItcbCZZNNWsFnnGYVxAA/vyB2O9VCv4B/RMBptpPG92n0vK7NgiYQ5dPmMtkB5igO9zAiw2waREgsKeypeL5WXmPD0N74TNPH9F2uqQJWcbbaJszSP4jmT5H72g3M3ar9LsdK2nuHWM3yixNMIbseOmj8h1zvO1jC9XOs99cgHQ/W7EW1TR3A4K8RBBKX/fGlMla243/lhN3wbtcNJKBP5WMt2gvqhSdVCwoGEXRK0m9XF+hQzReVr6yT8dIq7DBJyk7lBJ0nHchbkz97AE0JpUuMiGUBX2nyt3o3Oy+5ovxVI/50JQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(82310400026)(36860700016)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: jE1Ju4mvNXohp/wrJ0dz+W4aDCWk0SLsrRcVyaS8LgsGGzNO6W8seX7wpCgaR3MfDPONzRjtd2gIFzi49W6xEJt1LPXqxGdH9JN7laeUmcgH3tnXBYeWUdwgAwL9TA26YQvq7ofBi3WKuACJOB6KuoHWXV+vTiQmE/SPHn4EqYuAlkU2X8aYGk9oe5j8dTjJGr7K18IwXrhTlfIqcjwQ06rqDRFAJlqr+v3ZC7NoI1+0NgiHOlSy+4jRP4M23B5WgP6ObLyDu7t0NtxRZG6Hq/cDVJQ54BJCLgGxTw/CbYjnE/DFkEWU4tM93Dkrbe6j4Oea/NpjevkLmtmXWlpduvEiYE67n4anW2iJzUvwJaYW6OwlwW7dkCumd9YJI7jNXTdZcjzaA6cAU1o/QKGWomY9N3ibwBKCM1rgx4XLwJLSW2Q1SBzKPCD3ROVsaeZU X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:50:26.2759 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3a48fb9d-e229-45c2-aa6c-08dea229f787 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SA2PEPF00003AE4.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6375 Content-Type: text/plain; charset="utf-8" The #HV IPI NAE event allows the guest to send an IPI to other vCPUs in the guest when Restricted Injection is enabled. Implement the NAE event as per GHCB specification. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kvm/lapic.c | 24 +++++++++++++++++++++++- arch/x86/kvm/lapic.h | 2 ++ arch/x86/kvm/svm/sev.c | 26 ++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/sv= m.h index d84a13ac4627..1c0165e9db16 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -122,6 +122,7 @@ #define SVM_VMGEXIT_HVDB_SET 1 #define SVM_VMGEXIT_HVDB_QUERY 2 #define SVM_VMGEXIT_HVDB_CLEAR 3 +#define SVM_VMGEXIT_HV_IPI 0x80000015ull #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018ull #define SVM_VMGEXIT_SAVIC 0x8000001aull #define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index e3ec4d8607c1..9601d960824f 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2556,7 +2556,7 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic= , u32 reg, u32 val) static int apic_mmio_write(struct kvm_vcpu *vcpu, struct kvm_io_device *th= is, gpa_t address, int len, const void *data) { - struct kvm_lapic *apic =3D to_lapic(this); + struct kvm_lapic *apic =3D this ? to_lapic(this) : vcpu->arch.apic; unsigned int offset =3D address - apic->base_address; u32 val; =20 @@ -3581,3 +3581,25 @@ void kvm_lapic_exit(void) static_key_deferred_flush(&apic_sw_disabled); WARN_ON(static_branch_unlikely(&apic_sw_disabled.key)); } + +/* Send IPI by writing ICR with MSR write when X2APIC enabled, with mmio w= rite when XAPIC enabled */ +int kvm_xapic_x2apic_send_ipi(struct kvm_vcpu *vcpu, u64 data) +{ + u32 icr_msr_addr =3D APIC_BASE_MSR + (APIC_ICR >> 4); + struct kvm_lapic *apic =3D vcpu->arch.apic; + gpa_t gpa =3D apic->base_address + APIC_ICR; + + if (!kvm_lapic_enabled(vcpu)) + return 1; + + if (vcpu->arch.apic_base & X2APIC_ENABLE) { + if (!kvm_x2apic_msr_write(vcpu, icr_msr_addr, data)) + return 0; + } else { + if (!apic_mmio_write(vcpu, NULL, gpa, 4, &data)) + return 0; + } + + return 1; +} +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_xapic_x2apic_send_ipi); diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 274885af4ebc..afd440c88981 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -156,6 +156,8 @@ int kvm_hv_vapic_msr_read(struct kvm_vcpu *vcpu, u32 ms= r, u64 *data); int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long le= n); void kvm_lapic_exit(void); =20 +int kvm_xapic_x2apic_send_ipi(struct kvm_vcpu *vcpu, u64 data); + u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic); =20 static inline void kvm_lapic_set_irr(int vec, struct kvm_lapic *apic) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2483357bdd97..95ee199e38fb 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -35,6 +35,7 @@ #include "svm_ops.h" #include "cpuid.h" #include "trace.h" +#include "lapic.h" =20 #define GHCB_VERSION_MAX 2ULL #define GHCB_VERSION_MIN 1ULL @@ -3554,6 +3555,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *s= vm) goto vmgexit_err; break; case SVM_VMGEXIT_HVDB_PAGE: + case SVM_VMGEXIT_HV_IPI: if (!is_sev_snp_guest(vcpu)) goto vmgexit_err; break; @@ -4362,6 +4364,22 @@ static int sev_snp_hv_doorbell_page(struct vcpu_svm = *svm) return 0; } =20 +static int sev_snp_hv_ipi(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu =3D &svm->vcpu; + u64 icr_info; + + if (!is_sev_snp_guest(vcpu)) + return -EINVAL; + + icr_info =3D svm->vmcb->control.exit_info_1; + + if (kvm_xapic_x2apic_send_ipi(vcpu, icr_info)) + return -EINVAL; + + return 0; +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control =3D &svm->vmcb->control; @@ -4635,6 +4653,14 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT); } =20 + ret =3D 1; + break; + case SVM_VMGEXIT_HV_IPI: + if (sev_snp_hv_ipi(svm)) { + ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT); + } + ret =3D 1; break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: --=20 2.43.0 From nobody Mon May 11 08:30:36 2026 Received: from SA9PR02CU001.outbound.protection.outlook.com (mail-southcentralusazon11013006.outbound.protection.outlook.com [40.93.196.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 204C113B5B3; Fri, 24 Apr 2026 17:51:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.196.6 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777053088; cv=fail; b=Ye06khOH4iktjOAUzJi/S+MK51cilvrfUS9naMto1rKpWqbZJbHMm0ysbuoc3H530zjyUaliFU/QglrzhZg/XSwAIkJqBS99/rAXCuq6pkLFRsByfqiHVGOeydKIqpi7U9KJzfl1kRc8IXJEsvj9ZzZtFJhbKg5qCIyGn0fVaok= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777053088; c=relaxed/simple; bh=b/yN7alrEaujuTkmtZNedOLcM/qBFwPkRq1+ZVWG89E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bY6qnhfs5nqOOVpmxbbPVQfhyVdu63apI66rG92o2iwh3z+//V0LQKxmuZ4koGIKb9N0Hk1Q7gspuwa7RNOQIkWY0I/T9utCuAUDGjCNNgHm60BiB/rD8pBNo8I39uW2xpjau3+X4ALz9WPpTsgu6KUpAmQzP80zeU/M/r6qS/E= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=x7KoVGGI; arc=fail smtp.client-ip=40.93.196.6 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="x7KoVGGI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mftRD/Cz9Huaw2F98AawisSSFPFG51rsqME2LSBXqhHIqq78Q4VWaN6lSHeb1rpS0w1HW3qUaziAafp6UoIkhdFMmWW9biEB9G7Sq0911Wn6JS3alkOcA89t20rnroTXr6mBonN13++noST7IWaDe+zwHMzcOTh5zpzSWopg4Txw7qVPvLXTsj7kRcfADTmbs13FOcO/DAkkH+GldFBVdonhoDm7Bsu2EZ+768O9/5ihvFDq7kZ+l6S1DYOiQl2yijGkukR4KfZIUEpTC1++2OJvB0SBCE2HpH68SJEW3COWhg3rbTHFnDTLCik8Ondbl9Ul3whOAYAqFPKSzMIm8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EwZ2B4WSWBlK4x+ZdSKQ4wlck9LiWJwzJ++DTuFWNSc=; b=lQbKCoCKYylsGUTsKo4fzKLdFXHYu7HbwPOeZBrXNGE3ld8xoRXKNEn4so3gGG0mhjBfXIt5vlq9i6KqNbu2slfIM2UGLHalKFsDwhtvX5TmT2H9NPIsZcLhKRkoHX523sogbXz//EuK3SNjuTkq5YAHF9ANSKVO/XoLtutjzJj1vw0FB1YMraRPkM2Xtx7gBsx7PkfUhXFZW/OSpoaUQImG0mIIO6FZwIqd75sALDQT1fiRdDpQfm9oxzhzU18e6dNSgbalu6fOADcqlJU3GkJ9Cgw1ruIJzJpUc8Y4LXr4Qsx3uzvjlDuinVJfey7JWDBO3WRl1PNiXLWNq/0RuQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EwZ2B4WSWBlK4x+ZdSKQ4wlck9LiWJwzJ++DTuFWNSc=; b=x7KoVGGIQZtn7ckFJEhrT/kCwVqNXz+1VzOqUqAx0D9Uq/9/5dzDd1YFtKHeYyoLxcsh7EQicNQkLViWQUd2pRdU2QP1QGeXG4CXqh72gJnIWeA5vJwhrJtGx8F4U0HJHY3ZfEkxSfsNfj/dhUVft7snL4EcOeWbE8KFKDOnoaw= Received: from SA0PR11CA0200.namprd11.prod.outlook.com (2603:10b6:806:1bc::25) by DS0PR12MB8296.namprd12.prod.outlook.com (2603:10b6:8:f7::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.22; Fri, 24 Apr 2026 17:51:22 +0000 Received: from SA2PEPF00003AE4.namprd02.prod.outlook.com (2603:10b6:806:1bc:cafe::10) by SA0PR11CA0200.outlook.office365.com (2603:10b6:806:1bc::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.22 via Frontend Transport; Fri, 24 Apr 2026 17:51:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by SA2PEPF00003AE4.mail.protection.outlook.com (10.167.248.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18 via Frontend Transport; Fri, 24 Apr 2026 17:51:22 +0000 Received: from purico-9dcchost.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 24 Apr 2026 12:51:21 -0500 From: Melody Wang To: Sean Christopherson , Paolo Bonzini , Joerg Rodel CC: , , Tom Lendacky , , Melody Wang Subject: [PATCH v4 7/7] KVM: SVM: Enable Restricted Injection for an SEV-SNP guest Date: Fri, 24 Apr 2026 17:51:05 +0000 Message-ID: <20260424175105.4106-1-huibo.wang@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA2PEPF00003AE4:EE_|DS0PR12MB8296:EE_ X-MS-Office365-Filtering-Correlation-Id: 57746540-62fe-49a4-0dc3-08dea22a190b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700016|82310400026|1800799024|18002099003|22082099003|56012099003; X-Microsoft-Antispam-Message-Info: z/U5OrAnu5Wbo/vnyjbFtMH4i28D2jpcLGtwlYsOjY1Iff5NoXlAjCeroNoxlvz6e7uDz8QmltdMZM2aPAW0ONjvVsntWwOHtvXcPxkt7KpKUy1r02T8TI24cFGBOgdAe4tHt9Wtqo8gSq5u0rKwz7UabfuIMsYnuhDV/sudHDQTwjHI2kLS01xONEggJTkUw6HTyqonyuQTzUhFxnXdzxU7Gm0x02KZmOMbmotnOsBh+8FiwzRTP2eg9iunk3b88di0H0J2b4L3piII9lRQewQJBPMV2Z6huYvCZ4cy14wjqsiI/pnU7rUkrawmgGYEJPITpirmmI5QULnWLZeGtU4TRVQmCqw5B3v1p05BEj2/CBwNh7Gk3qIw7kuiPZp4wWC48HzUvEBGTUDE4uavlboLOcfGxCT9rx14yjsBbpfRAjHaSNBKRyPtI9sIn5/mIVvSgjPCMKgVvjlGuzg61ASeeus/9fFtQNWli2L8n6fpRNPlXmLJtQYj6xBz5mvJJzH36WLql/tHFxpne6FZz5+BOYw80iEBWgI+zj1v/Dt3hNZpNEecmluR9MHHntGWDapDPjbw1etcGThXUI8swxZuLc2n0T5MQC8FaFQUU/UG8qQfvnaM+SYY8kdPZqmq5qlB22lLOK2Bw8tFt37sRwh2ZqMbzgVL/9pTzTHzD4lvR7Dma7D0prxI0WQRikxrjMINurzUmldpOe79hWfDWlt1i6Va0/l/KwNNZlORRtbhQw1Rtr2FE/sMgY3nA5MtdD+RNH0oJTSHx03eOmW59A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700016)(82310400026)(1800799024)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mXmQBeFS/LdAo00mD+Mnh7ZiMYgcafnWuHE9/uxyMS+Ht67+GBflbCMHPas4lHwIxYUeDALaOA/Jg4czQH4enH5alhQau84z8wa44V69E48Yvafstprgjrei0tfT3b3AdQMuSujGtE/Dne85XB0vijSIT2g9+Xml+JfUfzb180wUNpHG0NZioZ/dWLTPlxi48z8DJWFGgrHCPj9xcPntUuQ12meG3mv57sBnHJkQResLPkmr6U2CKYhNqDita5hTE/4/88r9uCMDTFl2Y6Xl99Se8lEzIBofORPra3Ke5Qaq7TsCSTG7mxEuh8v6XPFrx+cHjCLLiMBZeMBs9dNIa5Y6i3deKrbFVs2pRY5ZJSZOkVL4GdGSwAlZm218optJL1LRohxteySfriUrutlJJefALem6frJRNhYGenVh1CSqxGXnKM5PIXldh4n4o8+7 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2026 17:51:22.5313 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 57746540-62fe-49a4-0dc3-08dea22a190b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SA2PEPF00003AE4.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8296 Content-Type: text/plain; charset="utf-8" Enable Restricted Injection in an SEV-SNP guest by setting the corresponding bit in the VMSA SEV features field (SEV_FEATURES[3]) from QEMU. Add Restricted Injection to the supported hypervisor features. Co-developed-by: Thomas Lendacky Signed-off-by: Thomas Lendacky Signed-off-by: Melody Wang --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/sev-common.h | 1 + arch/x86/kvm/svm/sev.c | 26 +++++++++++++++++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index de7bd88e539d..dc35806ff05e 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -453,6 +453,7 @@ #define X86_FEATURE_SNP_SECURE_TSC (19*32+ 8) /* SEV-SNP Secure TSC */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* hardware-enforced cache coh= erency */ +#define X86_FEATURE_RESTRICTED_INJECTION (19*32+12) /* Restricted Injectio= n */ #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* "debug_swap" SEV-ES full deb= ug state swap support */ #define X86_FEATURE_RMPREAD (19*32+21) /* RMPREAD instruction */ #define X86_FEATURE_SEGMENTED_RMP (19*32+23) /* Segmented RMP support */ diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-c= ommon.h index 01a6e4dbe423..ee17a3541b55 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -136,6 +136,7 @@ enum psc_op { =20 #define GHCB_HV_FT_SNP BIT_ULL(0) #define GHCB_HV_FT_SNP_AP_CREATION BIT_ULL(1) +#define GHCB_HV_FT_SNP_RINJ (BIT_ULL(2) | GHCB_HV_FT_SNP_AP_CREATION) #define GHCB_HV_FT_SNP_MULTI_VMPL BIT_ULL(5) =20 /* diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 95ee199e38fb..c26575516eec 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -40,7 +40,9 @@ #define GHCB_VERSION_MAX 2ULL #define GHCB_VERSION_MIN 1ULL =20 -#define GHCB_HV_FT_SUPPORTED (GHCB_HV_FT_SNP | GHCB_HV_FT_SNP_AP_CREATION) +#define GHCB_HV_FT_SUPPORTED (GHCB_HV_FT_SNP | \ + GHCB_HV_FT_SNP_AP_CREATION | \ + GHCB_HV_FT_SNP_RINJ) =20 /* * The GHCB spec essentially states that all non-zero error codes other th= an @@ -64,6 +66,10 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444); static bool __ro_after_init sev_snp_enabled =3D true; module_param_named(sev_snp, sev_snp_enabled, bool, 0444); =20 +/* enable/disable SEV-SNP Restricted Injection support */ +static bool sev_snp_restricted_injection_enabled =3D true; +module_param_named(restricted_injection, sev_snp_restricted_injection_enab= led, bool, 0444); + static unsigned int __ro_after_init nr_ciphertext_hiding_asids; module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, ui= nt, 0444); =20 @@ -3224,6 +3230,12 @@ void __init sev_hardware_setup(void) =20 if (sev_snp_enabled && tsc_khz && cpu_feature_enabled(X86_FEATURE_SNP_SEC= URE_TSC)) sev_supported_vmsa_features |=3D SVM_SEV_FEAT_SECURE_TSC; + + if (!sev_snp_enabled || !cpu_feature_enabled(X86_FEATURE_RESTRICTED_INJEC= TION)) + sev_snp_restricted_injection_enabled =3D false; + + if (sev_snp_restricted_injection_enabled) + sev_supported_vmsa_features |=3D SVM_SEV_FEAT_RESTRICTED_INJECTION; } =20 void sev_hardware_unsetup(void) @@ -4740,10 +4752,20 @@ void sev_vcpu_after_set_cpuid(struct vcpu_svm *svm) vcpu->arch.reserved_gpa_bits &=3D ~(1UL << (best->ebx & 0x3f)); } =20 +static void sev_snp_init_vmcb(struct vcpu_svm *svm) +{ + struct kvm_sev_info *sev =3D &to_kvm_svm(svm->vcpu.kvm)->sev_info; + + /* V_NMI is not supported when Restricted Injection is enabled */ + if (sev->vmsa_features & SVM_SEV_FEAT_RESTRICTED_INJECTION) + svm->vmcb->control.int_ctl &=3D ~V_NMI_ENABLE_MASK; +} + static void sev_es_init_vmcb(struct vcpu_svm *svm, bool init_event) { struct kvm_sev_info *sev =3D to_kvm_sev_info(svm->vcpu.kvm); struct vmcb *vmcb =3D svm->vmcb01.ptr; + struct kvm_vcpu *vcpu =3D &svm->vcpu; =20 svm->vmcb->control.misc_ctl |=3D SVM_MISC_ENABLE_SEV_ES; =20 @@ -4810,6 +4832,8 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm, bo= ol init_event) set_ghcb_msr(svm, GHCB_MSR_SEV_INFO((__u64)sev->ghcb_version, GHCB_VERSION_MIN, sev_enc_bit)); + if (is_sev_snp_guest(vcpu)) + sev_snp_init_vmcb(svm); } =20 void sev_init_vmcb(struct vcpu_svm *svm, bool init_event) --=20 2.43.0