Merge pull request #368 from msft-jlange/alt_injection

svsm: implement SVSM Alternate Injection protocol for APIC emulation

Author: joergroedel

Cargo.lock

@@ -115,8 +115,11 @@ pub struct IgvmParamBlock {
     /// The port number of the serial port to use for debugging.
     pub debug_serial_port: u16,
 
+    /// Indicates whether the guest can support alternate injection.
+    pub use_alternate_injection: u8,
+
     #[doc(hidden)]
-    pub _reserved: [u16; 3],
+    pub _reserved: [u8; 5],
 
     /// Metadata containing information about the firmware image embedded in the
     /// IGVM file.

bootlib/src/igvm_params.rs

@@ -31,6 +31,7 @@ pub struct KernelLaunchInfo {
     pub igvm_params_virt_addr: u64,
     pub vtom: u64,
     pub debug_serial_port: u16,
+    pub use_alternate_injection: bool,
     pub platform_type: SvsmPlatformType,
 }
 

bootlib/src/kernel_launch.rs

@@ -4,6 +4,7 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+bitfield-struct.workspace = true
 
 [lints]
-workspace = true
+workspace = true

cpuarch/Cargo.toml

@@ -4,6 +4,8 @@
 //
 // Author: Joerg Roedel <[email protected]>
 
+use bitfield_struct::bitfield;
+
 // AE Exitcodes
 // Table 15-35, AMD64 Architecture Programmer’s Manual, Vol. 2
 #[repr(u64)]
@@ -43,6 +45,64 @@ pub enum GuestVMExit {
     BUSY = 0xfffffffffffffffe,
 }
 
+#[bitfield(u64)]
+pub struct VIntrCtrl {
+    pub v_tpr: u8,
+    pub v_irq: bool,
+    pub vgif: bool,
+    pub int_shadow: bool,
+    pub v_nmi: bool,
+    pub v_nmi_mask: bool,
+    #[bits(3)]
+    _rsvd_15_13: u8,
+    #[bits(4)]
+    pub v_intr_prio: u8,
+    pub v_ign_tpr: bool,
+    #[bits(5)]
+    _rsvd_25_21: u8,
+    v_nmi_enable: bool,
+    #[bits(5)]
+    _rsvd_31_27: u8,
+    pub v_intr_vector: u8,
+    #[bits(23)]
+    _rsvd_62_40: u32,
+    busy: bool,
+}
+
+#[derive(Copy, Clone, Debug, Eq, PartialEq)]
+pub enum VmsaEventType {
+    Interrupt = 0,
+    NMI = 2,
+    Exception = 3,
+    SoftwareInterrupt = 4,
+}
+
+impl VmsaEventType {
+    const fn into_bits(self) -> u64 {
+        self as _
+    }
+    const fn from_bits(value: u64) -> Self {
+        match value {
+            2 => Self::NMI,
+            3 => Self::Exception,
+            4 => Self::SoftwareInterrupt,
+            _ => Self::Interrupt,
+        }
+    }
+}
+
+#[bitfield(u64)]
+pub struct VmsaEventInject {
+    pub vector: u8,
+    #[bits(3)]
+    pub event_type: VmsaEventType,
+    pub error_code_valid: bool,
+    #[bits(19)]
+    _rsvd_30_12: u32,
+    pub valid: bool,
+    pub error_code: u32,
+}
+
 #[repr(C, packed)]
 #[derive(Debug, Default, Clone, Copy)]
 pub struct VMSASegment {
@@ -139,15 +199,15 @@ pub struct VMSA {
     pub reserved_380: [u8; 16],
     pub guest_exitinfo1: u64,
     pub guest_exitinfo2: u64,
-    pub guest_exitintinfo: u64,
+    pub guest_exitintinfo: VmsaEventInject,
     pub guest_nrip: u64,
     pub sev_features: u64,
-    pub vintr_ctrl: u64,
+    pub vintr_ctrl: VIntrCtrl,
     pub guest_exit_code: GuestVMExit,
     pub vtom: u64,
     pub tlb_id: u64,
     pub pcpu_id: u64,
-    pub event_inj: u64,
+    pub event_inj: VmsaEventInject,
     pub xcr0: u64,
     pub reserved_3f0: [u8; 16],
     pub x87_dp: u64,
@@ -279,13 +339,3 @@ impl Default for VMSA {
         }
     }
 }
-
-impl VMSA {
-    pub fn enable(&mut self) {
-        self.efer |= 1u64 << 12;
-    }
-
-    pub fn disable(&mut self) {
-        self.efer &= !(1u64 << 12);
-    }
-}

cpuarch/src/vmsa.rs

@@ -59,6 +59,10 @@ pub struct CmdOptions {
     /// Extra SEV features to be enabled in the VMSA (multiple values can be provided separated by ',')
     #[arg(long, value_delimiter = ',')]
     pub sev_features: Vec<SevExtraFeatures>,
+
+    /// Use Alternate Injection if available
+    #[arg(long, default_value_t = false)]
+    pub alt_injection: bool,
 }
 
 impl CmdOptions {

igvmbuilder/src/cmd_options.rs

@@ -221,6 +221,10 @@ impl IgvmBuilder {
             kernel_size: self.gpa_map.kernel.get_size() as u32,
             kernel_base: self.gpa_map.kernel.get_start(),
             vtom,
+            use_alternate_injection: match self.options.alt_injection {
+                true => 1,
+                false => 0,
+            },
             ..Default::default()
         };
 

igvmbuilder/src/igvm_builder.rs

@@ -184,4 +184,11 @@ impl SvsmConfig<'_> {
             SvsmConfig::IgvmConfig(igvm_params) => igvm_params.initialize_guest_vmsa(vmsa),
         }
     }
+
+    pub fn use_alternate_injection(&self) -> bool {
+        match self {
+            SvsmConfig::FirmwareConfig(_) => false,
+            SvsmConfig::IgvmConfig(igvm_params) => igvm_params.use_alternate_injection(),
+        }
+    }
 }