Xen project Mailing List

Re: [PATCH v2 2/3] x86/svm: Intercept Bus Locks for HVM guests

To: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 21 Jan 2026 15:35:32 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rRoU1iEdKjIswk6mIvdZfWB7lGau8bj22VbTsylW6mY=; b=rmv3BjovLBFDhYJUQ0PRL7XBs89oiCH61Ln31GoQsFI/mVOe+OzBkWE1FMFraJoOqjnDdc3r8VaSk5VQSbfS34wBGLBsBhBEzI9Akx516MYXnHI7qM2P+9sc73Ccd43ZzOOQXPu3knsOKWY+wyAnjuBLvnHjbjFzo7L6DVr2NpqIPTIJkQs1bU63hiZlb9we4ROZpArgu3YRVuPv5rMFZ4fxmhCmNpPYJJCihvrLTuRr0+xQQOyncI0ckrt5dImAL8w+m3cFVgecSkYyfnjPzgDedIrNVEiqpvI/xDKkmvvR66GjwP8MncypsyT3pw5ig+hVyms12YPt0OrMQiAu5g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=htBiYI/ER1F0xunbZzb1Tkn4wBzO1uQ/m7pfUn01484tE+J+Olyfi+Nrx5qo4LH+uEDHX4bE3ImckFWJWQPz/9Y3apDQOuzgI/hIcD82zu4pQ1eIYlz8D1CMcsEfC+X6ePwW6JfqUbkcJDGCZa0Yfu+3juEvJUfOC7hO8RMVoAPL7nonNBQtttlKDUT1MtOaN73+LPF38wSNlpGPmblLMjc9H/cqoKBe/Xfu5QMBbcn9H3DW3Il4P8dCkNcWwpxWCjo37VHKGEtsncqwsQaeUZNVAdT75u6ChULn/MxIz3cpxnaDvPEAT/driWQ7GhsgIDPTnPQTQ5mebul4od6kXA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>

Delivery-date: Wed, 21 Jan 2026 15:36:00 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 21/01/2026 2:28 pm, Alejandro Vallejo wrote: > Configure the Bus Lock intercept when supported by the host. "which is available on Zen4 and later". (I think ?) > diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c > index 5d23603fc1..abda5a9063 100644 > --- a/xen/arch/x86/hvm/svm/svm.c > +++ b/xen/arch/x86/hvm/svm/svm.c > @@ -2524,6 +2524,7 @@ const struct hvm_function_table * __init start_svm(void) > P(cpu_has_tsc_ratio, "TSC Rate MSR"); > P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack"); > P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation"); > + P(cpu_has_svm_bus_lock, "BusLock-Intercept Filter"); "Bus Lock Filter". The Intercept part isn't terribly useful. > #undef P > > if ( !printed ) > @@ -3087,6 +3088,11 @@ void asmlinkage svm_vmexit_handler(void) > break; > } > > + case VMEXIT_BUS_LOCK: > + perfc_incr(buslock); > + vmcb->bus_lock_count = 1; > + break; This needs an explanation of the behaviour. /* This is a fault and blocked the Bus Lock inducing action. We're only interested in rate limiting the guest, so credit it one "lock" in order to re-execute the instruction. */ > + > default: > unexpected_exit_type: > gprintk(XENLOG_ERR, "Unexpected vmexit: reason %#"PRIx64", " > diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c > index cbee10d046..15223a693e 100644 > --- a/xen/arch/x86/hvm/svm/vmcb.c > +++ b/xen/arch/x86/hvm/svm/vmcb.c > @@ -66,6 +66,9 @@ static int construct_vmcb(struct vcpu *v) > GENERAL2_INTERCEPT_XSETBV | GENERAL2_INTERCEPT_ICEBP | > GENERAL2_INTERCEPT_RDPRU; > > + if ( cpu_has_svm_bus_lock ) > + vmcb->_general3_intercepts |= GENERAL3_INTERCEPT_BUS_LOCK; > + This wants a justification for why it's unconditional. Something like: /* Well behaved logic shouldn't ever Bus Lock, but we care about rate limiting buggy/malicious cases. */ > /* Intercept all debug-register writes. */ > vmcb->_dr_intercepts = ~0u; > > diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h > index 231f9b1b06..68cf5eaf0b 100644 > --- a/xen/arch/x86/hvm/svm/vmcb.h > +++ b/xen/arch/x86/hvm/svm/vmcb.h > @@ -68,7 +68,7 @@ enum GenericIntercept2bits > /* general 3 intercepts */ > enum GenericIntercept3bits > { > - GENERAL3_INTERCEPT_BUS_LOCK_THRESH = 1 << 5, > + GENERAL3_INTERCEPT_BUS_LOCK = 1 << 5, > }; > > /* control register intercepts */ > @@ -497,7 +497,7 @@ struct vmcb_struct { > u8 guest_ins_len; /* offset 0xD0 */ > u8 guest_ins[15]; /* offset 0xD1 */ > u64 res10a[8]; /* offset 0xE0 */ > - u16 bus_lock_thresh; /* offset 0x120 */ > + u16 bus_lock_count; /* offset 0x120 */ > u16 res10b[3]; /* offset 0x122 */ > u64 res10c[91]; /* offset 0x128 pad to save area */ > Both of these hunks want moving into the prior patch, which resolves one of my concerns there. All can be fixed on commit. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.