[RESEND PATCH v2] KVM: SVM: Add Bus Lock Detect support

[RESEND PATCH v2] KVM: SVM: Add Bus Lock Detect support

[Shivansh Dhiman]

From: Ravi Bangoria <ravi.bangoria@amd.com>

Add Bus Lock Detect support in AMD SVM. Bus Lock Detect is enabled through
MSR_IA32_DEBUGCTLMSR and MSR_IA32_DEBUGCTLMSR is virtualized only if LBR
Virtualization is enabled. Add this dependency in the SVM.

While adding Bus Lock Detect support, also fix DR6 handling in nested
virtualization. Using DR6_FIXED_1 to prevent reset of BLD bit (bit 11)
between VMRUNs. However, it preserves DR6_RTM, which is a reserved bit
on AMD processors. So, DR6_RTM bit must always be set to 1.

Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Co-developed-by: Shivansh Dhiman <shivansh.dhiman@amd.com>
Signed-off-by: Shivansh Dhiman <shivansh.dhiman@amd.com>
---
Changelog:
v2 --> v2 Resend
 * No functional changes.
 * Rebased on top of tag: kvm-x86-next-2026.06.24.

v1 --> v2
 * Rebased and used guest_cpu_cap_has() instead of guest_cpuid_has().

 v2: https://lore.kernel.org/kvm/20251121081228.426974-1-shivansh.dhiman@amd.com/
 v1: https://lore.kernel.org/all/20240808062937.1149-5-ravi.bangoria@amd.com
---
 arch/x86/kvm/svm/nested.c |  3 ++-
 arch/x86/kvm/svm/svm.c    | 17 ++++++++++++++++-
 arch/x86/kvm/svm/svm.h    |  2 +-
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index c1485c3e691c..4fdc58d38afe 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -808,7 +808,8 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm)
 
 	if (unlikely(new_vmcb12 || vmcb12_is_dirty(control, VMCB_DR))) {
 		vmcb02->save.dr7 = svm->nested.save.dr7 | DR7_FIXED_1;
-		svm->vcpu.arch.dr6  = svm->nested.save.dr6 | DR6_ACTIVE_LOW;
+		/* DR6_RTM is a reserved bit on AMD and as such must be set to 1 */
+		svm->vcpu.arch.dr6  = svm->nested.save.dr6 | DR6_FIXED_1 | DR6_RTM;
 		vmcb_mark_dirty(vmcb02, VMCB_DR);
 	}
 
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index ef69a51ab27f..b4b0fa730916 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -884,6 +884,9 @@ void svm_update_lbrv(struct kvm_vcpu *vcpu)
 			    (is_guest_mode(vcpu) && guest_cpu_cap_has(vcpu, X86_FEATURE_LBRV) &&
 			    (svm->nested.ctl.misc_ctl2 & SVM_MISC2_ENABLE_V_LBR));
 
+	/* Bus Lock Detect depends on LBR Virtualization */
+	enable_lbrv |= (svm->vmcb->save.dbgctl & DEBUGCTLMSR_BUS_LOCK_DETECT);
+
 	if (enable_lbrv && !current_enable_lbrv)
 		__svm_enable_lbrv(vcpu);
 	else if (!enable_lbrv && current_enable_lbrv)
@@ -3160,6 +3163,10 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 			data &= ~DEBUGCTLMSR_BTF;
 		}
 
+		if ((data & DEBUGCTLMSR_BUS_LOCK_DETECT) &&
+		    !guest_cpu_cap_has(vcpu, X86_FEATURE_BUS_LOCK_DETECT))
+			return 1;
+
 		if (data & DEBUGCTL_RESERVED_BITS)
 			return 1;
 
@@ -5591,9 +5598,17 @@ static __init void svm_set_cpu_caps(void)
 	 * Clear capabilities that are automatically configured by common code,
 	 * but that require explicit SVM support (that isn't yet implemented).
 	 */
-	kvm_cpu_cap_clear(X86_FEATURE_BUS_LOCK_DETECT);
 	kvm_cpu_cap_clear(X86_FEATURE_MSR_IMM);
 
+	/*
+	 * LBR Virtualization must be enabled to support BusLockTrap inside the
+	 * guest, since BusLockTrap is enabled through MSR_IA32_DEBUGCTLMSR and
+	 * MSR_IA32_DEBUGCTLMSR is virtualized only if LBR Virtualization is
+	 * enabled.
+	 */
+	if (!lbrv)
+		kvm_cpu_cap_clear(X86_FEATURE_BUS_LOCK_DETECT);
+
 	kvm_setup_xss_caps();
 	kvm_finalize_cpu_caps();
 }
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 716be21fba33..c65dc3acb5d1 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -783,7 +783,7 @@ BUILD_SVM_MSR_BITMAP_HELPERS(bool, test, test)
 BUILD_SVM_MSR_BITMAP_HELPERS(void, clear, __clear)
 BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set)
 
-#define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR)
+#define DEBUGCTL_RESERVED_BITS (~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BUS_LOCK_DETECT))
 
 /* svm.c */
 extern bool dump_invalid_vmcb;

base-commit: 50406d35f5635e1cc523e61409d57e851b5f5df8
-- 
2.43.0

Re: [RESEND PATCH v2] KVM: SVM: Add Bus Lock Detect support

[sashiko-bot]

Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] Nested DR6 fixed bits are manually calculated incorrectly, breaking architectural invariants for Bus Lock Detect.
- [Medium] L1 guests can bypass CPUID limits and enable Bus Lock Detect for L2 nested guests via the nested VMCB, even if X86_FEATURE_BUS_LOCK_DETECT is disabled for L1.
--

commit 859bd7557c537342acbc2ffe091acc01a0a180b9
Author: Ravi Bangoria <ravi.bangoria@amd.com>

KVM: SVM: Add Bus Lock Detect support

Add Bus Lock Detect support in AMD SVM. Bus Lock Detect is enabled through
MSR_IA32_DEBUGCTLMSR and MSR_IA32_DEBUGCTLMSR is virtualized only if LBR
Virtualization is enabled. Add this dependency in the SVM.

> diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
> index c1485c3e691c4..4fdc58d38afe0 100644
> --- a/arch/x86/kvm/svm/nested.c
> +++ b/arch/x86/kvm/svm/nested.c
> @@ -808,7 +808,8 @@ static void nested_vmcb02_prepare_save(struct vcpu_svm *svm)
>  
>  	if (unlikely(new_vmcb12 || vmcb12_is_dirty(control, VMCB_DR))) {
>  		vmcb02->save.dr7 = svm->nested.save.dr7 | DR7_FIXED_1;
> -		svm->vcpu.arch.dr6  = svm->nested.save.dr6 | DR6_ACTIVE_LOW;
> +		/* DR6_RTM is a reserved bit on AMD and as such must be set to 1 */
> +		svm->vcpu.arch.dr6  = svm->nested.save.dr6 | DR6_FIXED_1 | DR6_RTM;

[Severity: Medium]
Will this assignment cause an L2 guest to incorrectly observe DR6 bit 11 as 0
if the guest lacks the BUS_LOCK_DETECT feature?

By bypassing kvm_dr6_fixed(vcpu) and hardcoding DR6_FIXED_1 | DR6_RTM, it
appears KVM fails to force bit 11 (DR6_BUS_LOCK) to 1. If an untrusted
L1 guest without X86_FEATURE_BUS_LOCK_DETECT runs an L2 guest and writes 0
to bit 11 of vmcb12->save.dr6, won't the L2 guest read DR6 and incorrectly
see bit 11 as 0 instead of 1?

>  		vmcb_mark_dirty(vmcb02, VMCB_DR);
>  	}

[ ... ]

> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 716be21fba335..c65dc3acb5d1d 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -783,7 +783,7 @@ BUILD_SVM_MSR_BITMAP_HELPERS(bool, test, test)
>  BUILD_SVM_MSR_BITMAP_HELPERS(void, clear, __clear)
>  BUILD_SVM_MSR_BITMAP_HELPERS(void, set, __set)
>  
> -#define DEBUGCTL_RESERVED_BITS (~DEBUGCTLMSR_LBR)
> +#define DEBUGCTL_RESERVED_BITS (~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BUS_LOCK_DETECT))

[Severity: Medium]
Could this redefinition allow an L1 guest to bypass CPUID limits and enable
Bus Lock Detect for L2 nested guests, even if X86_FEATURE_BUS_LOCK_DETECT
is disabled for L1?

Looking at nested_vmcb02_prepare_save() in arch/x86/kvm/svm/nested.c, it
copies the nested guest's dbgctl MSR value directly into the hardware VMCB
using this mask:

	svm_copy_lbrs(&vmcb02->save, save);
	vmcb02->save.dbgctl &= ~DEBUGCTL_RESERVED_BITS;

Since this mask now allows the bus lock bit unconditionally without validating
against the L1 guest's CPUID limits, could an untrusted L1 guest with
X86_FEATURE_LBRV write DEBUGCTLMSR_BUS_LOCK_DETECT to vmcb12->save.dbgctl
and successfully enable the feature in L2?

>  
>  /* svm.c */
>  extern bool dump_invalid_vmcb;

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260629081018.60618-1-shivansh.dhiman@amd.com?part=1