[PATCH v2 0/3] x86/svm: Add support for Bus Lock Threshold

[PATCH v2 0/3] x86/svm: Add support for Bus Lock Threshold

[Alejandro Vallejo]

Hi,

v1: https://lore.kernel.org/xen-devel/20260120095353.2778-1-alejandro.garciavallejo@amd.com
pipeline (in progress):
    https://gitlab.com/xen-project/people/agvallejo/xen/-/pipelines/2276726870

Original cover letter:

Bus Locks are very costly and a VM left unchecked spamming instructions that
lock the memory bus (e.g: unaligned atomic CAS) makes system perf take a
nosedive. This patch is similar to BLD of VMX, but for SVM. It configures all
VMRUNs so they automatically exit at the first encounter of a buslock event,
effectively rate-limiting them.

Cheers,
Alejandro

Alejandro Vallejo (3):
  x86/svm: Add infrastructure for Bus Lock Threshold
  x86/svm: Intercept Bus Locks for HVM guests
  CHANGELOG: Note the new SVM bus-lock intercept

 CHANGELOG.md                          |  3 +++
 xen/arch/x86/hvm/svm/svm.c            |  6 ++++++
 xen/arch/x86/hvm/svm/vmcb.c           |  3 +++
 xen/arch/x86/hvm/svm/vmcb.h           | 15 +++++++++++++--
 xen/arch/x86/include/asm/hvm/svm.h    |  2 ++
 xen/arch/x86/include/asm/perfc_defn.h |  2 +-
 6 files changed, 28 insertions(+), 3 deletions(-)


base-commit: 61204ed24ba4537d6eff56594faa5d23cacb8310
-- 
2.43.0

[PATCH v2 1/3] x86/svm: Add infrastructure for Bus Lock Threshold

[Alejandro Vallejo]

Add missing scaffolding to enable BusLock Threshold. That is:

  * Add general_intercepts_3.
  * Add missing VMEXIT
  * Adjust NPF perf counter base to immediately after the buslock counter

Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
Reviewed-by: Teddy Astie <teddy.astie@vates.tech>
---
v2:
  * s/general intercepts 2/general intercepts 3/
  * removed _thresh suffix
  * added missing _svm_ infix in the SVM feature
---
 xen/arch/x86/hvm/svm/vmcb.h           | 15 +++++++++++++--
 xen/arch/x86/include/asm/hvm/svm.h    |  2 ++
 xen/arch/x86/include/asm/perfc_defn.h |  2 +-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
index ba554a9644..231f9b1b06 100644
--- a/xen/arch/x86/hvm/svm/vmcb.h
+++ b/xen/arch/x86/hvm/svm/vmcb.h
@@ -65,6 +65,11 @@ enum GenericIntercept2bits
     GENERAL2_INTERCEPT_RDPRU   = 1 << 14,
 };
 
+/* general 3 intercepts */
+enum GenericIntercept3bits
+{
+    GENERAL3_INTERCEPT_BUS_LOCK_THRESH = 1 << 5,
+};
 
 /* control register intercepts */
 enum CRInterceptBits
@@ -289,6 +294,7 @@ enum VMEXIT_EXITCODE
     VMEXIT_MWAIT_CONDITIONAL= 140, /* 0x8c */
     VMEXIT_XSETBV           = 141, /* 0x8d */
     VMEXIT_RDPRU            = 142, /* 0x8e */
+    VMEXIT_BUS_LOCK         = 165, /* 0xa5 */
     /* Remember to also update VMEXIT_NPF_PERFC! */
     VMEXIT_NPF              = 1024, /* 0x400, nested paging fault */
     /* Remember to also update SVM_PERF_EXIT_REASON_SIZE! */
@@ -405,7 +411,8 @@ struct vmcb_struct {
     u32 _exception_intercepts;  /* offset 0x08 - cleanbit 0 */
     u32 _general1_intercepts;   /* offset 0x0C - cleanbit 0 */
     u32 _general2_intercepts;   /* offset 0x10 - cleanbit 0 */
-    u32 res01[10];
+    u32 _general3_intercepts;   /* offset 0x14 - cleanbit 0 */
+    u32 res01[9];
     u16 _pause_filter_thresh;   /* offset 0x3C - cleanbit 0 */
     u16 _pause_filter_count;    /* offset 0x3E - cleanbit 0 */
     u64 _iopm_base_pa;          /* offset 0x40 - cleanbit 1 */
@@ -489,7 +496,10 @@ struct vmcb_struct {
     u64 nextrip;                /* offset 0xC8 */
     u8  guest_ins_len;          /* offset 0xD0 */
     u8  guest_ins[15];          /* offset 0xD1 */
-    u64 res10a[100];            /* offset 0xE0 pad to save area */
+    u64 res10a[8];              /* offset 0xE0 */
+    u16 bus_lock_thresh;        /* offset 0x120 */
+    u16 res10b[3];              /* offset 0x122 */
+    u64 res10c[91];             /* offset 0x128 pad to save area */
 
     union {
         struct segment_register sreg[6];
@@ -583,6 +593,7 @@ VMCB_ACCESSORS(dr_intercepts, intercepts)
 VMCB_ACCESSORS(exception_intercepts, intercepts)
 VMCB_ACCESSORS(general1_intercepts, intercepts)
 VMCB_ACCESSORS(general2_intercepts, intercepts)
+VMCB_ACCESSORS(general3_intercepts, intercepts)
 VMCB_ACCESSORS(pause_filter_count, intercepts)
 VMCB_ACCESSORS(pause_filter_thresh, intercepts)
 VMCB_ACCESSORS(tsc_offset, intercepts)
diff --git a/xen/arch/x86/include/asm/hvm/svm.h b/xen/arch/x86/include/asm/hvm/svm.h
index a6d7e4aed3..15f0268be7 100644
--- a/xen/arch/x86/include/asm/hvm/svm.h
+++ b/xen/arch/x86/include/asm/hvm/svm.h
@@ -37,6 +37,7 @@ extern u32 svm_feature_flags;
 #define SVM_FEATURE_VGIF          16 /* Virtual GIF */
 #define SVM_FEATURE_SSS           19 /* NPT Supervisor Shadow Stacks */
 #define SVM_FEATURE_SPEC_CTRL     20 /* MSR_SPEC_CTRL virtualisation */
+#define SVM_FEATURE_BUS_LOCK      29 /* Bus Lock Threshold */
 
 static inline bool cpu_has_svm_feature(unsigned int feat)
 {
@@ -56,6 +57,7 @@ static inline bool cpu_has_svm_feature(unsigned int feat)
 #define cpu_has_svm_vloadsave cpu_has_svm_feature(SVM_FEATURE_VLOADSAVE)
 #define cpu_has_svm_sss       cpu_has_svm_feature(SVM_FEATURE_SSS)
 #define cpu_has_svm_spec_ctrl cpu_has_svm_feature(SVM_FEATURE_SPEC_CTRL)
+#define cpu_has_svm_bus_lock  cpu_has_svm_feature(SVM_FEATURE_BUS_LOCK)
 
 #define MSR_INTERCEPT_NONE    0
 #define MSR_INTERCEPT_READ    1
diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h
index d6127cb91e..ac7439b992 100644
--- a/xen/arch/x86/include/asm/perfc_defn.h
+++ b/xen/arch/x86/include/asm/perfc_defn.h
@@ -7,7 +7,7 @@ PERFCOUNTER_ARRAY(exceptions,           "exceptions", 32)
 #ifdef CONFIG_HVM
 
 #define VMX_PERF_EXIT_REASON_SIZE 76
-#define VMEXIT_NPF_PERFC 143
+#define VMEXIT_NPF_PERFC 166
 #define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1)
 PERFCOUNTER_ARRAY(vmexits,              "vmexits",
                   MAX(VMX_PERF_EXIT_REASON_SIZE, SVM_PERF_EXIT_REASON_SIZE))
-- 
2.43.0

[PATCH v2 2/3] x86/svm: Intercept Bus Locks for HVM guests

[Alejandro Vallejo]

Configure the Bus Lock intercept when supported by the host. The
VMCB counter is initialised to zero so it fires upon the first
instruction that locks the bus. On the #VMEXIT handler that counter
is set to 1 because it has fault behaviour and the offending instruction
needs to re-execute.

Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
---
v2:
 * Moved the P() call to this patch. We don't want to print until
   the feature is fully supported.
 * Removed the initialisation of the counter to 1 in vmcb.c, so it's
   implicitly zero-initialised.
---
 xen/arch/x86/hvm/svm/svm.c  | 6 ++++++
 xen/arch/x86/hvm/svm/vmcb.c | 3 +++
 xen/arch/x86/hvm/svm/vmcb.h | 4 ++--
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 5d23603fc1..abda5a9063 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2524,6 +2524,7 @@ const struct hvm_function_table * __init start_svm(void)
     P(cpu_has_tsc_ratio, "TSC Rate MSR");
     P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack");
     P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation");
+    P(cpu_has_svm_bus_lock, "BusLock-Intercept Filter");
 #undef P
 
     if ( !printed )
@@ -3087,6 +3088,11 @@ void asmlinkage svm_vmexit_handler(void)
         break;
     }
 
+    case VMEXIT_BUS_LOCK:
+        perfc_incr(buslock);
+        vmcb->bus_lock_count = 1;
+        break;
+
     default:
     unexpected_exit_type:
         gprintk(XENLOG_ERR, "Unexpected vmexit: reason %#"PRIx64", "
diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index cbee10d046..15223a693e 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -66,6 +66,9 @@ static int construct_vmcb(struct vcpu *v)
         GENERAL2_INTERCEPT_XSETBV      | GENERAL2_INTERCEPT_ICEBP       |
         GENERAL2_INTERCEPT_RDPRU;
 
+    if ( cpu_has_svm_bus_lock )
+        vmcb->_general3_intercepts |= GENERAL3_INTERCEPT_BUS_LOCK;
+
     /* Intercept all debug-register writes. */
     vmcb->_dr_intercepts = ~0u;
 
diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
index 231f9b1b06..68cf5eaf0b 100644
--- a/xen/arch/x86/hvm/svm/vmcb.h
+++ b/xen/arch/x86/hvm/svm/vmcb.h
@@ -68,7 +68,7 @@ enum GenericIntercept2bits
 /* general 3 intercepts */
 enum GenericIntercept3bits
 {
-    GENERAL3_INTERCEPT_BUS_LOCK_THRESH = 1 << 5,
+    GENERAL3_INTERCEPT_BUS_LOCK = 1 << 5,
 };
 
 /* control register intercepts */
@@ -497,7 +497,7 @@ struct vmcb_struct {
     u8  guest_ins_len;          /* offset 0xD0 */
     u8  guest_ins[15];          /* offset 0xD1 */
     u64 res10a[8];              /* offset 0xE0 */
-    u16 bus_lock_thresh;        /* offset 0x120 */
+    u16 bus_lock_count;         /* offset 0x120 */
     u16 res10b[3];              /* offset 0x122 */
     u64 res10c[91];             /* offset 0x128 pad to save area */
 
-- 
2.43.0

[PATCH v2 3/3] CHANGELOG: Note the new SVM bus-lock intercept

[Alejandro Vallejo]

Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53d92a2597..07c1745f22 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Changed
 
 ### Added
+ - On x86:
+     - AMD bus-lock detect, used by Xen to mitigate (by rate-limiting) the
+       system wide impact of an HVM guest misusing atomic instructions.
 
 ### Removed
  - On x86:
-- 
2.43.0

Re: [PATCH v2 1/3] x86/svm: Add infrastructure for Bus Lock Threshold

[Alejandro Vallejo]

On Wed Jan 21, 2026 at 3:28 PM CET, Alejandro Vallejo wrote:
> Add missing scaffolding to enable BusLock Threshold. That is:
>
>   * Add general_intercepts_3.
>   * Add missing VMEXIT
>   * Adjust NPF perf counter base to immediately after the buslock counter
>
> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
> Reviewed-by: Teddy Astie <teddy.astie@vates.tech>
> ---
> v2:
>   * s/general intercepts 2/general intercepts 3/
>   * removed _thresh suffix
>   * added missing _svm_ infix in the SVM feature
> ---
>  xen/arch/x86/hvm/svm/vmcb.h           | 15 +++++++++++++--
>  xen/arch/x86/include/asm/hvm/svm.h    |  2 ++
>  xen/arch/x86/include/asm/perfc_defn.h |  2 +-
>  3 files changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
> index ba554a9644..231f9b1b06 100644
> --- a/xen/arch/x86/hvm/svm/vmcb.h
> +++ b/xen/arch/x86/hvm/svm/vmcb.h
> @@ -65,6 +65,11 @@ enum GenericIntercept2bits
>      GENERAL2_INTERCEPT_RDPRU   = 1 << 14,
>  };
>  
> +/* general 3 intercepts */

I had already sent v2 by the time I noticed the request to capitalise G. Feel
free to fix on commit or let me know to resend.

Cheers,
Alejandro

Re: [PATCH v2 2/3] x86/svm: Intercept Bus Locks for HVM guests

[Andrew Cooper]

On 21/01/2026 2:28 pm, Alejandro Vallejo wrote:
> Configure the Bus Lock intercept when supported by the host.

"which is available on Zen4 and later".

(I think ?)


> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
> index 5d23603fc1..abda5a9063 100644
> --- a/xen/arch/x86/hvm/svm/svm.c
> +++ b/xen/arch/x86/hvm/svm/svm.c
> @@ -2524,6 +2524,7 @@ const struct hvm_function_table * __init start_svm(void)
>      P(cpu_has_tsc_ratio, "TSC Rate MSR");
>      P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack");
>      P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation");
> +    P(cpu_has_svm_bus_lock, "BusLock-Intercept Filter");

"Bus Lock Filter".  The Intercept part isn't terribly useful.

>  #undef P
>  
>      if ( !printed )
> @@ -3087,6 +3088,11 @@ void asmlinkage svm_vmexit_handler(void)
>          break;
>      }
>  
> +    case VMEXIT_BUS_LOCK:
> +        perfc_incr(buslock);
> +        vmcb->bus_lock_count = 1;
> +        break;

This needs an explanation of the behaviour.

/* This is a fault and blocked the Bus Lock inducing action.  We're only
interested in rate limiting the guest, so credit it one "lock" in order
to re-execute the instruction. */

> +
>      default:
>      unexpected_exit_type:
>          gprintk(XENLOG_ERR, "Unexpected vmexit: reason %#"PRIx64", "
> diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
> index cbee10d046..15223a693e 100644
> --- a/xen/arch/x86/hvm/svm/vmcb.c
> +++ b/xen/arch/x86/hvm/svm/vmcb.c
> @@ -66,6 +66,9 @@ static int construct_vmcb(struct vcpu *v)
>          GENERAL2_INTERCEPT_XSETBV      | GENERAL2_INTERCEPT_ICEBP       |
>          GENERAL2_INTERCEPT_RDPRU;
>  
> +    if ( cpu_has_svm_bus_lock )
> +        vmcb->_general3_intercepts |= GENERAL3_INTERCEPT_BUS_LOCK;
> +

This wants a justification for why it's unconditional.  Something like:

/* Well behaved logic shouldn't ever Bus Lock, but we care about rate
limiting buggy/malicious cases. */


>      /* Intercept all debug-register writes. */
>      vmcb->_dr_intercepts = ~0u;
>  
> diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
> index 231f9b1b06..68cf5eaf0b 100644
> --- a/xen/arch/x86/hvm/svm/vmcb.h
> +++ b/xen/arch/x86/hvm/svm/vmcb.h
> @@ -68,7 +68,7 @@ enum GenericIntercept2bits
>  /* general 3 intercepts */
>  enum GenericIntercept3bits
>  {
> -    GENERAL3_INTERCEPT_BUS_LOCK_THRESH = 1 << 5,
> +    GENERAL3_INTERCEPT_BUS_LOCK = 1 << 5,
>  };
>  
>  /* control register intercepts */
> @@ -497,7 +497,7 @@ struct vmcb_struct {
>      u8  guest_ins_len;          /* offset 0xD0 */
>      u8  guest_ins[15];          /* offset 0xD1 */
>      u64 res10a[8];              /* offset 0xE0 */
> -    u16 bus_lock_thresh;        /* offset 0x120 */
> +    u16 bus_lock_count;         /* offset 0x120 */
>      u16 res10b[3];              /* offset 0x122 */
>      u64 res10c[91];             /* offset 0x128 pad to save area */
>  

Both of these hunks want moving into the prior patch, which resolves one
of my concerns there.

All can be fixed on commit.

~Andrew

Re: [PATCH v2 2/3] x86/svm: Intercept Bus Locks for HVM guests

[Alejandro Vallejo]

On Wed Jan 21, 2026 at 4:35 PM CET, Andrew Cooper wrote:
> On 21/01/2026 2:28 pm, Alejandro Vallejo wrote:
>> Configure the Bus Lock intercept when supported by the host.
>
> "which is available on Zen4 and later".
>
> (I think ?)

I don't mind the addition, but does it really matter for the purposes of the
commit message?

>
>
>> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
>> index 5d23603fc1..abda5a9063 100644
>> --- a/xen/arch/x86/hvm/svm/svm.c
>> +++ b/xen/arch/x86/hvm/svm/svm.c
>> @@ -2524,6 +2524,7 @@ const struct hvm_function_table * __init start_svm(void)
>>      P(cpu_has_tsc_ratio, "TSC Rate MSR");
>>      P(cpu_has_svm_sss, "NPT Supervisor Shadow Stack");
>>      P(cpu_has_svm_spec_ctrl, "MSR_SPEC_CTRL virtualisation");
>> +    P(cpu_has_svm_bus_lock, "BusLock-Intercept Filter");
>
> "Bus Lock Filter".  The Intercept part isn't terribly useful.

sure

>
>>  #undef P
>>  
>>      if ( !printed )
>> @@ -3087,6 +3088,11 @@ void asmlinkage svm_vmexit_handler(void)
>>          break;
>>      }
>>  
>> +    case VMEXIT_BUS_LOCK:
>> +        perfc_incr(buslock);
>> +        vmcb->bus_lock_count = 1;
>> +        break;
>
> This needs an explanation of the behaviour.
>
> /* This is a fault and blocked the Bus Lock inducing action.  We're only
> interested in rate limiting the guest, so credit it one "lock" in order
> to re-execute the instruction. */

fair

>
>> +
>>      default:
>>      unexpected_exit_type:
>>          gprintk(XENLOG_ERR, "Unexpected vmexit: reason %#"PRIx64", "
>> diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
>> index cbee10d046..15223a693e 100644
>> --- a/xen/arch/x86/hvm/svm/vmcb.c
>> +++ b/xen/arch/x86/hvm/svm/vmcb.c
>> @@ -66,6 +66,9 @@ static int construct_vmcb(struct vcpu *v)
>>          GENERAL2_INTERCEPT_XSETBV      | GENERAL2_INTERCEPT_ICEBP       |
>>          GENERAL2_INTERCEPT_RDPRU;
>>  
>> +    if ( cpu_has_svm_bus_lock )
>> +        vmcb->_general3_intercepts |= GENERAL3_INTERCEPT_BUS_LOCK;
>> +
>
> This wants a justification for why it's unconditional.  Something like:
>
> /* Well behaved logic shouldn't ever Bus Lock, but we care about rate
> limiting buggy/malicious cases. */
>
>
>>      /* Intercept all debug-register writes. */
>>      vmcb->_dr_intercepts = ~0u;
>>  
>> diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
>> index 231f9b1b06..68cf5eaf0b 100644
>> --- a/xen/arch/x86/hvm/svm/vmcb.h
>> +++ b/xen/arch/x86/hvm/svm/vmcb.h
>> @@ -68,7 +68,7 @@ enum GenericIntercept2bits
>>  /* general 3 intercepts */
>>  enum GenericIntercept3bits
>>  {
>> -    GENERAL3_INTERCEPT_BUS_LOCK_THRESH = 1 << 5,
>> +    GENERAL3_INTERCEPT_BUS_LOCK = 1 << 5,
>>  };
>>  
>>  /* control register intercepts */
>> @@ -497,7 +497,7 @@ struct vmcb_struct {
>>      u8  guest_ins_len;          /* offset 0xD0 */
>>      u8  guest_ins[15];          /* offset 0xD1 */
>>      u64 res10a[8];              /* offset 0xE0 */
>> -    u16 bus_lock_thresh;        /* offset 0x120 */
>> +    u16 bus_lock_count;         /* offset 0x120 */
>>      u16 res10b[3];              /* offset 0x122 */
>>      u64 res10c[91];             /* offset 0x128 pad to save area */
>>  
>
> Both of these hunks want moving into the prior patch, which resolves one
> of my concerns there.

Damn it. Needless to say, this not where I meant them to be.

>
> All can be fixed on commit.

thanks.

>
> ~Andrew

Cheers,
alejandro

Re: [PATCH v2 1/3] x86/svm: Add infrastructure for Bus Lock Threshold

[Andrew Cooper]

On 21/01/2026 2:28 pm, Alejandro Vallejo wrote:
> Add missing scaffolding to enable BusLock Threshold. That is:
>
>   * Add general_intercepts_3.
>   * Add missing VMEXIT
>   * Adjust NPF perf counter base to immediately after the buslock counter
>
> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
> Reviewed-by: Teddy Astie <teddy.astie@vates.tech>
> ---
> v2:
>   * s/general intercepts 2/general intercepts 3/
>   * removed _thresh suffix
>   * added missing _svm_ infix in the SVM feature
> ---
>  xen/arch/x86/hvm/svm/vmcb.h           | 15 +++++++++++++--
>  xen/arch/x86/include/asm/hvm/svm.h    |  2 ++
>  xen/arch/x86/include/asm/perfc_defn.h |  2 +-
>  3 files changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/xen/arch/x86/hvm/svm/vmcb.h b/xen/arch/x86/hvm/svm/vmcb.h
> index ba554a9644..231f9b1b06 100644
> --- a/xen/arch/x86/hvm/svm/vmcb.h
> +++ b/xen/arch/x86/hvm/svm/vmcb.h
> @@ -65,6 +65,11 @@ enum GenericIntercept2bits
>      GENERAL2_INTERCEPT_RDPRU   = 1 << 14,
>  };
>  
> +/* general 3 intercepts */

All these comments are useless.  I'll do a prep patch to delete them, so
they can't be used as a source of patch nitpicking.

> +enum GenericIntercept3bits
> +{
> +    GENERAL3_INTERCEPT_BUS_LOCK_THRESH = 1 << 5,
> +};
>  
>  /* control register intercepts */
>  enum CRInterceptBits
> @@ -289,6 +294,7 @@ enum VMEXIT_EXITCODE
>      VMEXIT_MWAIT_CONDITIONAL= 140, /* 0x8c */
>      VMEXIT_XSETBV           = 141, /* 0x8d */
>      VMEXIT_RDPRU            = 142, /* 0x8e */
> +    VMEXIT_BUS_LOCK         = 165, /* 0xa5 */
>      /* Remember to also update VMEXIT_NPF_PERFC! */
>      VMEXIT_NPF              = 1024, /* 0x400, nested paging fault */
>      /* Remember to also update SVM_PERF_EXIT_REASON_SIZE! */
> @@ -405,7 +411,8 @@ struct vmcb_struct {
>      u32 _exception_intercepts;  /* offset 0x08 - cleanbit 0 */
>      u32 _general1_intercepts;   /* offset 0x0C - cleanbit 0 */
>      u32 _general2_intercepts;   /* offset 0x10 - cleanbit 0 */
> -    u32 res01[10];
> +    u32 _general3_intercepts;   /* offset 0x14 - cleanbit 0 */
> +    u32 res01[9];
>      u16 _pause_filter_thresh;   /* offset 0x3C - cleanbit 0 */
>      u16 _pause_filter_count;    /* offset 0x3E - cleanbit 0 */
>      u64 _iopm_base_pa;          /* offset 0x40 - cleanbit 1 */
> @@ -489,7 +496,10 @@ struct vmcb_struct {
>      u64 nextrip;                /* offset 0xC8 */
>      u8  guest_ins_len;          /* offset 0xD0 */
>      u8  guest_ins[15];          /* offset 0xD1 */
> -    u64 res10a[100];            /* offset 0xE0 pad to save area */
> +    u64 res10a[8];              /* offset 0xE0 */
> +    u16 bus_lock_thresh;        /* offset 0x120 */
> +    u16 res10b[3];              /* offset 0x122 */
> +    u64 res10c[91];             /* offset 0x128 pad to save area */
>  

This wants a matching hunk:

diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c
index cbee10d0463d..8734fd2bca11 100644
--- a/xen/arch/x86/hvm/svm/vmcb.c
+++ b/xen/arch/x86/hvm/svm/vmcb.c
@@ -430,9 +430,14 @@ static void __init __maybe_unused build_assertions(void)
 
     /* Build-time check of the VMCB layout. */
     BUILD_BUG_ON(sizeof(vmcb) != PAGE_SIZE);
+
+    /* Control area */
     BUILD_BUG_ON(offsetof(typeof(vmcb), _pause_filter_thresh) != 0x03c);
     BUILD_BUG_ON(offsetof(typeof(vmcb), _vintr)               != 0x060);
     BUILD_BUG_ON(offsetof(typeof(vmcb), event_inj)            != 0x0a8);
+    BUILD_BUG_ON(offsetof(typeof(vmcb), bus_lock_count)       != 0x120);
+
+    /* State Save area */
     BUILD_BUG_ON(offsetof(typeof(vmcb), es)                   != 0x400);
     BUILD_BUG_ON(offsetof(typeof(vmcb), _cpl)                 != 0x4cb);
     BUILD_BUG_ON(offsetof(typeof(vmcb), _cr4)                 != 0x548);



Despite all the comments, it's very easy to res[] arrays wrong when
splitting them like this.

I can fold on commit.

~Andrew

Re: [PATCH v2 3/3] CHANGELOG: Note the new SVM bus-lock intercept

[Andrew Cooper]

On 21/01/2026 2:28 pm, Alejandro Vallejo wrote:
> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
> ---
>  CHANGELOG.md | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/CHANGELOG.md b/CHANGELOG.md
> index 53d92a2597..07c1745f22 100644
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -9,6 +9,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
>  ### Changed
>  
>  ### Added
> + - On x86:
> +     - AMD bus-lock detect, used by Xen to mitigate (by rate-limiting) the
> +       system wide impact of an HVM guest misusing atomic instructions.
>  

A little too much copy&paste from the SPR section.  This wants
unindenting by one level.

Also, this text most importantly needs to identify which hardware the
feature exists in.  I've reworked it to:

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 53d92a259731..9c3bf0411ccc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,10 @@ The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Changed
 
 ### Added
+ - On x86:
+   - Support for Bus Lock Threshold on AMD Zen5 and later CPUs, used by
Xen to
+     mitigate (by rate-limiting) the system wide impact of an HVM guest
+     misusing atomic instructions.
 
 ### Removed
  - On x86:


The internet suggests that it's Zen5 rather than Zen4.

Also I personally put the CHANGELOG update in the commit which finally
implements the feature, rather than doing it after the fact.  This is
more helpful when git blame-ing CHANGELOG to find things.

~Andrew

Re: [PATCH v2 3/3] CHANGELOG: Note the new SVM bus-lock intercept

[Alejandro Vallejo]

On Wed Jan 21, 2026 at 7:36 PM CET, Andrew Cooper wrote:
> On 21/01/2026 2:28 pm, Alejandro Vallejo wrote:
>> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
>> ---
>>  CHANGELOG.md | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/CHANGELOG.md b/CHANGELOG.md
>> index 53d92a2597..07c1745f22 100644
>> --- a/CHANGELOG.md
>> +++ b/CHANGELOG.md
>> @@ -9,6 +9,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
>>  ### Changed
>>  
>>  ### Added
>> + - On x86:
>> +     - AMD bus-lock detect, used by Xen to mitigate (by rate-limiting) the
>> +       system wide impact of an HVM guest misusing atomic instructions.
>>  
>
> A little too much copy&paste from the SPR section.  This wants
> unindenting by one level.
>
> Also, this text most importantly needs to identify which hardware the
> feature exists in.  I've reworked it to:
>
> diff --git a/CHANGELOG.md b/CHANGELOG.md
> index 53d92a259731..9c3bf0411ccc 100644
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -9,6 +9,10 @@ The format is based on [Keep a
> Changelog](https://keepachangelog.com/en/1.0.0/)
>  ### Changed
>  
>  ### Added
> + - On x86:
> +   - Support for Bus Lock Threshold on AMD Zen5 and later CPUs, used by
> Xen to
> +     mitigate (by rate-limiting) the system wide impact of an HVM guest
> +     misusing atomic instructions.
>  
>  ### Removed
>   - On x86:
>
>
> The internet suggests that it's Zen5 rather than Zen4.
>
> Also I personally put the CHANGELOG update in the commit which finally
> implements the feature, rather than doing it after the fact.  This is
> more helpful when git blame-ing CHANGELOG to find things.
>
> ~Andrew

Sure, fixing up the prior patch sounds good to me.

Cheers,
Alejandro