Re: [PATCH v3 1/1] x86/mce/amd: Guard SMCA DESTAT access on non-SMCA machines

[Borislav Petkov]

On Tue, Mar 17, 2026 at 02:38:58PM +0100, William Roche wrote:
> On 3/17/26 14:32, Borislav Petkov wrote:
> > On Tue, Mar 17, 2026 at 10:38:10AM +0000, “William Roche wrote:
> > > From: William Roche <william.roche@xxxxxxxxxx>
> > > 
> > > Access to SMCA specific registers like MCA_DESTAT should only be done
> > > after having checked the smca bit. Avoiding a non-SMCA machine (like
> > > AMD QEMU/KVM VMs) crash during deferred error handling.
> > 
> > Not good enough. I rewrote it to:
> > 
> > Author: William Roche <william.roche@xxxxxxxxxx>
> > Date:   Tue Mar 17 10:38:10 2026 +0000
> >      x86/mce/amd: Check SMCA feature bit before accessing SMCA MSRs
> >      People do effort to inject MCEs into guests in order to simulate/test handling
> >      of real hardware errors. These efforts are of a questionable nature because,
> >      for one, a guest cannot really make any assumptions about the underlying
> >      machine and especially which MSR accesses the hypervisor filters and
> >      which it doesn't. See Link tag for the whole background.
> >      However, regardless of virtualization or not, access to SMCA-specific
> >      registers like MCA_DESTAT should only be done after having checked the smca
> >      feature bit. And there are AMD machines like Bulldozer (the one before Zen1)
> >      which do support deferred errors but are not SMCA machines.
> >      Therefore, properly check the feature bit before accessing related MSRs.
> >        [ bp: Rewrite commit message. ]
> >      Fixes: 7cb735d7c0cb ("x86/mce: Unify AMD DFR handler with MCA Polling")
> >      Signed-off-by: William Roche <william.roche@xxxxxxxxxx>
> >      Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
> >      Reviewed-by: Yazen Ghannam <yazen.ghannam@xxxxxxx>
> >      Cc: stable@xxxxxxxxxxxxxxx
> >      Link: https://lore.kernel.org/r/20260218163025.1316501-1-william.roche@xxxxxxxxxx
> 
> Thank you.

Rewrote it again after talking to Yazen. A patch needs to have the proper
justification why it exists!

x86/mce/amd: Check SMCA feature bit before accessing SMCA MSRs

People do effort to inject MCEs into guests in order to simulate/test
handling of hardware errors. The real use case behind it is testing the
handling of SIGBUS which the memory failure code sends to the process.
 
If that process is QEMU, instead of killing the whole guest, the MCE can
be injected into the guest kernel so that latter can attempt proper
handling and kill the user *process*  in the guest, instead, which 
caused the MCE. The assumption being here that the whole injection flow
can supply enough information that the guest kernel can poinpoint the
right process. But that's a different topic...
 
Regardless of virtualization or not, access to SMCA-specific registers
like MCA_DESTAT should only be done after having checked the smca
feature bit. And there are AMD machines like Bulldozer (the one before
Zen1) which do support deferred errors but are not SMCA machines.
 
Therefore, properly check the feature bit before accessing related MSRs.
 
  [ bp: Rewrite commit message. ]


-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette