Re: [PATCH v4 5/7] KVM: SVM: Inject MCEs when Restricted Injection is active

[Melody Wang]

Hi Tom,

On 4/28/26 12:24 PM, Tom Lendacky wrote:
> On 4/24/26 12:42, Melody Wang wrote:
> > When Restricted Injection is active, only #HV exceptions can be injected
> > into the SEV-SNP guest.
> >
> > Detect that, and then follow the #HV doorbell communication from the
> > GHCB specification to inject the MCEs.
> >
> > Co-developed-by: Thomas Lendacky <thomas.lendacky@xxxxxxx>
> > Signed-off-by: Thomas Lendacky <thomas.lendacky@xxxxxxx>
> > Signed-off-by: Melody Wang <huibo.wang@xxxxxxx>
> > ---
> >   arch/x86/include/asm/kvm-x86-ops.h |  1 +
> >   arch/x86/include/asm/kvm_host.h    |  1 +
> >   arch/x86/kvm/svm/sev.c             | 16 ++++++++++++++--
> >   arch/x86/kvm/svm/svm.c             | 17 +++++++++++++++++
> >   arch/x86/kvm/svm/svm.h             |  2 ++
> >   arch/x86/kvm/vmx/main.c            | 10 ++++++++++
> >   arch/x86/kvm/vmx/vmx.c             |  5 +++++
> >   arch/x86/kvm/vmx/x86_ops.h         |  1 +
> >   arch/x86/kvm/x86.c                 |  7 +++++++
> >   9 files changed, 58 insertions(+), 2 deletions(-)
>
>
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index 61e1e54deb07..2483357bdd97 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -5371,6 +5371,8 @@ static void __sev_snp_inject(enum inject_type type, struct kvm_vcpu *vcpu)
> >   
> >   	if (type == INJECT_NMI)
> >   		hvdb->events.nmi = 1;
> > +	else if (type == INJECT_MCE)
> > +		hvdb->events.mce = 1;
> >   	else
> >   		hvdb->events.vector = vcpu->arch.interrupt.nr;
> >   
> > @@ -5386,6 +5388,11 @@ bool sev_snp_queue_exception(struct kvm_vcpu *vcpu)
> >   	if (!sev_snp_is_rinj_active(vcpu))
> >   		return false;
> >   
> > +	if (vcpu->arch.exception.vector == MC_VECTOR) {
> > +		__sev_snp_inject(INJECT_MCE, vcpu);
> > +		return true;
> > +	}
> > +
> >   	/*
> >   	 * Restricted Injection is enabled, only #HV is supported.
> >   	 * If the vector is not HV_VECTOR, do not inject the exception,
> > @@ -5454,7 +5461,7 @@ void sev_snp_cancel_injection(struct kvm_vcpu *vcpu)
> >   
> >   	/*
> >   	 * KVM only injects a single event each time (prepare_hv_injection),
> > -	 * so when events.nmi is true, the vector will be zero
> > +	 * so when events.nmi is true, the MCE and vector will be zero.
>
> This is confusing. I think you mean to say
>
> so when events.nmi or events.mce is true, the vector will be zero.
>
> correct?
Yes, I will update the comment.

Thanks,
Melody
> Thanks,
> Tom
>
> >   	 */
> >   	if (hvdb->events.vector)
> >   		svm->vmcb->control.event_inj |= hvdb->events.vector |
> > @@ -5463,6 +5470,9 @@ void sev_snp_cancel_injection(struct kvm_vcpu *vcpu)
> >   	if (hvdb->events.nmi)
> >   		svm->vmcb->control.event_inj |= SVM_EVTINJ_TYPE_NMI;
> >   
> > +	if (hvdb->events.mce)
> > +		svm->vmcb->control.event_inj |= MC_VECTOR | SVM_EVTINJ_TYPE_EXEPT;
> > +
> >   	hvdb->events.pending_events = 0;
> >   
> >   out:

--
Thanks,
Melody