Re: [PATCH for-4.22 v6] x86/svm: Support vNMI on capable hardware

[Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>]

On 5/14/26 7:56 PM, Andrew Cooper wrote:
> From: Abdelkareem Abdelsaamad <abdelkareem.abdelsaamad@xxxxxxxxxx>
>
> Starting with Zen4, AMD CPUs can virtualise NMIs for a guest.  On older
> hardware, determining when an NMI is safe to deliver is a challenge and Xen
> does not handle all corner cases correctly.
>
> With vNMI, there is an enablement bit and two new bits of state in the VMCB; a
> pending bit, and a blocked bit.  These directly map to the CPU state for
> handling NMIs, and are maintained by hardware during the running of the vCPU.
>
> When vNMI is enabled, have svm_{get,set}set_interrupt_shadow() work in terms
> of the vnmi_blocking bit rather than the IRET intercept.  This allows an
> emulated IRET instruction to re-enable NMIs.
>
> When injecting a new NMI, simply set the vnmi_pending bit; hardware will
> deliver the NMI to the guest at the next suitable juncture.
>
> One complication is that, when delivering a second NMI before the first has
> completed, the mix between common HVM logic and SVM specific logic will try to
> open an NMI window, malfunctioning as it does so.  When vNMI is enabled, short
> circuit this to not consider NMIs blocked.
>
> Signed-off-by: Abdelkareem Abdelsaamad <abdelkareem.abdelsaamad@xxxxxxxxxx>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <jbeulich@xxxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: Teddy Astie <teddy.astie@xxxxxxxxxx>
> CC: Jason Andryuk <jason.andryuk@xxxxxxx>
> CC: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
>
> For 4.22.  This is somewhat overdue and makes a concrete improvement to NMI
> handling on recent AMD hardware.
Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

Thanks.

~ Oleksii