On Tue, Feb 23, 2021, Like Xu wrote:
> When the processor that support model-specific LBR generates a debug
> breakpoint event, it automatically clears the LBR flag. This action
> does not clear previously stored LBR stack MSRs. (Intel SDM 17.4.2)
>
> Signed-off-by: Like Xu <like.xu@xxxxxxxxxxxxxxx>
> ---
> arch/x86/kvm/vmx/vmx.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index e0a3a9be654b..4951b535eb7f 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -4795,6 +4795,7 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
> u32 intr_info, ex_no, error_code;
> unsigned long cr2, rip, dr6;
> u32 vect_info;
> + u64 lbr_ctl;
>
> vect_info = vmx->idt_vectoring_info;
> intr_info = vmx_get_intr_info(vcpu);
> @@ -4886,6 +4887,10 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
> rip = kvm_rip_read(vcpu);
> kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip;
> kvm_run->debug.arch.exception = ex_no;
> + /* On the debug breakpoint event, the LBREn bit is cleared. */
Except this code is in BP_VECTOR, not DB_VECTOR as it should be.
When the processor generates a debug exception (#DB), it automatically clears
the LBR flag before executing the exception handler. This action does not
clear previously stored LBR stack MSRs.
> + lbr_ctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
> + if (lbr_ctl & DEBUGCTLMSR_LBR)
> + vmcs_write64(GUEST_IA32_DEBUGCTL, lbr_ctl & ~DEBUGCTLMSR_LBR);
> break;
> case AC_VECTOR:
> if (guest_inject_ac(vcpu)) {
> --
> 2.29.2
>
