Re: [PATCH v2 21/24] KVM: VMX: Update MTF and ICEBP comments to document KVM's subtle behavior

Maxim Levitsky <mlevitsk@xxxxxxxxxx> · Mon, 18 Jul 2022 16:05:14 +0300



On Fri, 2022-07-15 at 20:42 +0000, Sean Christopherson wrote:
> Document the oddities of ICEBP interception (trap-like #DB is intercepted
> as a fault-like exception), and how using VMX's inner "skip" helper
> deliberately bypasses the pending MTF and single-step #DB logic.
> 
> No functional change intended.
> 
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---
>  arch/x86/kvm/vmx/vmx.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 5302b046110f..de6fcfa0ef02 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -1578,9 +1578,13 @@ static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
>  
>         /*
>          * Per the SDM, MTF takes priority over debug-trap exceptions besides
> -        * T-bit traps. As instruction emulation is completed (i.e. at the
> -        * instruction boundary), any #DB exception pending delivery must be a
> -        * debug-trap. Record the pending MTF state to be delivered in
> +        * TSS T-bit traps and ICEBP (INT1).  KVM doesn't emulate T-bit traps
> +        * or ICEBP (in the emulator proper), and skipping of ICEBP after an
> +        * intercepted #DB deliberately avoids single-step #DB and MTF updates
> +        * as ICEBP is higher priority than both.  As instruction emulation is
> +        * completed at this point (i.e. KVM is at the instruction boundary),
> +        * any #DB exception pending delivery must be a debug-trap of lower
> +        * priority than MTF.  Record the pending MTF state to be delivered in
>          * vmx_check_nested_events().
>          */
>         if (nested_cpu_has_mtf(vmcs12) &&
> @@ -5084,8 +5088,10 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
>                          * instruction.  ICEBP generates a trap-like #DB, but
>                          * despite its interception control being tied to #DB,
>                          * is an instruction intercept, i.e. the VM-Exit occurs
> -                        * on the ICEBP itself.  Note, skipping ICEBP also
> -                        * clears STI and MOVSS blocking.
> +                        * on the ICEBP itself.  Use the inner "skip" helper to
> +                        * avoid single-step #DB and MTF updates, as ICEBP is
> +                        * higher priority.  Note, skipping ICEBP still clears
> +                        * STI and MOVSS blocking.
>                          *
>                          * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS
>                          * if single-step is enabled in RFLAGS and STI or MOVSS


Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>

Best regards,
	Maxim Levitsky