Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp837334imw; Fri, 15 Jul 2022 13:56:11 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v2vR/Xk6wnrVuPuxAoJ6IlQiVAN2PmiJg2/fmZOw1hgMHSwUHdieX85FwKHVZ15MC3BBgr X-Received: by 2002:a63:e955:0:b0:419:66f8:e331 with SMTP id q21-20020a63e955000000b0041966f8e331mr13340442pgj.585.1657918571315; Fri, 15 Jul 2022 13:56:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657918571; cv=none; d=google.com; s=arc-20160816; b=ErWegeB/yDKdQOI2CHLpiRMtmOt1TlNE8Pru4Pi/EffvWUXwtJyOkHKod0YJxKLRdg tInhL8VxeCq1fr3VXyfJc/B0kWH8XS6JuYHg2n71gO4V5HiBnVj/qsEJ+CMvnGI2AypU 66CJymJ6ASEFZxKJODidC3wZBg3Oovm1PMR77J2iD4phAdftXV221BKluqP8Kg7AO80D pLT3oaaK4onpddZ2hDELFP50XG39o5DAyCR7DeTUqCpUDVqHkLlurOte304qxsbYm6zQ GoPVMuiP3r9JmeXFeSctp419ZMKF0qqwXZYvmC+IM9VIM6roIDrRQZWonQXRvmC0Vfh3 qqhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=nsIb8iFtTFoJsIx12YO1Ne5ohqcLWZEZtrpg0fSurk8=; b=0vJlWADjLqV/pVdlZXLnf+19KFquB1enp8QelqlBF4avRBSrMFOlg3sl/CsPQc1cWY 9Mv9yQpLVI5Ka3L/o7yFIpKrwzMi4Y/lW5R2+yeM039qyB0YdeGbes5RADLmyPbXITcU X2IePnrCnw/qTRDtS5qF4Y1FGAWb2273pfhnIW3AvNDEQW3h5GWablJ7u0rA9UrWMay2 wOGvvEpAS0yOjv6RdYgdfmAZkEHToSPtqCxuOBp3Is6z41HceO9tNHR0mjptsQStEteO YTFXhPZOaFhnulY+3ZFaOahheHtmXMJsiOobubi5Qh3TzgQof1xxkGkNRrfSgDMOCJEl nlqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="TqtDZ0/Y"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jz21-20020a17090b14d500b001f06deff0afsi9433536pjb.82.2022.07.15.13.55.55; Fri, 15 Jul 2022 13:56:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="TqtDZ0/Y"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232166AbiGOUpJ (ORCPT + 99 others); Fri, 15 Jul 2022 16:45:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58324 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231828AbiGOUn3 (ORCPT ); Fri, 15 Jul 2022 16:43:29 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC7AA89EB8 for ; Fri, 15 Jul 2022 13:43:09 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id i9-20020a17090a65c900b001f03395643dso5755029pjs.9 for ; Fri, 15 Jul 2022 13:43:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=nsIb8iFtTFoJsIx12YO1Ne5ohqcLWZEZtrpg0fSurk8=; b=TqtDZ0/YZTBQAYgTO1Ot6ZtWp92pSm4JDHP2MJXuWIm5RkQUNlgGqQo/rGyBF/rhmv HAGlQxRyJ0oo4qgkVP8chYN+2edmtW2n6oJZ0F4NJ/RNgVH8IvhM+TJgSwsCj/Y/SxNg 1dMjNqqyh/1zrB0hYpAzgfEhYmsGazNBK1h11iRj6P7JC/IXftAWnj7PqZFpmbWI+cs5 NyqlYWfRygCudARXnb/Oifp0PHRNNUJNQfeKD+FpQwIo0h2Gv2A6iAWDQgYWT9pdcoLk yJ8DkigwRqJNHE3/IYDspgqj2PCVr07a6FrzEwujshVZxXaVtteESZvhzdEoE6aCRFx4 ZlHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=nsIb8iFtTFoJsIx12YO1Ne5ohqcLWZEZtrpg0fSurk8=; b=FfqCsYVrDL0bYnKM/Wq0QyjhMkl59IzQGnhj1W5Xccy/pu/U2jhT20DWscXj2W0h77 ucAqCSyS4qFxOr+MD6C++np5ZkzjLm9HGwoqAd4s6eBX6+sOi5tLuES6AihkhouVinJ3 0Wj5OUq5kdO+uEdcdMvKzMHKFZCPY6DislqLqkHf0kRMh/JnBSEHSkCzqBwfXXGSh7v5 ICjgvot3pmyFa5bOIywV4ceK4+0pCUYafz6vlsI7WYt2WMIXsadRfT9OT7omfSNMEMdf nZa6rP+RSipXeCrOvjxDDnF3676WiC8XAhJGMz9uLw+qAQA/E3yHzrEBg5ffs+QyMCIL jYAw== X-Gm-Message-State: AJIora9HdVET+nlSNjbSjBewgP+/dmeUaZ4iALsRnfIB6lL9TqozB1L4 GY11/mBQb9QSHtrRd9yhWK7zWcrS6wY= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:ba94:b0:16b:fa16:15ed with SMTP id k20-20020a170902ba9400b0016bfa1615edmr15717032pls.8.1657917789369; Fri, 15 Jul 2022 13:43:09 -0700 (PDT) Reply-To: Sean Christopherson Date: Fri, 15 Jul 2022 20:42:23 +0000 In-Reply-To: <20220715204226.3655170-1-seanjc@google.com> Message-Id: <20220715204226.3655170-22-seanjc@google.com> Mime-Version: 1.0 References: <20220715204226.3655170-1-seanjc@google.com> X-Mailer: git-send-email 2.37.0.170.g444d1eabd0-goog Subject: [PATCH v2 21/24] KVM: VMX: Update MTF and ICEBP comments to document KVM's subtle behavior From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , Maxim Levitsky , Oliver Upton , Peter Shier Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Document the oddities of ICEBP interception (trap-like #DB is intercepted as a fault-like exception), and how using VMX's inner "skip" helper deliberately bypasses the pending MTF and single-step #DB logic. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/vmx.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 5302b046110f..de6fcfa0ef02 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1578,9 +1578,13 @@ static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu) /* * Per the SDM, MTF takes priority over debug-trap exceptions besides - * T-bit traps. As instruction emulation is completed (i.e. at the - * instruction boundary), any #DB exception pending delivery must be a - * debug-trap. Record the pending MTF state to be delivered in + * TSS T-bit traps and ICEBP (INT1). KVM doesn't emulate T-bit traps + * or ICEBP (in the emulator proper), and skipping of ICEBP after an + * intercepted #DB deliberately avoids single-step #DB and MTF updates + * as ICEBP is higher priority than both. As instruction emulation is + * completed at this point (i.e. KVM is at the instruction boundary), + * any #DB exception pending delivery must be a debug-trap of lower + * priority than MTF. Record the pending MTF state to be delivered in * vmx_check_nested_events(). */ if (nested_cpu_has_mtf(vmcs12) && @@ -5084,8 +5088,10 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu) * instruction. ICEBP generates a trap-like #DB, but * despite its interception control being tied to #DB, * is an instruction intercept, i.e. the VM-Exit occurs - * on the ICEBP itself. Note, skipping ICEBP also - * clears STI and MOVSS blocking. + * on the ICEBP itself. Use the inner "skip" helper to + * avoid single-step #DB and MTF updates, as ICEBP is + * higher priority. Note, skipping ICEBP still clears + * STI and MOVSS blocking. * * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS * if single-step is enabled in RFLAGS and STI or MOVSS -- 2.37.0.170.g444d1eabd0-goog