KVM: VMX: Update MTF and ICEBP comments to document KVM's subtle behavior

Document the oddities of ICEBP interception (trap-like #DB is intercepted as a fault-like exception), and how using VMX's inner "skip" helper deliberately bypasses the pending MTF and single-step #DB logic. No functional change intended. Signed-off-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Link: https://lore.kernel.org/r/20220830231614.3580124-24-seanjc@google.comSigned-off-by: Paolo Bonzini <pbonzini@redhat.com>

KVM: VMX: Update MTF and ICEBP comments to document KVM's subtle behavior
Document the oddities of ICEBP interception (trap-like #DB is intercepted as a fault-like exception), and how using VMX's inner "skip" helper deliberately bypasses the pending MTF and single-step #DB logic. No functional change intended. Signed-off-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com> Link: https://lore.kernel.org/r/20220830231614.3580124-24-seanjc@google.comSigned-off-by: Paolo Bonzini <pbonzini@redhat.com>
65ec8f01 · Sean Christopherson · Paolo Bonzini · 7055fb11 · 65ec8f01
Commit 65ec8f01 authored Aug 30, 2022 by Sean Christopherson Committed by Paolo Bonzini Sep 26, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 5 deletions

arch/x86/kvm/vmx/vmx.c arch/x86/kvm/vmx/vmx.c +11 -5

No files found.
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1652,9 +1652,13 @@ static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
 	/*
 	 * Per the SDM, MTF takes priority over debug-trap exceptions besides
-	 * T-bit traps. As instruction emulation is completed (i.e. at the
+	 * TSS T-bit traps and ICEBP (INT1).  KVM doesn't emulate T-bit traps
-	 * instruction boundary), any #DB exception pending delivery must be a
+	 * or ICEBP (in the emulator proper), and skipping of ICEBP after an
-	 * debug-trap. Record the pending MTF state to be delivered in
+	 * intercepted #DB deliberately avoids single-step #DB and MTF updates
+	 * as ICEBP is higher priority than both.  As instruction emulation is
+	 * completed at this point (i.e. KVM is at the instruction boundary),
+	 * any #DB exception pending delivery must be a debug-trap of lower
+	 * priority than MTF.  Record the pending MTF state to be delivered in
 	 * vmx_check_nested_events().
 	 */
 	if (nested_cpu_has_mtf(vmcs12) &&
@@ -5139,8 +5143,10 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
 			 * instruction.  ICEBP generates a trap-like #DB, but
 			 * despite its interception control being tied to #DB,
 			 * is an instruction intercept, i.e. the VM-Exit occurs
-			 * on the ICEBP itself.  Note, skipping ICEBP also
+			 * on the ICEBP itself.  Use the inner "skip" helper to
-			 * clears STI and MOVSS blocking.
+			 * avoid single-step #DB and MTF updates, as ICEBP is
+			 * higher priority.  Note, skipping ICEBP still clears
+			 * STI and MOVSS blocking.
 			 *
 			 * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS
 			 * if single-step is enabled in RFLAGS and STI or MOVSS