From nobody Tue Apr  7 06:55:05 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 690EBECAAA1
	for <linux-kernel@archiver.kernel.org>; Tue, 30 Aug 2022 23:17:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231431AbiH3XRk (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 30 Aug 2022 19:17:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38862 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231795AbiH3XQr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 30 Aug 2022 19:16:47 -0400
Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com
 [IPv6:2607:f8b0:4864:20::64a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBA016BCF2
        for <linux-kernel@vger.kernel.org>;
 Tue, 30 Aug 2022 16:16:22 -0700 (PDT)
Received: by mail-pl1-x64a.google.com with SMTP id
 q6-20020a17090311c600b0017266460b8fso8763052plh.4
        for <linux-kernel@vger.kernel.org>;
 Tue, 30 Aug 2022 16:16:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc;
        bh=Mh9I+JSjtQjMTePFCwYbFYKBb/UOzkx18CwX/puQayY=;
        b=b1q1QQ4hrOfrbYEtpy2NkDBcAcbbfMYmT/fY1WwkyNSFMjAozfijLm6XzZA6JQMTzz
         aAmfoOaBs1XKxk5IgrD2mRkHfbjzebx/tis9Q89UvMOGgSKksqPK8fn7YDmkBtiCc9Cs
         n/E//Vxa8YG7s4TeHEDpzp3JgEpFz92AMkBHOJmbNIQy3yR0l+osHWJsGJcwSHWBjmTw
         RFAwXbn6QNxSmTOTj8uruEVUeGL1FJHcwfE5mGRKAlsChFrSD2k4X1MT5WaliTihBAZm
         VsrRO6ZeomETA1TnxUwKH6SRy/ufq3xU98IuKMwVaAu1HrV9lO6kDJiTjQQ3UZ43iNKA
         qPVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc;
        bh=Mh9I+JSjtQjMTePFCwYbFYKBb/UOzkx18CwX/puQayY=;
        b=V2sYtCYFA8LYMP+mmDqwyy34hBdjvILpQXcrQiDKHFkF9xtYWZbiZhfptethOWTi/h
         TCPLx3f1+avAfyYXuwX+WVuxldyT+hYzNxGMOYtj23baevqTHQNPbWWwaohpSO7U3CLQ
         hb3UtGrBZDghxVsJxqd0bQ7Od251ZrpfEEXmkpGC5+btmzX9SUqc2h6NseoQx9bXly2Q
         v0D7hjlsdJfPqvJvBRiwhV8mp1X9c3ns/nY8vRG3lbS99Qqp+LOkTkJ4FXXRl4EcTGOF
         ODori1APKD5Ik/MtSUWaFiGYYDy9Og6ilQP7VFP7bm4MosaYV/4HuFUx1IqYh94moUOJ
         xIlQ==
X-Gm-Message-State: ACgBeo0VVKs5EErsZnnC86qyizNQwnoBTlbBvs1jakqzK31OQSmR7lXS
        h7Dx4yuY7utSl30KZRg8HYOI1TmzCnI=
X-Google-Smtp-Source: 
 AA6agR5ZXNMSxVy2nO07PEqB0rsk6xgiev+DGTd8hj8k9d4mvJC+KST/4NEANGNvwwPDv321ttXfwjotZFY=
X-Received: from zagreus.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:902:d50c:b0:175:2cb2:e0e7 with SMTP id
 b12-20020a170902d50c00b001752cb2e0e7mr3760462plg.157.1661901381865; Tue, 30
 Aug 2022 16:16:21 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Tue, 30 Aug 2022 23:15:50 +0000
In-Reply-To: <20220830231614.3580124-1-seanjc@google.com>
Mime-Version: 1.0
References: <20220830231614.3580124-1-seanjc@google.com>
X-Mailer: git-send-email 2.37.2.672.g94769d06f0-goog
Message-ID: <20220830231614.3580124-4-seanjc@google.com>
Subject: [PATCH v5 03/27] KVM: x86: Don't check for code breakpoints when
 emulating on exception
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        Jim Mattson <jmattson@google.com>,
        Maxim Levitsky <mlevitsk@redhat.com>,
        Oliver Upton <oupton@google.com>,
        Peter Shier <pshier@google.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Don't check for code breakpoints during instruction emulation if the
emulation was triggered by exception interception.  Code breakpoints are
the highest priority fault-like exception, and KVM only emulates on
exceptions that are fault-like.  Thus, if hardware signaled a different
exception, then the vCPU is already passed the stage of checking for
hardware breakpoints.

This is likely a glorified nop in terms of functionality, and is more for
clarification and is technically an optimization.  Intel's SDM explicitly
states vmcs.GUEST_RFLAGS.RF on exception interception is the same as the
value that would have been saved on the stack had the exception not been
intercepted, i.e. will be '1' due to all fault-like exceptions setting RF
to '1'.  AMD says "guest state saved ... is the processor state as of the
moment the intercept triggers", but that begs the question, "when does
the intercept trigger?".

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 arch/x86/kvm/x86.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d7374d768296..fead0e8cd3e3 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8535,8 +8535,29 @@ int kvm_skip_emulated_instruction(struct kvm_vcpu *v=
cpu)
 }
 EXPORT_SYMBOL_GPL(kvm_skip_emulated_instruction);
=20
-static bool kvm_vcpu_check_code_breakpoint(struct kvm_vcpu *vcpu, int *r)
+static bool kvm_vcpu_check_code_breakpoint(struct kvm_vcpu *vcpu,
+					   int emulation_type, int *r)
 {
+	WARN_ON_ONCE(emulation_type & EMULTYPE_NO_DECODE);
+
+	/*
+	 * Do not check for code breakpoints if hardware has already done the
+	 * checks, as inferred from the emulation type.  On NO_DECODE and SKIP,
+	 * the instruction has passed all exception checks, and all intercepted
+	 * exceptions that trigger emulation have lower priority than code
+	 * breakpoints, i.e. the fact that the intercepted exception occurred
+	 * means any code breakpoints have already been serviced.
+	 *
+	 * Note, KVM needs to check for code #DBs on EMULTYPE_TRAP_UD_FORCED as
+	 * hardware has checked the RIP of the magic prefix, but not the RIP of
+	 * the instruction being emulated.  The intent of forced emulation is
+	 * to behave as if KVM intercepted the instruction without an exception
+	 * and without a prefix.
+	 */
+	if (emulation_type & (EMULTYPE_NO_DECODE | EMULTYPE_SKIP |
+			      EMULTYPE_TRAP_UD | EMULTYPE_VMWARE_GP | EMULTYPE_PF))
+		return false;
+
 	if (unlikely(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) &&
 	    (vcpu->arch.guest_debug_dr7 & DR7_BP_EN_MASK)) {
 		struct kvm_run *kvm_run =3D vcpu->run;
@@ -8658,8 +8679,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, gp=
a_t cr2_or_gpa,
 		 * are fault-like and are higher priority than any faults on
 		 * the code fetch itself.
 		 */
-		if (!(emulation_type & EMULTYPE_SKIP) &&
-		    kvm_vcpu_check_code_breakpoint(vcpu, &r))
+		if (kvm_vcpu_check_code_breakpoint(vcpu, emulation_type, &r))
 			return r;
=20
 		r =3D x86_decode_emulated_instruction(vcpu, emulation_type,
--=20
2.37.2.672.g94769d06f0-goog