From: Sean Christopherson <seanjc@google.com>
To: Hou Wenlong <houwenlong.hwl@antgroup.com>
Cc: kvm@vger.kernel.org, Lai Jiangshan <jiangshan.ljs@antgroup.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 4/7] KVM: x86: Consolidate KVM_GUESTDBG_SINGLESTEP check into the kvm_inject_emulated_db()
Date: Tue, 16 Dec 2025 16:43:45 -0800 [thread overview]
Message-ID: <aUH8wcu4zRclhYUn@google.com> (raw)
In-Reply-To: <20251213161537.GA65365@k08j02272.eu95sqa>
On Sun, Dec 14, 2025, Hou Wenlong wrote:
> On Fri, Dec 12, 2025 at 09:53:20AM -0800, Sean Christopherson wrote:
> > On Fri, Dec 12, 2025, Hou Wenlong wrote:
> > > On Thu, Dec 11, 2025 at 09:19:39AM -0800, Sean Christopherson wrote:
> > > > On Thu, Dec 11, 2025, Hou Wenlong wrote:
> > > > +static noinline unsigned long singlestep_with_code_db(void)
> > > > +{
> > > > + unsigned long start;
> > > > +
> > > > + asm volatile (
> > > > + "lea 1f(%%rip), %0\n\t"
> > > > + "mov %0, %%dr2\n\t"
> > > > + "mov $" xstr(DR7_FIXED_1 | DR7_EXECUTE_DRx(2) | DR7_GLOBAL_ENABLE_DR2) ", %0\n\t"
> > > > + "mov %0, %%dr7\n\t"
> > > > + "pushf\n\t"
> > > > + "pop %%rax\n\t"
> > > > + "or $(1<<8),%%rax\n\t"
> > > > + "push %%rax\n\t"
> > > > + "popf\n\t"
> > > > + "and $~(1<<8),%%rax\n\t"
> > > In my previous understanding, I thought there would be two #DBs
> > > generated at the instruction boundary. First, the single-step trap #DB
> > > would be handled, and then, when resuming to start the new instruction,
> > > it would check for the code breakpoint and generate a code fault #DB.
> > > However, it turns out that the check for the code breakpoint happened
> > > before the instruction boundary.
> >
> > Yeah, that's what I was trying to explain by describing code breakpoint as fault-like.
> >
> > > I also see in the kernel hardware breakpoint handler that it notes that code
> > > breakpoints and single-step can be detected together. Is this due to
> > > instruction prefetch?
> >
> > Nope, it's just how #DBs work, everything pending gets smushed together. Note,
> > data #DBs can also be coincident. E.g. it's entirely possible that you could
> > observe a code breakpoint, a data breakpoint, and a single-step breakpoint in a
> > single #DB.
> >
> > > If we want to emulate the hardware behavior in the emulator, does that
> > > mean we need to check for code breakpoints in kvm_vcpu_do_single_step()
> > > and set the DR_TRAP_BITS along with the DR6_BS bit?
> >
> > Hmm, ya, I think so? I don't think the CPU will fetch and merge the imminent
> > code #DB with the injected single-step #DB.
> Um, I have one more question: what do you mean when you say that
> kvm_vcpu_check_code_breakpoint() doesn't account for RFLAGS.TF?
I was pointing out that if KVM is emulating multiple instructions without
entering the guest, then I'm pretty sure kvm_vcpu_check_code_breakpoint() would
fail to detect a coincident single-step #DB. kvm_vcpu_check_code_breakpoint()
may not be the right place to try and handle that though.
next prev parent reply other threads:[~2025-12-17 0:43 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-10 2:49 [PATCH 0/7] KVM: x86: Improve the handling of debug exceptions during instruction emulation Hou Wenlong
2025-09-10 2:49 ` [PATCH 1/7] KVM: x86: Set guest DR6 by kvm_queue_exception_p() in " Hou Wenlong
2025-09-10 2:49 ` [PATCH 2/7] KVM: x86: Check guest debug in DR access " Hou Wenlong
2025-12-05 17:51 ` Sean Christopherson
2025-09-10 2:49 ` [PATCH 3/7] KVM: x86: Only check effective code breakpoint in emulation Hou Wenlong
2025-09-10 2:49 ` [PATCH 4/7] KVM: x86: Consolidate KVM_GUESTDBG_SINGLESTEP check into the kvm_inject_emulated_db() Hou Wenlong
2025-12-05 17:58 ` Sean Christopherson
2025-12-11 14:05 ` Hou Wenlong
2025-12-11 17:19 ` Sean Christopherson
2025-12-12 9:46 ` Hou Wenlong
2025-12-12 17:53 ` Sean Christopherson
2025-12-13 16:15 ` Hou Wenlong
2025-12-17 0:43 ` Sean Christopherson [this message]
2025-09-10 2:49 ` [PATCH 5/7] KVM: VMX: Set 'BS' bit in pending debug exceptions during instruction emulation Hou Wenlong
2025-12-05 18:20 ` Sean Christopherson
2025-12-11 14:01 ` Hou Wenlong
2025-09-10 2:49 ` [PATCH 6/7] KVM: selftests: Verify guest debug DR7.GD checking " Hou Wenlong
2025-12-05 18:21 ` Sean Christopherson
2025-09-10 2:49 ` [PATCH 7/7] KVM: selftests: Verify 'BS' bit checking in pending debug exception during VM entry Hou Wenlong
2025-12-05 18:23 ` Sean Christopherson
2025-12-11 13:21 ` Hou Wenlong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUH8wcu4zRclhYUn@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=houwenlong.hwl@antgroup.com \
--cc=hpa@zytor.com \
--cc=jiangshan.ljs@antgroup.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).