KVM: VMX: Update MTF and ICEBP comments to document KVM's subtle behavior

Document the oddities of ICEBP interception (trap-like #DB is intercepted
as a fault-like exception), and how using VMX's inner "skip" helper
deliberately bypasses the pending MTF and single-step #DB logic.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220830231614.3580124-24-seanjc@google.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 8d79326..94c314d 100644 (file)
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1652,9 +1652,13 @@ static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
 
        /*
         * Per the SDM, MTF takes priority over debug-trap exceptions besides
-        * T-bit traps. As instruction emulation is completed (i.e. at the
-        * instruction boundary), any #DB exception pending delivery must be a
-        * debug-trap. Record the pending MTF state to be delivered in
+        * TSS T-bit traps and ICEBP (INT1).  KVM doesn't emulate T-bit traps
+        * or ICEBP (in the emulator proper), and skipping of ICEBP after an
+        * intercepted #DB deliberately avoids single-step #DB and MTF updates
+        * as ICEBP is higher priority than both.  As instruction emulation is
+        * completed at this point (i.e. KVM is at the instruction boundary),
+        * any #DB exception pending delivery must be a debug-trap of lower
+        * priority than MTF.  Record the pending MTF state to be delivered in
         * vmx_check_nested_events().
         */
        if (nested_cpu_has_mtf(vmcs12) &&
@@ -5139,8 +5143,10 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
                         * instruction.  ICEBP generates a trap-like #DB, but
                         * despite its interception control being tied to #DB,
                         * is an instruction intercept, i.e. the VM-Exit occurs
-                        * on the ICEBP itself.  Note, skipping ICEBP also
-                        * clears STI and MOVSS blocking.
+                        * on the ICEBP itself.  Use the inner "skip" helper to
+                        * avoid single-step #DB and MTF updates, as ICEBP is
+                        * higher priority.  Note, skipping ICEBP still clears
+                        * STI and MOVSS blocking.
                         *
                         * For all other #DBs, set vmcs.PENDING_DBG_EXCEPTIONS.BS
                         * if single-step is enabled in RFLAGS and STI or MOVSS