Re: [PATCH] KVM: SVM: Always intercept ICEBP, add INT1 selftests

Next message: Michael S. Tsirkin: "[PATCH v7 15/31] mm: vma_alloc_anon_folio_pmd: pass raw fault address to vma_alloc_folio"
Previous message: Michael S. Tsirkin: "[PATCH v7 14/31] mm: use __GFP_ZERO in alloc_anon_folio"
Next in thread: David Woodhouse: "Re: [PATCH] KVM: SVM: Always intercept ICEBP, add INT1 selftests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paolo Bonzini

Date: Tue May 12 2026 - 17:10:50 EST

On 5/7/26 13:22, David Woodhouse wrote:

From: David Woodhouse <dwmw@xxxxxxxxxxxx>

ICEBP (INT1, opcode 0xF1) generates a #DB that is architecturally a
trap, but on SVM it was not always intercepted. Unconditionally
intercept ICEBP on SVM to match VMX behaviour and ensure correct
event delivery semantics.

Add two selftests exercising ICEBP:

- int1_ept_test: verifies that ICEBP works correctly when the
exception stack page is not present (EPT/NPT fault during #DB
delivery). The IST stack is evicted via MADV_DONTNEED before
executing INT1.

- int1_task_gate_test: verifies ICEBP delivery through a 32-bit
task gate, exercising the legacy task-switch path for #DB.

Tested on Intel Sapphire Rapids and AMD Genoa. Without the SVM fix,
int1_task_gate_test fails on AMD with EIP pointing at ICEBP instead
of after it. With the fix, both tests pass on both platforms.

Signed-off-by: David Woodhouse <dwmw@xxxxxxxxxxxx>
---
arch/x86/kvm/svm/svm.c | 21 ++
tools/testing/selftests/kvm/Makefile.kvm | 2 +
.../testing/selftests/kvm/x86/int1_ept_test.c | 116 +++++++
.../selftests/kvm/x86/int1_task_gate_test.c | 298 ++++++++++++++++++

y u no like kvm-unit-tests? For the task gate test it's much simpler, as all the infrastructure for 32-bit IDT and GDT is already there, and there is no real KVM corner case being tested.

See https://lore.kernel.org/r/20260512210847.3039048-1-pbonzini@xxxxxxxxxx/ for a conversion, which is about 1/6th of the size of int1_task_gate_test.c.

Paolo