[PATCH v2 2/6] KVM: x86: Prioritize DR7.GD #DB over #GP due to illegal DR6/7 value

Next message: Rosen Penev: "[PATCH net] net: ibm: emac: mal: fix potential system hang in mal_remove()"
Previous message: Rosen Penev: "[PATCHv2 net-next] net: ibm: emac: Clear MAL descriptors without memset"
In reply to: Sean Christopherson: "[PATCH v2 3/6] KVM: x86: Manually check DR4/5 write values to fix SVM intercept priority"
Next in thread: Maciej W. Rozycki: "Re: [PATCH v2 2/6] KVM: x86: Prioritize DR7.GD #DB over #GP due to illegal DR6/7 value"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Wed Jun 03 2026 - 19:13:07 EST

When emulating a MOV DR, specifically a write to DR6 or DR7, treat a #DB
due to DR7.GD (General Detect) as higher priority than a #GP due to an
illegal value. While neither Intel's SDM nor AMD's APM says anything
about the relative priority, empirical testing on Intel and AMD shows that
the #DB has higher priority. And for VMX, where the instruction intercept
has priority over *all* exceptions, KVM already treats the #DB as having
higher priority.

Fixes: 3b88e41a4134 ("KVM: SVM: Add intercept check for accessing dr registers")
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/emulate.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 75cd8b6136aa..4484c5fa19e3 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -3854,11 +3854,16 @@ static int check_dr_write(struct x86_emulate_ctxt *ctxt)
{
u64 new_val = ctxt->src.val64;
int dr = ctxt->modrm_reg;
+ int rc;
+
+ rc = check_dr_read(ctxt);
+ if (rc != X86EMUL_CONTINUE)
+ return rc;

if ((dr == 6 || dr == 7) && (new_val & 0xffffffff00000000ULL))
return emulate_gp(ctxt, 0);

- return check_dr_read(ctxt);
+ return X86EMUL_CONTINUE;
}

static int check_svme(struct x86_emulate_ctxt *ctxt)
--
2.54.0.1032.g2f8565e1d1-goog