On Thu, May 07, 2026, David Woodhouse wrote: > From: David Woodhouse <[email protected]> > > ICEBP (INT1, opcode 0xF1) generates a #DB that is architecturally a > trap, but on SVM it was not always intercepted. Unconditionally > intercept ICEBP on SVM to match VMX behaviour and ensure correct > event delivery semantics. > > Add two selftests exercising ICEBP: > > - int1_ept_test: verifies that ICEBP works correctly when the > exception stack page is not present (EPT/NPT fault during #DB > delivery). The IST stack is evicted via MADV_DONTNEED before > executing INT1. > > - int1_task_gate_test: verifies ICEBP delivery through a 32-bit > task gate, exercising the legacy task-switch path for #DB. > > Tested on Intel Sapphire Rapids and AMD Genoa. Without the SVM fix, > int1_task_gate_test fails on AMD with EIP pointing at ICEBP instead > of after it. With the fix, both tests pass on both platforms.
Hmm, but KVM unconditionally intercepts task switches. Is this effectively working around a bug in task_switch_interception()? > Signed-off-by: David Woodhouse <[email protected]> > --- > arch/x86/kvm/svm/svm.c | 21 ++ > tools/testing/selftests/kvm/Makefile.kvm | 2 + > .../testing/selftests/kvm/x86/int1_ept_test.c | 116 +++++++ > .../selftests/kvm/x86/int1_task_gate_test.c | 298 ++++++++++++++++++ > 4 files changed, 437 insertions(+) > create mode 100644 tools/testing/selftests/kvm/x86/int1_ept_test.c int1_host_page_fault_test? I definitely dont' want to call it "ept" since it's valid for both Intel (EPT) and AMD (NPT), but int1_tdp_test isn't accurate either since the test is also valid for shadow paging (at least, as written).
