I am attempting to trap the ICEBP / INT1 instruction in KVM. Is it possible to cause a guest exit for this instruction, e.g. using KVM_SET_GUEST_DEBUG?
I am working on a hypervisor for Windows and Linux that includes debugging support (single stepping and breakpoints). I am currently able to perform single stepping and breakpoints by using the appropriate combinations of KVM_GUESTDBG_ENABLE, KVM_GUESTDBG_USE_SW_BP and KVM_GUESTDBG_SINGLESTEP in KVM_SET_GUEST_DEBUG. I am using the well known INT3 instruction for breakpoints.
The problem is that the Linux kernel uses the INT3 instruction for its own purposes during kernel startup (int3_selftest). This causes problems for anyone attempting to debug the Linux kernel. As an alternative I am attempting to use the ICEBP / INT1 instruction for breakpoints: this instruction causes a #DB exception instead of a #BP exception, but one can differentiate between single stepping and INT1 by looking at the instruction pointed by RIP or looking at the DR6 / BS bit.
This works on the Windows WHv* API. Unfortunately I am unable to make it work on KVM, because KVM never delivers the #DB exception for INT1 to my hypervisor (i.e. it nevers delivers a KVM_EXIT_DEBUG for INT1 and seems to skip the instruction). Is it possible to convince it to deliver the KVM_EXIT_DEBUG?
I have received a response from Sean Christopherson on the KVM mailing list. He states:
#DBs from INT1, a.k.a. ICEBP, should be forwarded to userspace if KVM_GUESTDBG_USE_HW_BP is set.
https://lore.kernel.org/kvm/ZAZVCosmv+KXA8mO@google.com/T/#t