[PATCH v2 01/11] KVM: arm: plug guest debug exploit

[PATCH v2 00/11] KVM: arm: debug infrastructure support · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 02/11] KVM: arm: rename pm_fake handler to trap_raz_wi · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 02/11] KVM: arm: rename pm_fake handler to trap_raz_wi · Alex Bennée <hidden> · 2015-06-09
[PATCH v2 03/11] KVM: arm: enable to use the ARM_DSCR_MDBGEN macro from KVM assembly code · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 03/11] KVM: arm: enable to use the ARM_DSCR_MDBGEN macro from KVM assembly code · Alex Bennée <hidden> · 2015-06-09
[PATCH v2 04/11] KVM: arm: common infrastructure for handling AArch32 CP14/CP15 · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 04/11] KVM: arm: common infrastructure for handling AArch32 CP14/CP15 · Alex Bennée <hidden> · 2015-06-09
[PATCH v2 04/11] KVM: arm: common infrastructure for handling AArch32 CP14/CP15 · zichao <hidden> · 2015-06-14
[PATCH v2 05/11] KVM: arm: check ordering of all system register tables · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 05/11] KVM: arm: check ordering of all system register tables · Alex Bennée <hidden> · 2015-06-10
[PATCH v2 05/11] KVM: arm: check ordering of all system register tables · zichao <hidden> · 2015-06-14
[PATCH v2 06/11] KVM: arm: add trap handlers for 32-bit debug registers · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 07/11] KVM: arm: add trap handlers for 64-bit debug registers · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 08/11] KVM: arm: implement dirty bit mechanism for debug registers · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 09/11] KVM: arm: disable debug mode if we don't actually need it. · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 09/11] KVM: arm: disable debug mode if we don't actually need it. · Will Deacon <hidden> · 2015-06-01
[PATCH v2 09/11] KVM: arm: disable debug mode if we don't actually need it. · zichao <hidden> · 2015-06-07
[PATCH v2 10/11] KVM: arm: implement lazy world switch for debug registers · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 11/11] KVM: arm: enable trapping of all debug registers · Zhichao Huang <hidden> · 2015-05-31
[PATCH v2 01/11] KVM: arm: plug guest debug exploit · Zhichao Huang <hidden> · 2015-05-31
Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit · Marc Zyngier <hidden> · 2015-06-01
Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit · zichao <hidden> · 2015-06-07
Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit · Marc Zyngier <hidden> · 2015-06-09
Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit · zichao <hidden> · 2015-06-14
Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit · zichao <hidden> · 2015-06-14
Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit · Will Deacon <hidden> · 2015-06-16

From: Will Deacon <hidden>
Date: 2015-06-16 16:49:19
Also in: kvm, kvmarm, stable

On Sun, Jun 14, 2015 at 05:13:05PM +0100, zichao wrote:

I and marc are talking about how to plug the guest debug exploit in an
easier way.

I remembered that you mentioned disabling monitor mode had proven to be
extremely fragile in practice on 32-bit ARM SoCs, what if I save/restore
the debug monitor mode on each switch between the guest and the host,
would it be acceptable?

If you're just referring to DBGDSCRext, then you could give it a go, but
you'll certainly want to predicate any writes to that register on whether
or not hw_breakpoint managed to reset the debug regs on the host.

Like I said, accessing these registers always worries me, so I'd really
avoid it in KVM if you can. If not, you'll need to do extensive testing
on a bunch of platforms with and without the presence of external debug.

Will

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help