From: alex.bennee@linaro.org (Alex Bennée)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v1 0/2] Plug ARMv7 KVM Debug Exploit
Date: Wed, 10 May 2017 18:01:57 +0100 [thread overview]
Message-ID: <20170510170200.13285-1-alex.bennee@linaro.org> (raw)
Hi,
These two patches where the start a longer series Zhichao had started
to support hardware debugging in KVM. They plug a fairly serious bug
which meant a guest could mess with the debug state and affect the
host.
With these patches applied the guest can still do normal debugging
using software breakpoints but attempts to use the hardware registers
are ignored.
The only real changes I've made have been converting to the new C
based world switch and the subsequent testing. The remaining patches
in the series will take a bit more work and I guess depends on how
many KVM guests actually need to use HW breakpoints and watchpoints.
The code is a little more hairy on ARMv7 compared to ARMv8 due to
complications accessing things like DBGDSCR.
Cheers,
Alex.
Zhichao Huang (2):
KVM: arm: plug guest debug exploit
KVM: arm: rename pm_fake handler to trap_raz_wi
arch/arm/include/asm/kvm_coproc.h | 3 +-
arch/arm/kvm/coproc.c | 110 ++++++++++++++++++++++++++------------
arch/arm/kvm/handle_exit.c | 4 +-
arch/arm/kvm/hyp/switch.c | 4 +-
4 files changed, 83 insertions(+), 38 deletions(-)
--
2.11.0
next reply other threads:[~2017-05-10 17:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-10 17:01 Alex Bennée [this message]
2017-05-10 17:01 ` [PATCH v1 1/2] KVM: arm: plug guest debug exploit Alex Bennée
2017-05-11 7:39 ` Marc Zyngier
2017-05-11 10:07 ` Alex Bennée
2017-05-10 17:01 ` [PATCH v1 2/2] KVM: arm: rename pm_fake handler to trap_raz_wi Alex Bennée
2017-05-11 7:40 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170510170200.13285-1-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).