From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from foss.arm.com ([217.140.101.70]:37421 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756655AbbFPQtT (ORCPT ); Tue, 16 Jun 2015 12:49:19 -0400 Date: Tue, 16 Jun 2015 17:49:15 +0100 From: Will Deacon To: zichao Cc: Marc Zyngier , "kvm@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "kvmarm@lists.cs.columbia.edu" , "christoffer.dall@linaro.org" , "alex.bennee@linaro.org" , "huangzhichao@huawei.com" , "stable@vger.kernel.org" Subject: Re: [PATCH v2 01/11] KVM: arm: plug guest debug exploit Message-ID: <20150616164914.GM30522@arm.com> References: <1433046432-1824-1-git-send-email-zhichao.huang@linaro.org> <1433046432-1824-2-git-send-email-zhichao.huang@linaro.org> <556C3A68.8050903@arm.com> <557449EA.7040003@linaro.org> <5576BFF7.3070706@arm.com> <557DA6E4.7090609@linaro.org> <557DA811.8090705@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <557DA811.8090705@linaro.org> Sender: stable-owner@vger.kernel.org List-ID: On Sun, Jun 14, 2015 at 05:13:05PM +0100, zichao wrote: > I and marc are talking about how to plug the guest debug exploit in an > easier way. > > I remembered that you mentioned disabling monitor mode had proven to be > extremely fragile in practice on 32-bit ARM SoCs, what if I save/restore > the debug monitor mode on each switch between the guest and the host, > would it be acceptable? If you're just referring to DBGDSCRext, then you could give it a go, but you'll certainly want to predicate any writes to that register on whether or not hw_breakpoint managed to reset the debug regs on the host. Like I said, accessing these registers always worries me, so I'd really avoid it in KVM if you can. If not, you'll need to do extensive testing on a bunch of platforms with and without the presence of external debug. Will