• Zhichao Huang's avatar
    KVM: arm: plug potential guest hardware debug leakage · 661e6b02
    Zhichao Huang authored
    Hardware debugging in guests is not intercepted currently, it means
    that a malicious guest can bring down the entire machine by writing
    to the debug registers.
    
    This patch enable trapping of all debug registers, preventing the
    guests to access the debug registers. This includes access to the
    debug mode(DBGDSCR) in the guest world all the time which could
    otherwise mess with the host state. Reads return 0 and writes are
    ignored (RAZ_WI).
    
    The result is the guest cannot detect any working hardware based debug
    support. As debug exceptions are still routed to the guest normal
    debug using software based breakpoints still works.
    
    To support debugging using hardware registers we need to implement a
    debug register aware world switch as well as special trapping for
    registers that may affect the host state.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarZhichao Huang <zhichao.huang@linaro.org>
    Signed-off-by: default avatarAlex Bennée <alex.bennee@linaro.org>
    Reviewed-by: default avatarChristoffer Dall <cdall@linaro.org>
    Signed-off-by: default avatarChristoffer Dall <cdall@linaro.org>
    661e6b02
handle_exit.c 4.64 KB