projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ba7e8e) | patch
KVM: arm: plug potential guest hardware debug leakage
authorZhichao Huang <zhichao.huang@linaro.org>
Thu, 11 May 2017 12:46:11 +0000 (13:46 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 May 2017 13:44:44 +0000 (15:44 +0200)
commitee773459557d2242ddf6a2289e4615b4eb0668ae
tree10a1f1871ccfaf06b9b1fac00363425649defcc6tree
parent0ba7e8e3419363c279f8cf68f3b3d3e1e14eb3bccommit | diff
KVM: arm: plug potential guest hardware debug leakage

commit 661e6b02b5aa82db31897f36e96324b77450fd7a upstream.

Hardware debugging in guests is not intercepted currently, it means
that a malicious guest can bring down the entire machine by writing
to the debug registers.

This patch enable trapping of all debug registers, preventing the
guests to access the debug registers. This includes access to the
debug mode(DBGDSCR) in the guest world all the time which could
otherwise mess with the host state. Reads return 0 and writes are
ignored (RAZ_WI).

The result is the guest cannot detect any working hardware based debug
support. As debug exceptions are still routed to the guest normal
debug using software based breakpoints still works.

To support debugging using hardware registers we need to implement a
debug register aware world switch as well as special trapping for
registers that may affect the host state.

Signed-off-by: Zhichao Huang <zhichao.huang@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Christoffer Dall <cdall@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/arm/include/asm/kvm_coproc.h diff | blob | history
arch/arm/kvm/coproc.c diff | blob | history
arch/arm/kvm/handle_exit.c diff | blob | history
arch/arm/kvm/hyp/switch.c diff | blob | history