On Fri, Sep 21, 2018 at 11:51 AM, Sean Christopherson <sean.j.christopherson@xxxxxxxxx> wrote: > My question was more from a software perspective, e.g. it looks like > arch.dr6.RTM can be cleared via kvm_vcpu_ioctl_x86_set_debugregs() > and a #DB injected via kvm_arch_vcpu_ioctl_set_guest_debug(). Not > saying such behavior wouldn't be a bug elsewhere, just wondering if > we should be paranoid here. My main concern with this code is that stale DR6 bits leak into the exit qualification for the current #DB exception intercept. Possible misreporting of bit 16 based on faulty userspace emulation of the vCPU state seems like small potatoes.
