On Sun, Jun 14, 2015 at 05:13:05PM +0100, zichao wrote: > I and marc are talking about how to plug the guest debug exploit in an > easier way. > > I remembered that you mentioned disabling monitor mode had proven to be > extremely fragile in practice on 32-bit ARM SoCs, what if I save/restore > the debug monitor mode on each switch between the guest and the host, > would it be acceptable? If you're just referring to DBGDSCRext, then you could give it a go, but you'll certainly want to predicate any writes to that register on whether or not hw_breakpoint managed to reset the debug regs on the host. Like I said, accessing these registers always worries me, so I'd really avoid it in KVM if you can. If not, you'll need to do extensive testing on a bunch of platforms with and without the presence of external debug. Will -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html