Commit cade3d57 authored Jun 17, 2025 by Mark Rutland Committed by Marc Zyngier Jun 19, 2025

KVM: arm64: VHE: Synchronize restore of host debug registers



When KVM runs in non-protected VHE mode, there's no context
synchronization event between __debug_switch_to_host() restoring the
host debug registers and __kvm_vcpu_run() unmasking debug exceptions.
Due to this, it's theoretically possible for the host to take an
unexpected debug exception due to the stale guest configuration.

This cannot happen in NVHE/HVHE mode as debug exceptions are masked in
the hyp code, and the exception return to the host will provide the
necessary context synchronization before debug exceptions can be taken.

For now, avoid the problem by adding an ISB after VHE hyp code restores
the host debug registers.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Fuad Tabba <tabba@google.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Brown <broonie@kernel.org>
Cc: Oliver Upton <oliver.upton@linux.dev>
Cc: Will Deacon <will@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250617133718.4014181-2-mark.rutland@arm.com


Signed-off-by: Marc Zyngier <maz@kernel.org>

parent 56a14984

arch/arm64/kvm/hyp/include/hyp/debug-sr.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -167,6 +167,9 @@ static inline void __debug_switch_to_host_common(struct kvm_vcpu *vcpu)

		__debug_save_state(guest_dbg, guest_ctxt);
		__debug_restore_state(host_dbg, host_ctxt);

		if (has_vhe())
		isb();
		}

		#endif /* __ARM64_KVM_HYP_DEBUG_SR_H__ */