| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250717234744.2254371-1-smostafa@google.com> Date: Thu, 17 Jul 2025 23:47:42 +0000 From: Mostafa Saleh <smostafa@...gle.com> To: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, kvmarm@...ts.linux.dev Cc: catalin.marinas@....com, will@...nel.org, maz@...nel.org, oliver.upton@...ux.dev, joey.gouly@....com, suzuki.poulose@....com, yuzenghui@...wei.com, qperret@...gle.com, keirf@...gle.com, Mostafa Saleh <smostafa@...gle.com> Subject: [PATCH 0/2] Dump instructions on panic for pKVM/nvhe This small series, adds support for dumping the faulting instructions on panic in pKVM and nvhe, similarly to what the kernel does as follow: [ 12.012126] kvm [190]: nVHE hyp BUG at: [<ffff8000811c5f64>] __kvm_nvhe_handle___kvm_vcpu_run+0x4/0x8! [ 12.015747] kvm [190]: Cannot dump pKVM nVHE stacktrace: !CONFIG_PROTECTED_NVHE_STACKTRACE [ 12.016044] Code: a8c17bfd d50323bf d65f03c0 d503245f (d4210000) [ 12.016082] kvm [190]: Hyp Offset: 0xffeff6887fe00000 [ 12.016325] Kernel panic - not syncing: HYP panic: [ 12.016325] PS:204023c9 PC:000f8978013c5f64 ESR:00000000f2000800 [ 12.016325] FAR:fff00000c016e01c HPFAR:00000000010016e0 PAR:0000000000000000 This can be useful in debugging cases of memory corruption. The first patch adds this for nvhe and CONFIG_NVHE_EL2_DEBUG which is straightforward as at the point of panic there is no stage-2 for the host CPU, so it can re-use the kernel code to read and dump the faulting instructions. The second patch adds this support for pKVM, I splitted that into patches as the pKVM changes are more fundamental, as now the hypervisor text would be mapped in the host stage-2 as RO all the time. An alternative is to make the hypervisor read its instructions on panic and passes it to the kernel panic handler, but as we are out of registers (X0-X7 used) for the arguments we would have to move that code to assembly. Mostafa Saleh (2): KVM: arm64: Dump instruction on hyp panic KVM: arm64: Map hyp text as RO and dump instr on panic arch/arm64/include/asm/traps.h | 1 + arch/arm64/kernel/traps.c | 20 +++++++++++++------- arch/arm64/kvm/handle_exit.c | 3 +++ arch/arm64/kvm/hyp/nvhe/setup.c | 12 ++++++++++-- 4 files changed, 27 insertions(+), 9 deletions(-) -- 2.50.0.727.gbf7dc18ff4-goog
Powered by blists - more mailing lists