Currently most of the debug registers are not saved and restored during
VM transitions allowing guest and host debug register values to leak into
the opposite context. One result is that hardware watchpoints do not work
reliably within a guest.
Due to differences in SVM and VT-x, slightly different approaches are used.
For VT-x:
- Enable debug register save/restore for VM entry/exit in the VMCS for DR7 and MSR_DEBUGCTL.
- Explicitly save DR0-3,6 of the guest.
- Explicitly save DR0-3,6-7, MSR_DEBUGCTL, and the trap flag from %rflags for the host. Note that because DR6 is "software" managed and not stored in the VMCS a kernel debugger which single steps through VM entry could corrupt the guest DR6 (since a single step trap taken after loading the guest DR6 could alter the DR6 register). To avoid this, explicitly disable single-stepping via the trace flag before loading the guest DR6. A determined debugger could still defeat this by setting a breakpoint after the guest DR6 was loaded and then single-stepping.
For SVM:
- Enable debug register caching in the VMCB for DR6/DR7.
- Explicitly save DR0-3 of the guest.
- Explicitly save DR0-3,6-7, and MSR_DEBUGCTL for the host. Since SVM saves the guest DR6 in the VMCB, the race with single-stepping described for VT-x does not exist.
For both platforms, expose all of the guest DRx values via --get-drX and
--set-drX flags to bhyvectl.