svn commit: r338957 - in head/sys/amd64: include vmm vmm/intel

Thu, 27 Sep 2018 04:16:50 -0700 

Author: andrew
Date: Thu Sep 27 11:16:19 2018
New Revision: 338957
URL: https://svnweb.freebsd.org/changeset/base/338957

Log:
  Handle a guest executing a vm instruction by trapping and raising an
  undefined instruction exception. Previously we would exit the guest,
  however an unprivileged user could execute these.
  
  Found with:   syzkaller
  Reviewed by:  araujo, tychon (previous version)
  Approved by:  re (kib)
  MFC after:    1 week
  Differential Revision:        https://reviews.freebsd.org/D17192

Modified:
  head/sys/amd64/include/vmm.h
  head/sys/amd64/vmm/intel/vmx.c
  head/sys/amd64/vmm/vmm.c

Modified: head/sys/amd64/include/vmm.h
==============================================================================
--- head/sys/amd64/include/vmm.h        Wed Sep 26 21:28:14 2018        
(r338956)
+++ head/sys/amd64/include/vmm.h        Thu Sep 27 11:16:19 2018        
(r338957)
@@ -557,6 +557,7 @@ enum vm_exitcode {
        VM_EXITCODE_SVM,
        VM_EXITCODE_REQIDLE,
        VM_EXITCODE_DEBUG,
+       VM_EXITCODE_VMINSN,
        VM_EXITCODE_MAX
 };
 

Modified: head/sys/amd64/vmm/intel/vmx.c
==============================================================================
--- head/sys/amd64/vmm/intel/vmx.c      Wed Sep 26 21:28:14 2018        
(r338956)
+++ head/sys/amd64/vmm/intel/vmx.c      Thu Sep 27 11:16:19 2018        
(r338957)
@@ -267,6 +267,9 @@ SDT_PROBE_DEFINE3(vmm, vmx, exit, monitor,
 SDT_PROBE_DEFINE3(vmm, vmx, exit, mwait,
     "struct vmx *", "int", "struct vm_exit *");
 
+SDT_PROBE_DEFINE3(vmm, vmx, exit, vminsn,
+    "struct vmx *", "int", "struct vm_exit *");
+
 SDT_PROBE_DEFINE4(vmm, vmx, exit, unknown,
     "struct vmx *", "int", "struct vm_exit *", "uint32_t");
 
@@ -2637,6 +2640,19 @@ vmx_exit_process(struct vmx *vmx, int vcpu, struct vm_
        case EXIT_REASON_MWAIT:
                SDT_PROBE3(vmm, vmx, exit, mwait, vmx, vcpu, vmexit);
                vmexit->exitcode = VM_EXITCODE_MWAIT;
+               break;
+       case EXIT_REASON_VMCALL:
+       case EXIT_REASON_VMCLEAR:
+       case EXIT_REASON_VMLAUNCH:
+       case EXIT_REASON_VMPTRLD:
+       case EXIT_REASON_VMPTRST:
+       case EXIT_REASON_VMREAD:
+       case EXIT_REASON_VMRESUME:
+       case EXIT_REASON_VMWRITE:
+       case EXIT_REASON_VMXOFF:
+       case EXIT_REASON_VMXON:
+               SDT_PROBE3(vmm, vmx, exit, vminsn, vmx, vcpu, vmexit);
+               vmexit->exitcode = VM_EXITCODE_VMINSN;
                break;
        default:
                SDT_PROBE4(vmm, vmx, exit, unknown,

Modified: head/sys/amd64/vmm/vmm.c
==============================================================================
--- head/sys/amd64/vmm/vmm.c    Wed Sep 26 21:28:14 2018        (r338956)
+++ head/sys/amd64/vmm/vmm.c    Thu Sep 27 11:16:19 2018        (r338957)
@@ -1737,6 +1737,7 @@ restart:
                        break;
                case VM_EXITCODE_MONITOR:
                case VM_EXITCODE_MWAIT:
+               case VM_EXITCODE_VMINSN:
                        vm_inject_ud(vm, vcpuid);
                        break;
                default:
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to