svn commit: r338957 - in head/sys/amd64: include vmm vmm/intel

Andrew Turner andrew at FreeBSD.org
Thu Sep 27 11:16:21 UTC 2018 

Author: andrew
Date: Thu Sep 27 11:16:19 2018
New Revision: 338957
URL: https://svnweb.freebsd.org/changeset/base/338957

Log:
  Handle a guest executing a vm instruction by trapping and raising an
  undefined instruction exception. Previously we would exit the guest,
  however an unprivileged user could execute these.
  
  Found with:	syzkaller
  Reviewed by:	araujo, tychon (previous version)
  Approved by:	re (kib)
  MFC after:	1 week
  Differential Revision:	https://reviews.freebsd.org/D17192

Modified:
  head/sys/amd64/include/vmm.h
  head/sys/amd64/vmm/intel/vmx.c
  head/sys/amd64/vmm/vmm.c

Modified: head/sys/amd64/include/vmm.h
==============================================================================
--- head/sys/amd64/include/vmm.h	Wed Sep 26 21:28:14 2018	(r338956)
+++ head/sys/amd64/include/vmm.h	Thu Sep 27 11:16:19 2018	(r338957)
@@ -557,6 +557,7 @@ enum vm_exitcode {
 	VM_EXITCODE_SVM,
 	VM_EXITCODE_REQIDLE,
 	VM_EXITCODE_DEBUG,
+	VM_EXITCODE_VMINSN,
 	VM_EXITCODE_MAX
 };
 

Modified: head/sys/amd64/vmm/intel/vmx.c
==============================================================================
--- head/sys/amd64/vmm/intel/vmx.c	Wed Sep 26 21:28:14 2018	(r338956)
+++ head/sys/amd64/vmm/intel/vmx.c	Thu Sep 27 11:16:19 2018	(r338957)
@@ -267,6 +267,9 @@ SDT_PROBE_DEFINE3(vmm, vmx, exit, monitor,
 SDT_PROBE_DEFINE3(vmm, vmx, exit, mwait,
     "struct vmx *", "int", "struct vm_exit *");
 
+SDT_PROBE_DEFINE3(vmm, vmx, exit, vminsn,
+    "struct vmx *", "int", "struct vm_exit *");
+
 SDT_PROBE_DEFINE4(vmm, vmx, exit, unknown,
     "struct vmx *", "int", "struct vm_exit *", "uint32_t");
 
@@ -2637,6 +2640,19 @@ vmx_exit_process(struct vmx *vmx, int vcpu, struct vm_
 	case EXIT_REASON_MWAIT:
 		SDT_PROBE3(vmm, vmx, exit, mwait, vmx, vcpu, vmexit);
 		vmexit->exitcode = VM_EXITCODE_MWAIT;
+		break;
+	case EXIT_REASON_VMCALL:
+	case EXIT_REASON_VMCLEAR:
+	case EXIT_REASON_VMLAUNCH:
+	case EXIT_REASON_VMPTRLD:
+	case EXIT_REASON_VMPTRST:
+	case EXIT_REASON_VMREAD:
+	case EXIT_REASON_VMRESUME:
+	case EXIT_REASON_VMWRITE:
+	case EXIT_REASON_VMXOFF:
+	case EXIT_REASON_VMXON:
+		SDT_PROBE3(vmm, vmx, exit, vminsn, vmx, vcpu, vmexit);
+		vmexit->exitcode = VM_EXITCODE_VMINSN;
 		break;
 	default:
 		SDT_PROBE4(vmm, vmx, exit, unknown,

Modified: head/sys/amd64/vmm/vmm.c
==============================================================================
--- head/sys/amd64/vmm/vmm.c	Wed Sep 26 21:28:14 2018	(r338956)
+++ head/sys/amd64/vmm/vmm.c	Thu Sep 27 11:16:19 2018	(r338957)
@@ -1737,6 +1737,7 @@ restart:
 			break;
 		case VM_EXITCODE_MONITOR:
 		case VM_EXITCODE_MWAIT:
+		case VM_EXITCODE_VMINSN:
 			vm_inject_ud(vm, vcpuid);
 			break;
 		default:

More information about the svn-src-head mailing list