From: Borislav Petkov <bp@alien8.de>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: George Kennedy <george.kennedy@oracle.com>,
Sean Christopherson <sean.j.christopherson@intel.com>,
Joerg Roedel <joro@8bytes.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
KVM list <kvm@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: Re: kernel BUG at arch/x86/kvm/x86.c:361! on AMD CPU
Date: Tue, 18 Jun 2019 20:27:33 +0200 [thread overview]
Message-ID: <20190618182733.GD26346@zn.tnic> (raw)
In-Reply-To: <CACT4Y+bnKwniAikESjDckaTW=vE1hu8yc4DuoSFwP3qTS4NpmA@mail.gmail.com>
On Tue, Jun 18, 2019 at 08:01:06PM +0200, Dmitry Vyukov wrote:
> I am not a KVM folk either, but FWIW syzkaller is capable of creating
> a double-nested VM.
Aaaha, there it is. :)
> The code is somewhat VMX-specific, but it should
> be capable at least executing some SVM instructions inside of guest.
> This code setups VM to run a given instruction sequences (should be generic):
> https://github.com/google/syzkaller/blob/34bf9440bd06034f86b5d9ac8afbf078129cbdae/executor/common_kvm_amd64.h
> The instruction generator is based on Intel XED so it may be somewhat
> Intel-biased, but at least I see some mentions of SVM there:
> https://raw.githubusercontent.com/google/syzkaller/34bf9440bd06034f86b5d9ac8afbf078129cbdae/pkg/ifuzz/gen/all-enc-instructions.txt
Right, and that right there looks wrong:
ICLASS : VMLOAD
CPL : 3
CATEGORY : SYSTEM
EXTENSION : SVM
ATTRIBUTES: PROTECTED_MODE
PATTERN : 0x0F 0x01 MOD[0b11] MOD=3 REG[0b011] RM[0b010]
OPERANDS : REG0=OrAX():r:IMPL
That is, *if* "CPL: 3" above means in XED context that VMLOAD is
supposed to be run in CPL3, then this is wrong because VMLOAD #GPs if
CPL was not 0. Ditto for VMRUN and a couple of others.
Perhaps that support was added at some point but not really run on AMD
hw yet...
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2019-06-18 18:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <37952f51-7687-672c-45d9-92ba418c9133@oracle.com>
2019-06-12 16:12 ` kernel BUG at arch/x86/kvm/x86.c:361! on AMD CPU Borislav Petkov
[not found] ` <af0054d1-1fc8-c106-b503-ca91da5a6fee@oracle.com>
2019-06-12 19:51 ` Borislav Petkov
2019-06-12 20:54 ` Sean Christopherson
2019-06-13 7:18 ` Borislav Petkov
[not found] ` <df80299b-8e1f-f48b-a26b-c163b4018d01@oracle.com>
2019-06-18 17:51 ` Borislav Petkov
2019-06-18 18:01 ` Dmitry Vyukov
2019-06-18 18:27 ` Borislav Petkov [this message]
2019-06-18 19:17 ` Paolo Bonzini
2019-06-18 19:34 ` George Kennedy
2019-06-23 13:15 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190618182733.GD26346@zn.tnic \
--to=bp@alien8.de \
--cc=boris.ostrovsky@oracle.com \
--cc=dvyukov@google.com \
--cc=george.kennedy@oracle.com \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.