From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:47266)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <xvilka@gmail.com>) id 1QCM1w-0000cV-PL
	for qemu-devel@nongnu.org; Tue, 19 Apr 2011 21:16:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <xvilka@gmail.com>) id 1QCM1v-0002wr-8o
	for qemu-devel@nongnu.org; Tue, 19 Apr 2011 21:16:32 -0400
Received: from mail-qy0-f173.google.com ([209.85.216.173]:34253)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <xvilka@gmail.com>) id 1QCM1v-0002wn-5r
	for qemu-devel@nongnu.org; Tue, 19 Apr 2011 21:16:31 -0400
Received: by qyk36 with SMTP id 36so1846849qyk.4
	for <qemu-devel@nongnu.org>; Tue, 19 Apr 2011 18:16:30 -0700 (PDT)
MIME-Version: 1.0
Sender: xvilka@gmail.com
In-Reply-To: <BANLkTim1a4EspaJk-rQhBCz-eRmKTM5KdA@mail.gmail.com>
References: <BANLkTi==x5GF+BC4q=fSVvYLE_XY=SvxTw@mail.gmail.com>
	<BANLkTim1a4EspaJk-rQhBCz-eRmKTM5KdA@mail.gmail.com>
Date: Wed, 20 Apr 2011 05:16:30 +0400
Message-ID: <BANLkTinXO26+-Zb9cYOHNPLseBvzphSpBQ@mail.gmail.com>
From: =?UTF-8?B?0JDQvdGC0L7QvSDQmtC+0YfQutC+0LI=?= <anton.kochkov@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] QEMU-KVM and hardened (GRSEC/PaX) kernel
Reply-To: anton.kochkov@gmail.com
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <http://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: qemu-devel <qemu-devel@nongnu.org>

Already changed to Grsecutiry -> Security level -> Virtualization

But issue still here:

qemu-kvm starts, show as running, but nothing inside:

(qemu) info kvm
kvm support: enabled
(qemu) info cpus
* CPU #0: pc=3D0x000000000010017c (halted) thread_id=3D4688
(qemu) info pci
  Bus  0, device   0, function 0:
    Host bridge: PCI device 8086:1237
      id ""
  Bus  0, device   1, function 0:
    ISA bridge: PCI device 8086:7000
      id ""
  Bus  0, device   1, function 1:
    IDE controller: PCI device 8086:7010
      BAR4: I/O at 0xc000 [0xc00f].
      id ""
  Bus  0, device   1, function 3:
    Bridge: PCI device 8086:7113
      IRQ 9.
      id ""
  Bus  0, device   2, function 0:
    VGA controller: PCI device 1013:00b8
      BAR0: 32 bit prefetchable memory at 0xf0000000 [0xf1ffffff].
      BAR1: 32 bit memory at 0xf2000000 [0xf2000fff].
      BAR6: 32 bit memory at 0xffffffffffffffff [0x0000fffe].
      id ""
(qemu) info status
VM status: running
(qemu) info roms
fw=3Dgenroms/vapic.bin size=3D0x002400 name=3D"vapic.bin"
addr=3D00000000fffe0000 size=3D0x020000 mem=3Drom name=3D"bios.bin"
(qemu) info registers
EAX=3D00000000 EBX=3D00187130 ECX=3D00187130 EDX=3D00000000
ESI=3D00000000 EDI=3D00000000 EBP=3D00000000 ESP=3D0ffcfeac
EIP=3D0010017c EFL=3D00000246 [---Z-P-] CPL=3D0 II=3D0 A20=3D1 SMM=3D0 HLT=
=3D1
ES =3D0028 00000000 ffffffff 00c09300 DPL=3D0 DS   [-WA]
CS =3D0020 00000000 ffffffff 00c09b00 DPL=3D0 CS32 [-RA]
SS =3D0028 00000000 ffffffff 00c09300 DPL=3D0 DS   [-WA]
DS =3D0028 00000000 ffffffff 00c09300 DPL=3D0 DS   [-WA]
FS =3D0000 00000000 ffffffff 00000000
GS =3D0000 00000000 ffffffff 00000000
LDT=3D0000 00000000 ffffffff 00000000
TR =3D0008 00000580 00000067 00008b00 DPL=3D0 TSS32-busy
GDT=3D     0000ab80 0000002f
IDT=3D     000030b8 000007ff
CR0=3D00000013 CR2=3D00000000 CR3=3D00000000 CR4=3D00000000
DR0=3D0000000000000000 DR1=3D0000000000000000 DR2=3D0000000000000000
DR3=3D0000000000000000
DR6=3D00000000ffff0ff0 DR7=3D0000000000000400
EFER=3D0000000000000000
FCW=3D037f FSW=3D0020 [ST=3D0] FTW=3D00 MXCSR=3D00001f80
FPR0=3Df44d002c60000000 400d FPR1=3D80847fe700000000 400e
FPR2=3Dfa007fa240000000 400e FPR3=3D80e88055f0000000 400e
FPR4=3Dea61009c40000000 400d FPR5=3Dea62009c40000000 400c
FPR6=3Dbb7fffb9b0000000 400b FPR7=3Dbb83ffb9b0000000 400b
XMM00=3D00000000000000000000000000000000 XMM01=3D00000000000000000000000000=
000000
XMM02=3D00000000000000000000000000000000 XMM03=3D00000000000000000000000000=
000000
XMM04=3D00000000000000000000000000000000 XMM05=3D00000000000000000000000000=
000000
XMM06=3D00000000000000000000000000000000 XMM07=3D00000000000000000000000000=
000000

also if i'm connecting to qemu with gdb it show me only one cmd:

add BYTE PTR [rax],al

and it is in infinite

Cpu load =3D 0%

Bug updated with new logs/info

Best regards,
Anton Kochkov.




On Tue, Apr 19, 2011 at 23:24, Blue Swirl <blauwirbel@gmail.com> wrote:
> 2011/4/17 =D0=90=D0=BD=D1=82=D0=BE=D0=BD =D0=9A=D0=BE=D1=87=D0=BA=D0=BE=
=D0=B2 <anton.kochkov@gmail.com>:
>> Good day!
>> I'm trying to make working qemu-kvm with hardened gentoo on hardened ker=
nel.
>> When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu ju=
st start
>> and go to infinite loop and take 100% of one of my CPU core. adn it
>> even can't be killed.
>> Also it is dont give answer for qemu monitor/remote gdb.
>> When I'm changed these two values as disabled, qemu-kvm now start, and
>> stop (i mean qemu monitor show that virtual machine is running, but no
>> any activity/output). Also it's load about 0%.
>> See details in bug http://bugs.gentoo.org/show_bug.cgi?id=3D363713
>
> Given this description
> http://grsecurity.net/~spender/uderef.txt
> I'd say the problem is PaX vs. KVM (kernel module part of it). UDEREF
> should be overridden for the process in question, which obviously
> defeats security. Maybe CONFIG_GRKERNSEC_HARDENED_VIRTUALIZATION
> suggested in the bug thread already does this, I don't know. It's not
> possible to virtualize for example guests using self-modifying code if
> the kernel protections are in the way. The alternative is to use only
> guests, which never violate W^X, if they exist.
>