On 21/12/2016 12:06, Dmitry Vyukov wrote: > On Wed, Dec 21, 2016 at 12:00 PM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: >> >> >> On 21/12/2016 10:41, Dmitry Vyukov wrote: >>> Hello, >>> >>> I am getting some KVM_EXIT_INTERNAL_ERROR/KVM_INTERNAL_ERROR_EMULATION >>> while fuzzing KVM. Does it indicate a bug in kvm code? >> >> No, it just indicates something that isn't implemented. Other >> KVM_EXIT_INTERNAL_ERROR cases indicate a bug in the userspace code. > > Something is not implemented where? You mean host userspace (VMM)? No, in KVM's instruction emulator. > But what about guest container killing whole VM? It looks equivalent > to non-root killing machine. KVM_INTERNAL_ERROR_EMULATION only kills the whole VM at CPL=0. At CPL=3 or in a nested VM it would be translated to an undefined opcode exception, exactly for this reason. Feel free to send one or two examples, they should be easy to analyze. But I suspect it's just a combination of executing garbage instructions with garbage processor state. If so, an unprivileged guest that can trigger KVM_INTERNAL_ERROR_EMULATION in a kernel most likely has gotten arbitrary code execution already. Paolo > >> If you're running nested virtualization and the nested guest manages to >> kill the host, that's bad. Otherwise, they're harmless. >> >> Paolo >> >>> To make it clear, the context is that guest does all kind of weird >>> stuff and if it kills itself it is fine. I am just trying to catch bad >>> effects on the host. >>> As far as I can tell, if qemu gets KVM_EXIT_INTERNAL_ERROR it will >>> fail. So for user it will look like qemu misbehaves. E.g. it will not >>> auto restart the VM. >>> If KVM_EXIT_INTERNAL_ERROR/KVM_INTERNAL_ERROR_EMULATION is OK, are >>> other KVM_EXIT_INTERNAL_ERROR error codes worse? Are there any other >>> indications that host is affected in a bad way? I mean besides BUGs, >>> WARNINGs and crashes of the host kernel. >>> >>> Thanks >>> -- >>> To unsubscribe from this list: send the line "unsubscribe kvm" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
