Already changed to Grsecutiry -> Security level -> Virtualization
But issue still here:
qemu-kvm starts, show as running, but nothing inside:
(qemu) info kvm
kvm support: enabled
(qemu) info cpus
* CPU #0: pc=0x000000000010017c (halted) thread_id=4688
(qemu) info pci
Bus 0, device 0, function 0:
Host bridge: PCI device 8086:1237
id ""
Bus 0, device 1, function 0:
ISA bridge: PCI device 8086:7000
id ""
Bus 0, device 1, function 1:
IDE controller: PCI device 8086:7010
BAR4: I/O at 0xc000 [0xc00f].
id ""
Bus 0, device 1, function 3:
Bridge: PCI device 8086:7113
IRQ 9.
id ""
Bus 0, device 2, function 0:
VGA controller: PCI device 1013:00b8
BAR0: 32 bit prefetchable memory at 0xf0000000 [0xf1ffffff].
BAR1: 32 bit memory at 0xf2000000 [0xf2000fff].
BAR6: 32 bit memory at 0xffffffffffffffff [0x0000fffe].
id ""
(qemu) info status
VM status: running
(qemu) info roms
fw=genroms/vapic.bin size=0x002400 name="vapic.bin"
addr=00000000fffe0000 size=0x020000 mem=rom name="bios.bin"
(qemu) info registers
EAX=00000000 EBX=00187130 ECX=00187130 EDX=00000000
ESI=00000000 EDI=00000000 EBP=00000000 ESP=0ffcfeac
EIP=0010017c EFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0028 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
CS =0020 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA]
SS =0028 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0028 00000000 ffffffff 00c09300 DPL=0 DS [-WA]
FS =0000 00000000 ffffffff 00000000
GS =0000 00000000 ffffffff 00000000
LDT=0000 00000000 ffffffff 00000000
TR =0008 00000580 00000067 00008b00 DPL=0 TSS32-busy
GDT= 0000ab80 0000002f
IDT= 000030b8 000007ff
CR0=00000013 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
FCW=037f FSW=0020 [ST=0] FTW=00 MXCSR=00001f80
FPR0=f44d002c60000000 400d FPR1=80847fe700000000 400e
FPR2=fa007fa240000000 400e FPR3=80e88055f0000000 400e
FPR4=ea61009c40000000 400d FPR5=ea62009c40000000 400c
FPR6=bb7fffb9b0000000 400b FPR7=bb83ffb9b0000000 400b
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
also if i'm connecting to qemu with gdb it show me only one cmd:
add BYTE PTR [rax],al
and it is in infinite
Cpu load = 0%
Bug updated with new logs/info
Best regards,
Anton Kochkov.
On Tue, Apr 19, 2011 at 23:24, Blue Swirl <blauwir...@gmail.com> wrote:
> 2011/4/17 Антон Кочков <anton.koch...@gmail.com>:
>> Good day!
>> I'm trying to make working qemu-kvm with hardened gentoo on hardened kernel.
>> When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu just
>> start
>> and go to infinite loop and take 100% of one of my CPU core. adn it
>> even can't be killed.
>> Also it is dont give answer for qemu monitor/remote gdb.
>> When I'm changed these two values as disabled, qemu-kvm now start, and
>> stop (i mean qemu monitor show that virtual machine is running, but no
>> any activity/output). Also it's load about 0%.
>> See details in bug http://bugs.gentoo.org/show_bug.cgi?id=363713
>
> Given this description
> http://grsecurity.net/~spender/uderef.txt
> I'd say the problem is PaX vs. KVM (kernel module part of it). UDEREF
> should be overridden for the process in question, which obviously
> defeats security. Maybe CONFIG_GRKERNSEC_HARDENED_VIRTUALIZATION
> suggested in the bug thread already does this, I don't know. It's not
> possible to virtualize for example guests using self-modifying code if
> the kernel protections are in the way. The alternative is to use only
> guests, which never violate W^X, if they exist.
>
