1 files changed, 20 insertions, 9 deletions

diff --git a/executor/common_kvm_amd64_syzos.h b/executor/common_kvm_amd64_syzos.h
index 27f4be400..96ff67897 100644
--- a/executor/common_kvm_amd64_syzos.h
+++ b/executor/common_kvm_amd64_syzos.h
@@ -739,6 +739,7 @@ GUEST_CODE static noinline void init_vmcs_control_fields(uint64 cpu_id, uint64 v
 typedef enum {
 	SYZOS_NESTED_EXIT_REASON_HLT = 1,
 	SYZOS_NESTED_EXIT_REASON_INVD = 2,
+	SYZOS_NESTED_EXIT_REASON_CPUID = 3,
 	SYZOS_NESTED_EXIT_REASON_UNKNOWN = 0xFF,
 } syz_nested_exit_reason;
 
@@ -754,6 +755,7 @@ GUEST_CODE static void guest_uexit_l2(uint64 exit_reason, syz_nested_exit_reason
 	}
 }
 
+#define EXIT_REASON_CPUID 0xa
 #define EXIT_REASON_HLT 0xc
 #define EXIT_REASON_INVD 0xd
 
@@ -765,15 +767,19 @@ GUEST_CODE static syz_nested_exit_reason map_intel_exit_reason(uint64 basic_reas
 		return SYZOS_NESTED_EXIT_REASON_HLT;
 	if (reason == EXIT_REASON_INVD)
 		return SYZOS_NESTED_EXIT_REASON_INVD;
+	if (reason == EXIT_REASON_CPUID)
+		return SYZOS_NESTED_EXIT_REASON_CPUID;
 	return SYZOS_NESTED_EXIT_REASON_UNKNOWN;
 }
 
 GUEST_CODE static void advance_l2_rip_intel(uint64 basic_reason)
 {
-	if (basic_reason == EXIT_REASON_INVD) {
-		uint64 rip = vmread(VMCS_GUEST_RIP);
-		vmwrite(VMCS_GUEST_RIP, rip + 2);
-	}
+	// Disable optimizations.
+	volatile uint64 reason = basic_reason;
+	uint64 rip = vmread(VMCS_GUEST_RIP);
+	if ((reason == EXIT_REASON_INVD) || (reason == EXIT_REASON_CPUID))
+		rip += 2;
+	vmwrite(VMCS_GUEST_RIP, rip);
 }
 
 // This function is called from inline assembly.
@@ -831,6 +837,7 @@ __attribute__((naked)) GUEST_CODE static void nested_vm_exit_handler_intel_asm(v
 			 [vm_exit_reason] "i"(VMCS_VM_EXIT_REASON) : "memory", "cc", "rbx", "rdi", "rsi");
 }
 
+#define VMEXIT_CPUID 0x72
 #define VMEXIT_INVD 0x76
 #define VMEXIT_HLT 0x78
 
@@ -842,16 +849,20 @@ GUEST_CODE static syz_nested_exit_reason map_amd_exit_reason(uint64 basic_reason
 		return SYZOS_NESTED_EXIT_REASON_HLT;
 	if (reason == VMEXIT_INVD)
 		return SYZOS_NESTED_EXIT_REASON_INVD;
+	if (reason == VMEXIT_CPUID)
+		return SYZOS_NESTED_EXIT_REASON_CPUID;
 	return SYZOS_NESTED_EXIT_REASON_UNKNOWN;
 }
 
 GUEST_CODE static void advance_l2_rip_amd(uint64 basic_reason, uint64 cpu_id, uint64 vm_id)
 {
-	if (basic_reason == VMEXIT_INVD) {
-		uint64 vmcb_addr = X86_SYZOS_ADDR_VMCS_VMCB(cpu_id, vm_id);
-		uint64 rip = vmcb_read64((volatile uint8*)vmcb_addr, VMCB_GUEST_RIP);
-		vmcb_write64(vmcb_addr, VMCB_GUEST_RIP, rip + 2);
-	}
+	// Disable optimizations.
+	volatile uint64 reason = basic_reason;
+	uint64 vmcb_addr = X86_SYZOS_ADDR_VMCS_VMCB(cpu_id, vm_id);
+	uint64 rip = vmcb_read64((volatile uint8*)vmcb_addr, VMCB_GUEST_RIP);
+	if ((reason == VMEXIT_INVD) || (reason == VMEXIT_CPUID))
+		rip += 2;
+	vmcb_write64(vmcb_addr, VMCB_GUEST_RIP, rip);
 }
 
 __attribute__((used)) GUEST_CODE static void