From 4ee789185bc215d62e9cfa92e23a8de2760789cb Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Sat, 28 Jan 2017 19:04:37 +0100
Subject: sys: improve kvm description

Allow fuzzer to change types of segment descriptors.
Alter more flags.
Allow fuzzer to do a random vmwrite.
---
 executor/kvm.S | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'executor/kvm.S')

diff --git a/executor/kvm.S b/executor/kvm.S
index 9f4df257e..896c59104 100644
--- a/executor/kvm.S
+++ b/executor/kvm.S
@@ -134,10 +134,10 @@ kvm_asm64_init_vm:
 	// Write VMCS revision into VMXON and VMCS regions
 	mov $MSR_IA32_VMX_BASIC, %rcx
 	rdmsr
-	mov $ADDR_VAR_VMXON,%rdx
-	mov %eax,(%rdx)
-	mov $ADDR_VAR_VMCS,%rdx
-	mov %eax,(%rdx)
+	mov $ADDR_VAR_VMXON, %rdx
+	mov %eax, (%rdx)
+	mov $ADDR_VAR_VMCS, %rdx
+	mov %eax, (%rdx)
 
 	mov $ADDR_VAR_VMXON_PTR, %rax
 	vmxon (%rax)
@@ -290,6 +290,16 @@ kvm_asm64_init_vm:
 	mov %cr4, %rax
 	VMSET(0x00006804, %rax) // Guest CR4
 
+	// Write 1 additional random field.
+	mov $ADDR_VAR_VMWRITE_FLD, %rax
+	mov (%rax), %rdx
+	mov $ADDR_VAR_VMWRITE_VAL, %rax
+	mov (%rax), %rcx
+	xor %rax, %rax
+	vmread %rdx, %rax
+	xor %rcx, %rax
+	vmwrite %rax, %rdx
+
 	vmlaunch
 
 	mov $0x00004400, %rdx
-- 
cgit mrf-deployment