[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] EFER in HVM guests
> -----Original Message----- > From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Nakajima, Jun > Sent: 29 November 2006 16:35 > To: Jan Beulich; xen-devel@xxxxxxxxxxxxxxxxxxx; Keir Fraser > Subject: RE: [Xen-devel] EFER in HVM guests > > Jan Beulich wrote: > >>>> Keir Fraser <keir@xxxxxxxxxxxxx> 29.11.06 14:09 >>> > >> On 29/11/06 13:07, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote: > >> > >>> Is it intentional that > >>> - under SVM, 32-bit guests can freely set EFER.LME > >>> - under VMX, 32-bit guests can't access EFER at all? > >>> > >>> Thanks, Jan > >> > >> I'm sure any differences are unintentional. There is > obviously scope > >> for making much of the MSR and CPUID code non-vmx/svm specific. > >> > >> I assume that this particular difference doesn't really matter? > > > > I think it does - allowing a guest to enable EFER.LME when the > > hypervisor is a 32-bit one is clearly a security problem: While I > > haven't tried it, I would suspect the moment you load a context > > with such an EFER the whole system's dead. > > Not being able to access EFER is also a potential problem, as a > > guest should be allowed to set EFER.NX (at least) - the CPUID > > handling code specifically does not suppress this bit if the guest > > is allowed to use PAE (which we agreed a few days ago should > > be the default anyway). > > > > Jan > > > > I agree that we should allow 32-bit guests to set EFER.NX on the PAE > Xen. We'll fix it. EFER.SCE should not be set on IA-32. Why not? If CPUID bits indicate that it's available, it can be used in 32- or 64-bit mode. -- Mats > > Jun > --- > Intel Open Source Technology Center > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |