|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] vmx & efer
Jan Beulich wrote: > Am I blind in that I cannot find the place where the guest intended > EFER value gets loaded into the CPU register? The VMCS has no field > for this (other than AMD's VMCB), and the guest_msr_state->flags bit > for this register doesn't get set anywhere. I'm implying that the > guest thus always runs with all features enabled that were enabled by > the hypervisor (slight security issue, as EFER.SCE set implies LSTAR > was initialized, which may not be true). The bit LMA and LME are automaticaly are loaded by the hardware. Please look at the spec (Volume 3B). For SCE, we discussed a while ago, but can you please elaborate on the security issues? > > Further I am quite confused about the saving and restoring of CSTAR - > all parts of the SDM state or imply that this register doesn't exist > (as syscall is supposedly invalid in compatibility mode), so it > wouldn't need saving/restoring at all; there's one exception though: > section 25.10.4.3 says "SYSCALL/SYSRET invocations can occur from > either 32-bit compatibility mode application code or from 64-bit > application code." I agree that it's slightly confusing, but the previous sentence says "They are available only in 64-bit mode and only when the SCE bit of the IA32_EFER MSR is set." The reason we save/restore CSTAR is that x86-64 Linux (still) writes to it because it did exist before. But I think we can stop doing that. > > Thanks, Jan > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel Jun --- Intel Open Source Technology Center _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |