|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction.
Hi, Keir After adding the logic, it can solve the migration issue between rdtscp-capable machine and rdtsc-less machine, but it also introduces a security hole at the same time. Imagine the case below: If boot a guest on a rdtsc-less machine and cpuid instruction tells the guest OS that processor doesn't support rdtscp instruction, but rdtscp can execute successfully on it instead of hitting a expected #UD exception. And guest can use this security hole to detect whether it is running in a virutal machine or not. Thanks! Xiantao Keir Fraser wrote: > Would have done if the original HVM TSC_AUX patch was up to it. I've > rewritten it about 1/4 the size and does more, as c/s 20646. > > -- Keir > > On 16/12/2009 20:27, "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx> > wrote: > >> Is this patch supposed to allow an application >> in an HVM domain to successfully execute an rdtscp >> instruction even on a processor that doesn't have >> hardware support for the instruction? >> >> If so, I tried it and it doesn't seem to work. >> The app segfaults (same, I think, as it did before >> the patch). >> >>> -----Original Message----- >>> From: Xen patchbot-unstable >>> [mailto:patchbot-unstable@xxxxxxxxxxxxxxxxxxx] >>> Sent: Wednesday, December 16, 2009 7:00 AM >>> To: xen-changelog@xxxxxxxxxxxxxxxxxxx >>> Subject: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP >>> instruction. >>> >>> >>> # HG changeset patch >>> # User Keir Fraser <keir.fraser@xxxxxxxxxx> >>> # Date 1260967518 0 >>> # Node ID cbcb3d564b2fb51574b8a1d06cd6e7780839c331 >>> # Parent b543acc1aaad743f20e8ee44ab048ca239350685 >>> x86_emulate: Emulate RDTSCP instruction. >>> >>> Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx> --- >>> xen/arch/x86/x86_emulate/x86_emulate.c | 13 ++++++++++++- >>> 1 files changed, 12 insertions(+), 1 deletion(-) >>> >>> diff -r b543acc1aaad -r cbcb3d564b2f >>> xen/arch/x86/x86_emulate/x86_emulate.c >>> --- a/xen/arch/x86/x86_emulate/x86_emulate.c Wed Dec 16 12:32:35 >>> 2009 +0000 +++ b/xen/arch/x86/x86_emulate/x86_emulate.c Wed Dec 16 >>> 12:45:18 2009 +0000 @@ -292,6 +292,7 @@ struct operand { >>> #define MSR_LSTAR 0xc0000082 >>> #define MSR_CSTAR 0xc0000083 >>> #define MSR_FMASK 0xc0000084 >>> +#define MSR_TSC_AUX 0xc0000103 >>> >>> /* Control register flags. */ >>> #define CR0_PE (1<<0) >>> @@ -3503,6 +3504,16 @@ x86_emulate( >>> break; >>> } >>> >>> + if ( modrm == 0xf9 ) /* rdtscp */ >>> + { >>> + uint64_t tsc_aux; >>> + fail_if(ops->read_msr == NULL); >>> + if ( (rc = ops->read_msr(MSR_TSC_AUX, &tsc_aux, ctxt)) >>> != 0 ) + goto done; >>> + _regs.ecx = (uint32_t)tsc_aux; >>> + goto rdtsc; >>> + } >>> + >>> switch ( modrm_reg & 7 ) >>> { >>> case 0: /* sgdt */ >>> @@ -3712,7 +3723,7 @@ x86_emulate( >>> break; >>> } >>> >>> - case 0x31: /* rdtsc */ { >>> + case 0x31: rdtsc: /* rdtsc */ { >>> unsigned long cr4; >>> uint64_t val; >>> if ( !mode_ring0() ) >>> >>> _______________________________________________ >>> Xen-changelog mailing list >>> Xen-changelog@xxxxxxxxxxxxxxxxxxx >>> http://lists.xensource.com/xen-changelog >>> > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |