[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)

>>> On 07.11.13 at 16:41, <Jeff_Zimmerman@xxxxxxxxxx> wrote:
> On Nov 7, 2013, at 1:30 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx>  wrote:
>> I was also wondering about the behaviour of using vmx instructions in a
>> guest despite vmx not being visible in cpuid...
> We have found in our situation this is exactly the case. To verify we wrote 
> some
> test code that makes vmx calls without checking cupid. On bare hardware the 
> program
> executes as expected. In a VM on Xen it causes the hypervisor to panic.

You trying it doesn't yet imply that Windows also does so.

Also, you say "program" - are you using these from user mode code?

> From a security standpoint this is very very bad. It might be a good idea to 
> provide either
> a run-time or build-time option to disable nestedhvm. Just turning off the 
> vmx 
> bit is not enough
> as malicious or badly written code can cause a system crash.

Yes, we will absolutely need to do that.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.