WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction.
From: "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
Date: Thu, 17 Dec 2009 15:21:10 +0800
Accept-language: en-US
Acceptlanguage: en-US
Cc:
Delivery-date: Wed, 16 Dec 2009 23:21:50 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C74F84F4.49CB%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <EB8593BCECAB3D40A8248BE0B6400A382FAB247F@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <C74F84F4.49CB%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acp+jkyE4e2n8njFRGqCBa6Frw2rqAAEQ/3nAA9MGjAAAiEpmwABFIhw
Thread-topic: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction.
If we don't care such security issues, also okay for me. :)
Xiantao

Keir Fraser wrote:
> On 17/12/2009 05:56, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> wrote:
> 
>> Hi, Keir
>> After adding the logic, it can solve the migration issue between
>> rdtscp-capable machine and rdtsc-less machine, but it also
>> introduces a security hole at the same time.  Imagine the case below:
>> If boot a guest on a rdtsc-less machine and cpuid instruction tells
>> the guest OS that processor doesn't support rdtscp instruction, but
>> rdtscp can execute successfully on it instead of hitting a expected
>> #UD exception. And guest can use this security hole to detect
>> whether it is running in a virutal machine or not.  Thanks!
> 
> There's no doubt a guest could already detect this if it wanted, even
> from user space. If this was seriously part of our threat model, we'd
> need to be much more careful than we are. As it is we explicitly
> announce our presence via CPUID in a way that cannot be turned off!
> 
>  -- Keir
> 
>> Xiantao
>> 
>> 
>> Keir Fraser wrote:
>>> Would have done if the original HVM TSC_AUX patch was up to it. I've
>>> rewritten it about 1/4 the size and does more, as c/s 20646.
>>> 
>>>  -- Keir
>>> 
>>> On 16/12/2009 20:27, "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx>
>>> wrote: 
>>> 
>>>> Is this patch supposed to allow an application
>>>> in an HVM domain to successfully execute an rdtscp
>>>> instruction even on a processor that doesn't have
>>>> hardware support for the instruction?
>>>> 
>>>> If so, I tried it and it doesn't seem to work.
>>>> The app segfaults (same, I think, as it did before
>>>> the patch).
>>>> 
>>>>> -----Original Message-----
>>>>> From: Xen patchbot-unstable
>>>>> [mailto:patchbot-unstable@xxxxxxxxxxxxxxxxxxx]
>>>>> Sent: Wednesday, December 16, 2009 7:00 AM
>>>>> To: xen-changelog@xxxxxxxxxxxxxxxxxxx
>>>>> Subject: [Xen-changelog] [xen-unstable] x86_emulate: Emulate
>>>>> RDTSCP instruction. 
>>>>> 
>>>>> 
>>>>> # HG changeset patch
>>>>> # User Keir Fraser <keir.fraser@xxxxxxxxxx>
>>>>> # Date 1260967518 0
>>>>> # Node ID cbcb3d564b2fb51574b8a1d06cd6e7780839c331
>>>>> # Parent  b543acc1aaad743f20e8ee44ab048ca239350685
>>>>> x86_emulate: Emulate RDTSCP instruction.
>>>>> 
>>>>> Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx> ---
>>>>>  xen/arch/x86/x86_emulate/x86_emulate.c |   13 ++++++++++++-
>>>>>  1 files changed, 12 insertions(+), 1 deletion(-)
>>>>> 
>>>>> diff -r b543acc1aaad -r cbcb3d564b2f
>>>>> xen/arch/x86/x86_emulate/x86_emulate.c
>>>>> --- a/xen/arch/x86/x86_emulate/x86_emulate.c Wed Dec 16 12:32:35
>>>>> 2009 +0000 +++ b/xen/arch/x86/x86_emulate/x86_emulate.c Wed Dec 16
>>>>> 12:45:18 2009 +0000 @@ -292,6 +292,7 @@ struct operand {
>>>>>  #define MSR_LSTAR        0xc0000082
>>>>>  #define MSR_CSTAR        0xc0000083
>>>>>  #define MSR_FMASK        0xc0000084
>>>>> +#define MSR_TSC_AUX      0xc0000103
>>>>> 
>>>>>  /* Control register flags. */
>>>>>  #define CR0_PE    (1<<0)
>>>>> @@ -3503,6 +3504,16 @@ x86_emulate(
>>>>>              break;
>>>>>          }
>>>>> 
>>>>> +        if ( modrm == 0xf9 ) /* rdtscp */
>>>>> +        {
>>>>> +            uint64_t tsc_aux;
>>>>> +            fail_if(ops->read_msr == NULL);
>>>>> +            if ( (rc = ops->read_msr(MSR_TSC_AUX, &tsc_aux,
>>>>> ctxt)) != 0 ) +                goto done;
>>>>> +            _regs.ecx = (uint32_t)tsc_aux;
>>>>> +            goto rdtsc;
>>>>> +        }
>>>>> +
>>>>>          switch ( modrm_reg & 7 )
>>>>>          {
>>>>>          case 0: /* sgdt */
>>>>> @@ -3712,7 +3723,7 @@ x86_emulate(
>>>>>          break;
>>>>>      }
>>>>> 
>>>>> -    case 0x31: /* rdtsc */ {
>>>>> +    case 0x31: rdtsc: /* rdtsc */ {
>>>>>          unsigned long cr4;
>>>>>          uint64_t val;
>>>>>          if ( !mode_ring0() )
>>>>> 
>>>>> _______________________________________________
>>>>> Xen-changelog mailing list
>>>>> Xen-changelog@xxxxxxxxxxxxxxxxxxx
>>>>> http://lists.xensource.com/xen-changelog
>>>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>>> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel