WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself

To: "Li, Xin" <xin.li@xxxxxxxxx>, "Yang, Wei Y" <wei.y.yang@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
From: Keir Fraser <keir.xen@xxxxxxxxx>
Date: Thu, 02 Jun 2011 07:25:27 +0100
Cc:
Delivery-date: Thu, 02 Jun 2011 03:41:52 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:user-agent:date:subject:from:to:message-id :thread-topic:thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=3i0F95PmQ+H1JVsQB67v9pOhxeb30U0IfAqjdVtlCkA=; b=MZwJh7ZD8OFp7C5iw44OfiCdMwE6ZPUuNmDFVf8jhtB7ub7Dfwpf2bSa6ZylttB4FA q4PUlIndCbBWJpWuMhmoZJJZjCmczFDDogcPjWax9hCdX6xSWUg9wPhB1VtCskJtHB19 lV+0fxhNrIzVF+dhLwTu607GagoTb1hcwGNiM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=U2bUWK+CTpJGx9ctH/5UNhicVJh6PrI3GyucFxwxSDbbSNoU8Ky6HtZOyJDMtGDND5 Bb1Cr/K3NJjNkn0XaS4T/V+gHn73vebMzukXv9yeeXCblCtueGZJ3p+7t8wkO3Y+GQe1 2VM2kXbU6bxdH21TlYHIIktXKHNOF/NPtWD0Q=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <FC2FB65B4D919844ADE4BE3C2BB739AD5AB183C0@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcwgVcdx+MEnPLpEQiCW7V8mG/kTcwAB1C2gAATM9UkAATxcMAAJ1pbSAARKp9AAEAaZrA==
Thread-topic: [Xen-devel] [Patch] Enable SMEP CPU feature support for XEN itself
User-agent: Microsoft-Entourage/12.29.0.110113
On 01/06/2011 23:52, "Li, Xin" <xin.li@xxxxxxxxx> wrote:

>>>>> and kills a pv guest triggering SMEP fault.
>>>> 
>>>> Should only occur when the guest kernel triggers the SMEP.
>>> 
>>> According to code base size, it's much easier for malicious applications to
>>> explore
>>> security holes in kernel.  But unluckily SMEP doesn't apply to the ring 3
>>> where
>>> x86_64 pv kernel runs on.  It's wiser to use HVM :)
>> 
>> Yep, but 32-bit guests can still benefit.
> 
> Can we know a guest will be 32bit or 64bit before it boots?
> Code will be like
> xc_pv_cpuid_policy()
> {
>         case 7, 0:
>             if ( 64 bit pv guest )
>                  disallow smep;
> }
> I don't know if we can distinguish that when creating guest.

Of course you can. See the guest_64bit flag already used in
xc_pv_cpuid_policy()!

However, given that the guest cannot influence whether SMEP is
enabled/disabled, perhaps it makes sense to always hide the feature? Also we
should unconditionally be hiding the CPUID feature in any case when Xen does
not support SMEP (because disabled on command line, or in the stable
branches without the feature patch applied) as otherwise guest can detect
the feature and will crash when it tries to enable the feature in CR4. This
is why it's a bad idea that we blacklist CPUID features for PV guests rather
than whitelist them. I will apply such a patch to all trees now.

 -- Keir

> Thanks!
> -Xin



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>