WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate

from [Zhang, Xiantao] [Permanent Link][Original]
To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction.
From: "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
Date: Thu, 17 Dec 2009 13:56:33 +0800
Accept-language: en-US
Acceptlanguage: en-US
Cc:
Delivery-date: Wed, 16 Dec 2009 21:58:11 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C74F1001.49A8%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <bbc44de6-fc5d-4b96-8132-179c35d1e112@default> <C74F1001.49A8%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acp+jkyE4e2n8njFRGqCBa6Frw2rqAAEQ/3nAA9MGjA=
Thread-topic: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction. 
Hi, Keir
After adding the logic, it can solve the migration issue between rdtscp-capable 
machine and rdtsc-less machine, but it also introduces a security hole at the 
same time.  Imagine the case below: 
If boot a guest on a rdtsc-less machine and cpuid instruction tells the guest 
OS that processor doesn't support rdtscp instruction, but rdtscp can execute 
successfully on it instead of hitting a expected #UD exception. And guest can 
use this security hole to detect whether it is running in a virutal machine or 
not.  Thanks!
Xiantao


Keir Fraser wrote:
> Would have done if the original HVM TSC_AUX patch was up to it. I've
> rewritten it about 1/4 the size and does more, as c/s 20646.
> 
>  -- Keir
> 
> On 16/12/2009 20:27, "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx>
> wrote: 
> 
>> Is this patch supposed to allow an application
>> in an HVM domain to successfully execute an rdtscp
>> instruction even on a processor that doesn't have
>> hardware support for the instruction?
>> 
>> If so, I tried it and it doesn't seem to work.
>> The app segfaults (same, I think, as it did before
>> the patch).
>> 
>>> -----Original Message-----
>>> From: Xen patchbot-unstable
>>> [mailto:patchbot-unstable@xxxxxxxxxxxxxxxxxxx]
>>> Sent: Wednesday, December 16, 2009 7:00 AM
>>> To: xen-changelog@xxxxxxxxxxxxxxxxxxx
>>> Subject: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP
>>> instruction. 
>>> 
>>> 
>>> # HG changeset patch
>>> # User Keir Fraser <keir.fraser@xxxxxxxxxx>
>>> # Date 1260967518 0
>>> # Node ID cbcb3d564b2fb51574b8a1d06cd6e7780839c331
>>> # Parent  b543acc1aaad743f20e8ee44ab048ca239350685
>>> x86_emulate: Emulate RDTSCP instruction.
>>> 
>>> Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx> ---
>>>  xen/arch/x86/x86_emulate/x86_emulate.c |   13 ++++++++++++-
>>>  1 files changed, 12 insertions(+), 1 deletion(-)
>>> 
>>> diff -r b543acc1aaad -r cbcb3d564b2f
>>> xen/arch/x86/x86_emulate/x86_emulate.c
>>> --- a/xen/arch/x86/x86_emulate/x86_emulate.c Wed Dec 16 12:32:35
>>> 2009 +0000 +++ b/xen/arch/x86/x86_emulate/x86_emulate.c Wed Dec 16
>>> 12:45:18 2009 +0000 @@ -292,6 +292,7 @@ struct operand {
>>>  #define MSR_LSTAR        0xc0000082
>>>  #define MSR_CSTAR        0xc0000083
>>>  #define MSR_FMASK        0xc0000084
>>> +#define MSR_TSC_AUX      0xc0000103
>>> 
>>>  /* Control register flags. */
>>>  #define CR0_PE    (1<<0)
>>> @@ -3503,6 +3504,16 @@ x86_emulate(
>>>              break;
>>>          }
>>> 
>>> +        if ( modrm == 0xf9 ) /* rdtscp */
>>> +        {
>>> +            uint64_t tsc_aux;
>>> +            fail_if(ops->read_msr == NULL);
>>> +            if ( (rc = ops->read_msr(MSR_TSC_AUX, &tsc_aux, ctxt))
>>> != 0 ) +                goto done;
>>> +            _regs.ecx = (uint32_t)tsc_aux;
>>> +            goto rdtsc;
>>> +        }
>>> +
>>>          switch ( modrm_reg & 7 )
>>>          {
>>>          case 0: /* sgdt */
>>> @@ -3712,7 +3723,7 @@ x86_emulate(
>>>          break;
>>>      }
>>> 
>>> -    case 0x31: /* rdtsc */ {
>>> +    case 0x31: rdtsc: /* rdtsc */ {
>>>          unsigned long cr4;
>>>          uint64_t val;
>>>          if ( !mode_ring0() )
>>> 
>>> _______________________________________________
>>> Xen-changelog mailing list
>>> Xen-changelog@xxxxxxxxxxxxxxxxxxx
>>> http://lists.xensource.com/xen-changelog
>>> 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] About XCP?, p z
Next by Date:  Re: [Xen-devel] [PATCH] add pvrdtscp tsc_mode support for hvm, Keir Fraser
Previous by Thread:  [Xen-devel] RE: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction., Dan Magenheimer
Next by Thread:  Re: [Xen-devel] Re: [Xen-changelog] [xen-unstable] x86_emulate: Emulate RDTSCP instruction., Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy