|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] EFER in HVM guests
>>> Keir Fraser <keir@xxxxxxxxxxxxx> 29.11.06 14:09 >>> >On 29/11/06 13:07, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote: > >> Is it intentional that >> - under SVM, 32-bit guests can freely set EFER.LME >> - under VMX, 32-bit guests can't access EFER at all? >> >> Thanks, Jan > >I'm sure any differences are unintentional. There is obviously scope for >making much of the MSR and CPUID code non-vmx/svm specific. > >I assume that this particular difference doesn't really matter? I think it does - allowing a guest to enable EFER.LME when the hypervisor is a 32-bit one is clearly a security problem: While I haven't tried it, I would suspect the moment you load a context with such an EFER the whole system's dead. Not being able to access EFER is also a potential problem, as a guest should be allowed to set EFER.NX (at least) - the CPUID handling code specifically does not suppress this bit if the guest is allowed to use PAE (which we agreed a few days ago should be the default anyway). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |