lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 29 Sep 2008 20:46:19 +0200
From:	Gerd Hoffmann <kraxel@...hat.com>
To:	akataria@...are.com
CC:	Ingo Molnar <mingo@...e.hu>, "H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	LKML <linux-kernel@...r.kernel.org>,
	the arch/x86 maintainers <x86@...nel.org>,
	Jeremy Fitzhardinge <jeremy@...p.org>,
	"avi@...hat.com" <avi@...hat.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Zach Amsden <zach@...are.com>,
	Daniel Hecht <dhecht@...are.com>,
	"Jun.Nakajima@...el.Com" <Jun.Nakajima@...el.Com>
Subject: Re: Use CPUID to communicate with the hypervisor.

Alok Kataria wrote:
> Hi Gerd,
> 
>> Shouldn't you check the hypervisor signature here?
> 
> Nope the whole idea of not checking the hypervisor signature is that we
> should keep this interface generic. 

Nice idea.  Problem with that is that approach is that we don't have
full control here.  It probably isn't that a hard to have vmware, xen
and kvm agree here, given vmware proposes this and for xen+kvm one can
send patches.  But even that you can't take for granted, see the
discussion of the "tsc-may-change-on-migration" problem.

The real big problem are other closed-source hypervisors (VirtualPC /
Hyper-V / Parallels / ...).  How can we be sure they don't define that
leaf to something different?

> Also one thing to remember is, that a hypervisor can decide to not
> implement this level and just return "0" the kernel can then just ignore
> that value. That's what we do currently in native_calibrate_tsc.

The fudamental issue outlined above aside:  Even the "ignore 0" part
isn't in the patch right now.

>> Right now both kvm and xen use the first one or two leafes (after info),
>> but in incompatible ways, so for these the signature *must* be checked
>> before using the info found there.
> 
> Hmm that's unfortunate, but we can have exceptions for these one of
> cases and AFAIK these are only checked in the kvm/xen code path and not
> in any generic code as of now, right ? 

Yes.

> btw, i could only find the semantics for 0x40000001 leaf in KVM's header
> file but don't see Xen using that leaf, can you please point me which
> leafs are you referring to here. 

pv drivers in hvm guests use that (and query very xen-specific stuff
which wouldn't make much sense in other hypervisors).  It isn't in the
kernel source tree, look here instead:

http://xenbits.xensource.com/xen-3.3-testing.hg?file/19201eebab16/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c

cheers,
  Gerd


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ