| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Feb 2013 13:19:37 +0000 From: Stefano Stabellini <stefano.stabellini@...citrix.com> To: "H. Peter Anvin" <hpa@...or.com> CC: Jan Beulich <JBeulich@...e.com>, "K. Y. Srinivasan" <kys@...rosoft.com>, "olaf@...fle.de" <olaf@...fle.de>, "bp@...en8.de" <bp@...en8.de>, "apw@...onical.com" <apw@...onical.com>, "x86@...nel.org" <x86@...nel.org>, "tglx@...utronix.de" <tglx@...utronix.de>, "devel@...uxdriverproject.org" <devel@...uxdriverproject.org>, "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>, "jasowang@...hat.com" <jasowang@...hat.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 2/3] X86: Add a check to catch Xen emulation of Hyper-V On Thu, 31 Jan 2013, H. Peter Anvin wrote: > On 01/30/2013 12:53 AM, Jan Beulich wrote: > > > > I'm not convinced that's the right approach - any hypervisor > > could do similar emulation, and hence you either want to make > > sure you run on Hyper-V (by excluding all others), or you > > tolerate using the emulation (which may require syncing up with > > the other guest implementations so that shared resources don't > > get used by two parties). > > > > I also wonder whether using the Hyper-V emulation (where > > useful, there might not be anything right now, but this may > > change going forward) when no Xen support is configured > > wouldn't be better than not using anything... > > > > I'm confused about "the right approach" here is. As far as I > understand, this only can affect a Xen guest where HyperV guest support > is enabled but not Xen support, and only because Xen emulates HyperV but > does so incorrectly. > > This is a Xen bug, and as such it makes sense to reject Xen > specifically. If another hypervisor emulates HyperV and does so > correctly there seems to be no reason to reject it. I don't think so. AFAIK originally there were features exported as flags and Xen doesn't turn on the flags that correspond to features that are not implemented. The problem here is that Hyper-V is about to introduce a feature without a flag that is not implemented by Xen (see "X86: Deliver Hyper-V interrupts on a separate IDT vector"). K.Y. please confirm if I got this right. If I were the Microsoft engineer implementing this feature, no matter what Xen does or does not, I would also make sure that there is a corresponding flag for it, because in my experience they avoid future headaches. I wonder what happens if you run Linux with Hyper-V support on an old Hyper-V host that doesn't support vector injection. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists