| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Oct 2008 17:35:39 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: "Nakajima, Jun" <jun.nakajima@...el.com> CC: "akataria@...are.com" <akataria@...are.com>, Jeremy Fitzhardinge <jeremy@...p.org>, "avi@...hat.com" <avi@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, Gerd Hoffmann <kraxel@...hat.com>, Ingo Molnar <mingo@...e.hu>, the arch/x86 maintainers <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>, Daniel Hecht <dhecht@...are.com>, Zach Amsden <zach@...are.com>, "virtualization@...ts.linux-foundation.org" <virtualization@...ts.linux-foundation.org>, "kvm@...r.kernel.org" <kvm@...r.kernel.org> Subject: Re: [RFC] CPUID usage for interaction between Hypervisors and Linux. Nakajima, Jun wrote: > > What I mean is that a hypervisor (with a single vender id) can support multiple interfaces, exposing a single interface to each guest that would expect a specific interface at runtime. > Yes, and for the reasons outlined in a previous post in this thread, this is an incredibly bad idea. We already hate the guts of the ACPI people for this reason. > > What's the significance of supporting multiple interfaces to the same guest simultaneously, i.e. _runtime_? We don't want the guests to run on such a literarily Frankenstein machine. And practically, such testing/debugging would be good only for Halloween :-). > By that notion, EVERY CPU currently shipped is a "Frankenstein" CPU, since at very least they export Intel-derived and AMD-derived interfaces. This is in other words, a ridiculous claim. > The interface space can be distinct, but the contents are defined and implemented independently, thus you might find overlaps, inconsistency, etc. among the interfaces. And why is runtime "multiple interfaces" required for a standards-based interface? That is the whole point -- without a central coordinating authority, you're going to have to accommodate many definition sources. Otherwise, you're just back to where we started -- each hypervisor exports an interface and that's just that. If there are multiple interface specifications, they should be exported simulateously in non-conflicting numberspaces, and the *GUEST* gets to choose what to believe. We already do this for *all kinds* of information, including CPUID. It's the right thing to do. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists