lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20120615.120346.21747125.d.hatayama@jp.fujitsu.com>
Date:	Fri, 15 Jun 2012 12:03:46 +0900 (JST)
From:	HATAYAMA Daisuke <d.hatayama@...fujitsu.com>
To:	avi@...hat.com
Cc:	zhangyanfei@...fujitsu.com, mtosatti@...hat.com,
	ebiederm@...ssion.com, luto@....edu, joerg.roedel@....com,
	dzickus@...hat.com, paul.gortmaker@...driver.com,
	ludwig.nussel@...e.de, linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org, kexec@...ts.infradead.org,
	gregkh@...uxfoundation.org
Subject: Re: [PATCH v2 3/5] KVM-INTEL: Add new module vmcsinfo-intel to
 fill VMCSINFO

From: Avi Kivity <avi@...hat.com>
Subject: Re: [PATCH v2 3/5] KVM-INTEL: Add new module vmcsinfo-intel to fill VMCSINFO
Date: Thu, 14 Jun 2012 16:37:58 +0300

> On 05/16/2012 10:55 AM, zhangyanfei wrote:
<cut>
>> +
>> +/*
>> + * The format of VMCSINFO is given below:
>> + *   +-------------+--------------------------+
>> + *   | Byte offset | Contents                 |
>> + *   +-------------+--------------------------+
>> + *   | 0           | VMCS revision identifier |
>> + *   +-------------+--------------------------+
>> + *   | 4           | <field><encoded offset>  |
>> + *   +-------------+--------------------------+
>> + *   | 16          | <field><encoded offset>  |
>> + *   +-------------+--------------------------+
>> + *   ......
>> + *
>> + * The first 32 bits of VMCSINFO contains the VMCS revision
>> + * identifier.
>> + * The remainder of VMCSINFO is used for <field><encoded offset>
>> + * sets. Each set takes 12 bytes: field occupys 4 bytes
>> + * and its corresponding encoded offset occupys 8 bytes.
>> + *
>> + * Encoded offsets are raw values read by vmcs_read{16, 64, 32, l},
>> + * and they are all unsigned extended to 8 bytes for each
>> + * <field><encoded offset> set has the same size.
>> + * We do not decode offsets here. The decoding work is delayed
>> + * in userspace tools.
> 
> It's better to do the decoding here, or no one will know how to do it.
> Also have an nfields field.

We did so because actual internal format is unkown; it could possibly
be encrypted, although unlikely. We thought processing such unkown
data should have been done in userland debugging tools. But decoding
them here is no problem; the decode is of simple shift operations and
has no risk affecting system status, there's only possibility to
display broken values, which is same as the case displaying the
encrypted values for users.

FYI, the assumptions behind the reverse enginerring method are:

- For each field, the corresponding offset is unique; IOW, arbitrary
  two offsets for the corresponding two fields are different each
  other.
- Field size remains 8 bytes, 16 bytes, 32 bytes even on vmcs region.
- Each field is 8 byte alighed on vmcs region.
- Some fields may be big endition on vmcs region.
  - We found this fact under development. We give up if the data is
    modified more drastically.
- offset < vmcs region size

Thanks.
HATAYAMA, Daisuke

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ