| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Nov 2020 23:42:46 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
"Tian\, Kevin" <kevin.tian@...el.com>
Cc: "Raj\, Ashok" <ashok.raj@...el.com>,
Jason Gunthorpe <jgg@...dia.com>,
"Williams\, Dan J" <dan.j.williams@...el.com>,
"Jiang\, Dave" <dave.jiang@...el.com>,
Bjorn Helgaas <helgaas@...nel.org>,
"vkoul\@kernel.org" <vkoul@...nel.org>,
"Dey\, Megha" <megha.dey@...el.com>,
"maz\@kernel.org" <maz@...nel.org>,
"bhelgaas\@google.com" <bhelgaas@...gle.com>,
"alex.williamson\@redhat.com" <alex.williamson@...hat.com>,
"Pan\, Jacob jun" <jacob.jun.pan@...el.com>,
"Liu\, Yi L" <yi.l.liu@...el.com>,
"Lu\, Baolu" <baolu.lu@...el.com>,
"Kumar\, Sanjay K" <sanjay.k.kumar@...el.com>,
"Luck\, Tony" <tony.luck@...el.com>,
"kwankhede\@nvidia.com" <kwankhede@...dia.com>,
"eric.auger\@redhat.com" <eric.auger@...hat.com>,
"parav\@mellanox.com" <parav@...lanox.com>,
"rafael\@kernel.org" <rafael@...nel.org>,
"netanelg\@mellanox.com" <netanelg@...lanox.com>,
"shahafs\@mellanox.com" <shahafs@...lanox.com>,
"yan.y.zhao\@linux.intel.com" <yan.y.zhao@...ux.intel.com>,
"pbonzini\@redhat.com" <pbonzini@...hat.com>,
"Ortiz\, Samuel" <samuel.ortiz@...el.com>,
"Hossain\, Mona" <mona.hossain@...el.com>,
"dmaengine\@vger.kernel.org" <dmaengine@...r.kernel.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-pci\@vger.kernel.org" <linux-pci@...r.kernel.org>,
"kvm\@vger.kernel.org" <kvm@...r.kernel.org>
Subject: Re: [PATCH v4 06/17] PCI: add SIOV and IMS capability detection
On Thu, Nov 12 2020 at 14:32, Konrad Rzeszutek Wilk wrote:
>> 4. Using CPUID to detect running as guest. But as Thomas pointed out, this
>> approach is less reliable as not all hypervisors do this way.
>
> Is that truly true? It is the first time I see the argument that extra
> steps are needed and that checking for X86_FEATURE_HYPERVISOR is not enough.
>
> Or is it more "Some hypervisor probably forgot about it, so lets make sure we patch
> over that possible hole?"
Nothing enforces that bit to be set. The bit is a pure software
convention and was proposed by VMWare in 2008 with the following
changelog:
"This patch proposes to use a cpuid interface to detect if we are
running on an hypervisor.
The discovery of a hypervisor is determined by bit 31 of CPUID#1_ECX,
which is defined to be "hypervisor present bit". For a VM, the bit is
1, otherwise it is set to 0. This bit is not officially documented by
either Intel/AMD yet, but they plan to do so some time soon, in the
meanwhile they have promised to keep it reserved for virtualization."
The reserved promise seems to hold. AMDs APM has it documented. The
Intel SDM not so.
Also the kernel side of KVM does not enforce that bit, it's up to the user
space management to set it.
And yes, I've tripped over this with some hypervisors and even qemu KVM
failed to set it in the early days because it was masked with host CPUID
trimming as there the bit is obviously 0.
DMI vendor name is pretty good final check when the bit is 0. The
strings I'm aware of are:
QEMU, Bochs, KVM, Xen, VMware, VMW, VMware Inc., innotek GmbH, Oracle
Corporation, Parallels, BHYVE, Microsoft Corporation
which is not complete but better than nothing ;)
Thanks,
tglx
Powered by blists - more mailing lists