Xen project Mailing List

RE: [Xen-devel] EFER in HVM guests

To: "Petersson, Mats" <Mats.Petersson@xxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Keir Fraser" <keir@xxxxxxxxxxxxx>

From: "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>

Date: Wed, 29 Nov 2006 10:24:13 -0800

Delivery-date: Wed, 29 Nov 2006 11:03:40 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: AccTv6r97XujPIxiQ5aNfYfQKg41qAAEUxeAAAL+E2AAAKjyYA==

Thread-topic: [Xen-devel] EFER in HVM guests

Petersson, Mats wrote: >> -----Original Message----- >> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx >> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of >> Nakajima, Jun Sent: 29 November 2006 16:35 >> To: Jan Beulich; xen-devel@xxxxxxxxxxxxxxxxxxx; Keir Fraser >> Subject: RE: [Xen-devel] EFER in HVM guests >> >> Jan Beulich wrote: >>>>>> Keir Fraser <keir@xxxxxxxxxxxxx> 29.11.06 14:09 >>> >>>> On 29/11/06 13:07, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote: >>>> >>>>> Is it intentional that >>>>> - under SVM, 32-bit guests can freely set EFER.LME >>>>> - under VMX, 32-bit guests can't access EFER at all? >>>>> >>>>> Thanks, Jan >>>> >>>> I'm sure any differences are unintentional. There is obviously >>>> scope for making much of the MSR and CPUID code non-vmx/svm >>>> specific. >>>> >>>> I assume that this particular difference doesn't really matter? >>> >>> I think it does - allowing a guest to enable EFER.LME when the >>> hypervisor is a 32-bit one is clearly a security problem: While I >>> haven't tried it, I would suspect the moment you load a context >>> with such an EFER the whole system's dead. >>> Not being able to access EFER is also a potential problem, as a >>> guest should be allowed to set EFER.NX (at least) - the CPUID >>> handling code specifically does not suppress this bit if the guest >>> is allowed to use PAE (which we agreed a few days ago should >>> be the default anyway). >>> >>> Jan >>> >> >> I agree that we should allow 32-bit guests to set EFER.NX on the PAE >> Xen. We'll fix it. EFER.SCE should not be set on IA-32. > > Why not? If CPUID bits indicate that it's available, it can be used in > 32- or 64-bit mode. > On IA-32 (i.e. I meant Intel), it's not available. The merged HVM code should use CPUID to handle this kind of differences. Jun --- Intel Open Source Technology Center _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.