[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)



On Nov 7, 2013, at 7:57 AM, Jan Beulich <JBeulich@xxxxxxxx>
 wrote:

>>>> On 07.11.13 at 16:41, <Jeff_Zimmerman@xxxxxxxxxx> wrote:
>> On Nov 7, 2013, at 1:30 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx>  wrote:
>>> I was also wondering about the behaviour of using vmx instructions in a
>>> guest despite vmx not being visible in cpuid...
>>> 
>> We have found in our situation this is exactly the case. To verify we wrote 
>> some
>> test code that makes vmx calls without checking cupid. On bare hardware the 
>> program
>> executes as expected. In a VM on Xen it causes the hypervisor to panic.
> 
> You trying it doesn't yet imply that Windows also does so.
> 
> Also, you say "program" - are you using these from user mode code?

Yes, from windows run as a privileged user. Windows XP sp3 can cause the crash.
It seems windows 7 has better security, we cannot crash the system from a win7 
guest.
> 
>> From a security standpoint this is very very bad. It might be a good idea to 
>> provide either
>> a run-time or build-time option to disable nestedhvm. Just turning off the 
>> vmx 
>> bit is not enough
>> as malicious or badly written code can cause a system crash.
> 
> Yes, we will absolutely need to do that.
> 
> Jan
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.