Hi men, If there is an application who wants to detect what the OS is running on, physical hardware or Xen, can he do it like this: using SGDT to get GDT''s address. If its address is 0xCxxxxxxx, then it''s on physical hardware (the OS is Linux) If the address is 0xFxxxxxxx (0xFE820000), then it''s on Xen. I test it, and it works. Can Xen do something to prevent this? Thanks, Wu _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
It would be impossible to hide virtualisation from a PV guest kernel of course, and very hard to hide it from a PV guest application also. -- Keir On 04/03/2009 06:51, "Wu Bingzheng" <wubingzheng@163.com> wrote:> using SGDT to get GDT''s address. > > If its address is 0xCxxxxxxx, then it''s on physical hardware (the OS is Linux) > If the address is 0xFxxxxxxx (0xFE820000), then it''s on Xen. > > I test it, and it works. > > Can Xen do something to prevent this?_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
> It would be impossible to hide virtualisation from a PV guest kernel of > course, and very hard to hide it from a PV guest application also. > > -- KeirSo do you mean that in HVM guest, the SGDT will get the GDT of guest, but not Xen? It lists 17 instructions in Pentium instruction set, which is virtualization sensitive and unprivileged, including SGDT, at paper named Analysis of the IntelPentium''s Ability to Support aSecure Virtual Machine Monitor <http://www.usenix.org/events/sec00/full_papers/robin/robin_html/index.html>. Using these instructions, we can detect VMM on a PV guest. I want to know if we can use these instructions to detect VMM on a HVM guest. Thanks, Wu _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Hi, In a paper named ''Analysis of the IntelPentium''s Ability to Support aSecure Virtual Machine Monitor'' <http://www.usenix.org/events/sec00/full_papers/robin/robin_html/index.html>, it lists 17 instructions in Pentium instruction set, which are virtualization sensitive and unprivileged. Using these instructions, we can detect VMM on a PV guest. I want to know if we can use these instructions to detect VMM on a HVM guest. (I issued a message a few days ago about VMM detection. But I deleted that mail by mistake, so I give another message here.) Thanks, Wu _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 05/03/2009 03:15, "Wu Bingzheng" <wubingzheng@163.com> wrote:> So do you mean that in HVM guest, the SGDT will get the GDT of guest, but not > Xen? > > It lists 17 instructions in Pentium instruction set, which is virtualization > sensitive > and unprivileged, including SGDT, at paper named > Analysis of the IntelPentium''s Ability to Support aSecure Virtual Machine > Monitor > <http://www.usenix.org/events/sec00/full_papers/robin/robin_html/index.html>. > Using these instructions, we can detect VMM on a PV guest. > > I want to know if we can use these instructions to detect VMM on a HVM guest.No, they behave ''natively'' when running as an HVM guest. The guest cannot easily tell it is running on a VMM. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
>> I want to know if we can use these instructions to detect VMM on a HVM >guest. > >No, they behave ''natively'' when running as an HVM guest. The guest cannot >easily tell it is running on a VMM.How about from performance side? At least some instructions are much slower in a VM than native today. -Xin _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Thu, Mar 5, 2009 at 5:37 PM, Keir Fraser <keir.fraser@eu.citrix.com> wrote:> On 05/03/2009 03:15, "Wu Bingzheng" <wubingzheng@163.com> wrote: > >> So do you mean that in HVM guest, the SGDT will get the GDT of guest, but not >> Xen? >> >> It lists 17 instructions in Pentium instruction set, which is virtualization >> sensitive >> and unprivileged, including SGDT, at paper named >> Analysis of the IntelPentium''s Ability to Support aSecure Virtual Machine >> Monitor >> <http://www.usenix.org/events/sec00/full_papers/robin/robin_html/index.html>. >> Using these instructions, we can detect VMM on a PV guest. >> >> I want to know if we can use these instructions to detect VMM on a HVM guest. > > No, they behave ''natively'' when running as an HVM guest. The guest cannot > easily tell it is running on a VMM. >It is not difficult if you look else where. For ex, HVM uses Bochs BIOS, and that is a clear evidence. There are already a lot of papers proved that it is impossible to hide the fact that your machine is virtual. You can search on Usenix website, for example. Thanks, J _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 06/03/2009 02:04, "Jun Koi" <junkoi2004@gmail.com> wrote:>> No, they behave ''natively'' when running as an HVM guest. The guest cannot >> easily tell it is running on a VMM. >> > > It is not difficult if you look else where. For ex, HVM uses Bochs > BIOS, and that is a clear evidence. > > There are already a lot of papers proved that it is impossible to hide > the fact that your machine is virtual. You can search on Usenix > website, for example.I believe it will always be trivial as a kernel. As an application less so. Certainly the specific ''17 unvirtualisable instructions'' the OP asked about are handled undetectably by HVM. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel