On 17/12/2024 1:21 pm, Teddy Astie wrote: > Hello, > > Le 17/12/2024 à 13:18, Xen.org security team a écrit : >> Xen guests need to use different processor instructions to make explicit >> calls into the Xen hypervisor depending on guest type and/or CPU >> vendor. In order to hide those differences, the hypervisor can fill a >> hypercall page with the needed instruction sequences, allowing the guest >> operating system to call into the hypercall page instead of having to >> choose the correct instructions. >> >> The hypercall page contains whole functions, which are written by the >> hypervisor and executed by the guest. With the lack of an interface >> between the guest OS and the hypervisor specifying how a potential >> modification of those functions should look like, the Xen hypervisor has >> no knowledge how any potential mitigation should look like or which >> hardening features should be put into place. >> > Should we consider adding a interface to know how to the guest is > supposed to make hypercalls (what hypercall instruction/flavor) ? Such > as the guest can have its own hypercall implementations but knows which > one to use.
Better enumeration is coming with the hypercall API/ABI changes, but a guest already has enough information to correctly issue hypercalls to the current ABI. Hence why we didn't make this fix in Linux depend on matching change in Xen. ~Andrew
