Re: [Qemu-devel] Re: [PATCH 2/2] introduce -cpu host target

[Filip Navara]

On Wed, Jun 24, 2009 at 7:46 PM, Avi Kivity<address@hidden> wrote:
> On 06/24/2009 08:37 PM, Filip Navara wrote:
>>
>> On Wed, Jun 24, 2009 at 11:54 AM, Avi Kivity<address@hidden>  wrote:
>>
>>>
>>> On 06/23/2009 12:47 AM, Andre Przywara wrote:
>>>
>>>>
>>>> Should we ignore unhandled MSRs like QEMU or Xen do?
>>>>
>>>>
>>>
>>> Ignoring unhandled msrs is dangerous.  If a write has some effect the
>>> guest
>>> depends on, and we're not emulating that effect, the guest will fail.
>>>  Similarly if you don't know what a register mean, who knows what
>>> returning
>>> zero for a read will do.
>>>
>>
>> It is definitely a bad idea to ignore unknown MSRs. Kernel patch
>> protection scheme used by certain operating system depend on them to
>> work properly and it's pretty hard to debug when you don't know what
>> failed (the MSR read in this case).
>>
>> http://www.uninformed.org/?v=3&a=3
>> http://www.uninformed.org/?v=6&a=1
>> http://www.uninformed.org/?v=8&a=5
>> http://en.wikipedia.org/wiki/Kernel_Patch_Protection
>>
>>
>
> Which unknown msrs are used by kernel patch protection?

It's a moving target. At the time I first got Win64 running on QEMU it
was the one for getting number of implemented virtual address bits
(0x80000008 iirc) and some other for getting cache sizes
(0x80000005/0x80000006 iirc). Both of them were documented in AMD
manuals and not implemented by QEMU. Also the higher bits of virtual
addresses must be treated as sign-extended (as per the information in
the 0x80000008 MSR) even though there are actually bits stored in the
address. Me and Alex Ionescu have spent considerable time by reversing
the PatchGuard v1 and that information is described in more detail in
the first link above. I haven't looked at PatchGuard v2/v3 yet.

Best regards,
Filip Navara