From: Avi Kivity <avi@redhat.com>
To: "Alpár Török" <torokalpar@gmail.com>
Cc: kvm@vger.kernel.org
Subject: Re: Differences on Intel and Amd
Date: Mon, 21 Sep 2009 13:12:44 +0300 [thread overview]
Message-ID: <4AB7519C.10307@redhat.com> (raw)
In-Reply-To: <8d3051340909210305h5ddcfdc4xbb8d87b3f6bd3055@mail.gmail.com>
On 09/21/2009 01:05 PM, Alpár Török wrote:
> Hi all,
>
> Sorry if this issues, or parts of this issue have been covered in
> separate threads.
>
> We have an executable, of unknown origin, that is very likely to be
> malicious. We use KVM ( version 78) for sand-boxing the execution of
> such software.
> Each time the Virtual Machine is started from a snapshot (with loadvm
> ), an executable is copied from a share and launched.
>
> Now the problem. We have both AMD and Intel machines. A snapshot
> taken on Intel doesn't load on AMD and vice versa, so The snapshots
> from which the VMs are
> started are different. This executable, runs on the AMD machines, but
> not on Intel. We concluded that the executable uses an undocumented
> Windows API
> function, and relies on a side-effect (a value placed in a register).
> The value of this register differs from AMD to Intel. That is why it
> shortly and silently terminates if ran on Intel. (by ran on Intel and
> ran on AMD i mean of course a KVM VM on those platforms)
>
On really new kvms this is no longer true, you can now load a snapshot
saved on a processor from another vendor.
> The questions are:
> Can a process within the VM find out the native processor type?
>
Yes. The vendor ID is not virtualized (you can override it with
-cpu,vendor= to force virtualization).
> Or can Windows XP find out the original processor type and behave differently?
>
Yes, and it does. Windows (and Linux) use different system call
instructions depending on vendor.
> Does this behavior make sense to you?
>
Yes and no. It makes sense since the x86 instruction set is not truly
portable across vendors. It doesn't since it should.
> Is it possible that the difference is not due to hardware
> differences, but because of different snapshots, and the events that
> occur before the snapshots, are different?
>
>
It is due to hardware differences.
> We need to have consistent and repeatable results with thease
> sand-boxed tests, that was what triggered the investigation in the
> first place.
>
>
Try newer kvms. We now emulate the differences (with some performance
loss).
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2009-09-21 10:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-21 10:05 Differences on Intel and Amd Alpár Török
2009-09-21 10:12 ` Avi Kivity [this message]
2009-09-22 16:18 ` Alpár Török
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AB7519C.10307@redhat.com \
--to=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=torokalpar@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.