The classic VMotion problem of recent times is the customer who buys tin from a vendor, only to find out that the processor number e.g. 53xx and 54xx, is actually quite significant. The principle difference which will prevent VMotion is the addition of SSE4.1 to the 54xx range of Intel processors (if you previously only had 53xx Intel processors).Good stuff, find out more at the source blog.
An application using the SSE4.1 feature (or is aware of this feature) when VMotioned to a non-SSE4.1 host would likely blue screen trying to make use of this feature on the older host.
People then recalled the CPU mask feature in VMware - we’ll just mask it out they thought. Unfortunately VMware declared this was an unsupported mask with KB1993 and KB1991.
Note that for production environments, VMware neither supports nor recommends modifying VMotion masks for SSE3, SSE3, or SSE4.1 because of the risk of failure of the application or guest operating system after migration.
The reason soon became clear:
* SSE features can be used by user-level code (applications).
* Mask does not work for user-level code (i.e. applications).
* In user-level code, CPUID is executed directly on hardware and is not intercepted by VMware.
* Thus, VM cannot reliably hide SSE from an application
vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus
Comments
Post a Comment