From: Oliver Kurth Date: Fri, 23 Mar 2018 22:05:35 +0000 (-0700) Subject: vmcheck.c VmCheck_IsVirtualWorld(): Always check for a working backdoor. X-Git-Tag: stable-10.3.0~67 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8671bd8d4f68a490a5b20f1876f05797f3057c4b;p=thirdparty%2Fopen-vm-tools.git vmcheck.c VmCheck_IsVirtualWorld(): Always check for a working backdoor. The specific checks for Xen and VirtualPC hypervisors currently happen only if the VMware hypervisor is not detected. The test for a working VMware backdoor is then done to avoid all other hypervisors. In the case where running on a VMware hypervisor and the backdoor channel has been disabled such as with monitor_control.restrict_backdoor = "TRUE" vmtoolsd, vmware-toolbox-cmd and vmware-checkvm will crash when attempting to get the version number of the installed VMware Tools. Added an additional test to detect Linux KVM with the existing tests for the Xen hypervisor and Microsoft Virtual PC. Avoid checking for a working backdoor if a non VMware hypervisor is seen. Microsoft Hv checking to be added later and is tracked in a separate PR. Oracle VirtualBox provides no unique CPUID vendor signature string. --- diff --git a/open-vm-tools/lib/vmCheck/vmcheck.c b/open-vm-tools/lib/vmCheck/vmcheck.c index 5e726f553..df23871fb 100644 --- a/open-vm-tools/lib/vmCheck/vmcheck.c +++ b/open-vm-tools/lib/vmCheck/vmcheck.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2006-2017 VMware, Inc. All rights reserved. + * Copyright (C) 2006-2018 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -63,13 +63,25 @@ #include "backdoor_def.h" #include "debug.h" - -typedef Bool (*SafeCheckFn)(void); - #if !defined(_WIN32) # include "vmsignal.h" # include "setjmp.h" +#endif + +typedef Bool (*SafeCheckFn)(void); + +#if !defined(WINNT_DDK) +static const struct { + const char *vendorSig; + const char *hypervisorName; +} gHvVendor[] = { + {CPUID_KVM_HYPERVISOR_VENDOR_STRING, "Linux KVM"}, + {CPUID_XEN_HYPERVISOR_VENDOR_STRING, "Xen"}, +}; +#endif + +#if !defined(_WIN32) static sigjmp_buf jmpBuf; static Bool jmpIsSet; @@ -262,14 +274,27 @@ VmCheck_IsVirtualWorld(void) #if !defined(WINNT_DDK) char *hypervisorSig; + uint32 i; /* * Check for other environments like Xen and VirtualPC only if we haven't * already detected that we are on a VMware hypervisor. See PR 1035346. */ hypervisorSig = Hostinfo_HypervisorCPUIDSig(); + Debug("%s: HypervisorCPUIDSig = \"%s\".\n", __FUNCTION__, + hypervisorSig == NULL ? "NULL" : hypervisorSig); if (hypervisorSig == NULL || Str_Strcmp(hypervisorSig, CPUID_VMWARE_HYPERVISOR_VENDOR_STRING) != 0) { + if (hypervisorSig != NULL) { + for (i = 0; i < ARRAYSIZE(gHvVendor); i++) { + if (Str_Strcmp(hypervisorSig, gHvVendor[i].vendorSig) == 0) { + Debug("%s: detected %s.\n", __FUNCTION__, + gHvVendor[i].hypervisorName); + free(hypervisorSig); + return FALSE; + } + } + } free(hypervisorSig); @@ -283,15 +308,15 @@ VmCheck_IsVirtualWorld(void) return FALSE; } - if (!VmCheckSafe(Hostinfo_TouchBackDoor)) { - Debug("%s: backdoor not detected.\n", __FUNCTION__); - return FALSE; - } - } else { free(hypervisorSig); } + if (!VmCheckSafe(Hostinfo_TouchBackDoor)) { + Debug("%s: backdoor not detected.\n", __FUNCTION__); + return FALSE; + } + /* It should be safe to use the backdoor without a crash handler now. */ VmCheck_GetVersion(&version, &dummy); #else