dylangerdaly/cpuid-spoof-qubes-xen.patch

## cpuid-spoof-qubes-xen.patch
Index: xen-4.8.5/tools/firmware/hvmloader/hvmloader.c
===================================================================
--- xen-4.8.5.orig/tools/firmware/hvmloader/hvmloader.c
+++ xen-4.8.5/tools/firmware/hvmloader/hvmloader.c
@@ -135,9 +135,11 @@ static void init_hypercalls(void)

         if ( !strcmp("XenVMMXenVMM", signature) )
             break;
+        if ( !strcmp("ZenZenZenZen", signature) )
+            break;
     }

-    BUG_ON(strcmp("XenVMMXenVMM", signature) || ((eax - base) < 2));
+    BUG_ON( (strcmp("XenVMMXenVMM", signature) && strcmp("ZenZenZenZen", signature) ) || ((eax - base) < 2));

     /* Fill in hypercall transfer pages. */
     cpuid(base + 2, &eax, &ebx, &ecx, &edx);
Index: xen-4.8.5/tools/libxl/libxl_create.c
===================================================================
--- xen-4.8.5.orig/tools/libxl/libxl_create.c
+++ xen-4.8.5/tools/libxl/libxl_create.c
@@ -338,6 +338,8 @@ int libxl__domain_build_info_setdefault(
         libxl_defbool_setdefault(&b_info->u.hvm.acpi_s4,            true);
         libxl_defbool_setdefault(&b_info->u.hvm.nx,                 true);
         libxl_defbool_setdefault(&b_info->u.hvm.viridian,           false);
+        libxl_defbool_setdefault(&b_info->u.hvm.spoof_viridian,     false);
+        libxl_defbool_setdefault(&b_info->u.hvm.spoof_xen,          false);
         libxl_defbool_setdefault(&b_info->u.hvm.hpet,               true);
         libxl_defbool_setdefault(&b_info->u.hvm.vpt_align,          true);
         libxl_defbool_setdefault(&b_info->u.hvm.altp2m,             false);
@@ -1402,6 +1404,12 @@ static void domcreate_launch_dm(libxl__e
         libxl__device_console_add(gc, domid, &console, state, &device);
         libxl__device_console_dispose(&console);

+
+        LOG(DEBUG, "Checking spoofing for guest (domid %d): xen %d, vir %d", domid,
+                                        libxl_defbool_val(d_config->b_info.u.hvm.spoof_xen),
+                                        libxl_defbool_val(d_config->b_info.u.hvm.spoof_viridian)
+                         );
+
         dcs->sdss.dm.guest_domid = domid;
         if (libxl_defbool_val(d_config->b_info.device_model_stubdomain))
             libxl__spawn_stub_dm(egc, &dcs->sdss);
Index: xen-4.8.5/tools/libxl/libxl_dom.c
===================================================================
--- xen-4.8.5.orig/tools/libxl/libxl_dom.c
+++ xen-4.8.5/tools/libxl/libxl_dom.c
@@ -326,6 +326,10 @@ static void hvm_set_conf_params(xc_inter
         /* XXX */
         xc_hvm_param_set(handle, domid, HVM_PARAM_ALTP2M,
                          libxl_defbool_val(info->u.hvm.altp2m));
+        xc_hvm_param_set(handle, domid, HVM_PARAM_SPOOF_XEN,
+                        libxl_defbool_val(info->u.hvm.spoof_xen));
+        xc_hvm_param_set(handle, domid, HVM_PARAM_SPOOF_VIRIDIAN,
+                        libxl_defbool_val(info->u.hvm.spoof_viridian));
         break;
     default:
         abort();
Index: xen-4.8.5/tools/libxl/libxl_types.idl
===================================================================
--- xen-4.8.5.orig/tools/libxl/libxl_types.idl
+++ xen-4.8.5/tools/libxl/libxl_types.idl
@@ -520,6 +520,8 @@ libxl_domain_build_info = Struct("domain
                                        ("viridian",         libxl_defbool),
                                        ("viridian_enable",  libxl_bitmap),
                                        ("viridian_disable", libxl_bitmap),
+                                       ("spoof_viridian",   libxl_defbool),
+                                       ("spoof_xen",        libxl_defbool),
                                        ("timeoffset",       string),
                                        ("hpet",             libxl_defbool),
                                        ("vpt_align",        libxl_defbool),
Index: xen-4.8.5/tools/libxl/xl_cmdimpl.c
===================================================================
--- xen-4.8.5.orig/tools/libxl/xl_cmdimpl.c
+++ xen-4.8.5/tools/libxl/xl_cmdimpl.c
@@ -1684,6 +1684,10 @@ static void parse_config_data(const char
         xlu_cfg_get_defbool(config, "hpet", &b_info->u.hvm.hpet, 0);
         xlu_cfg_get_defbool(config, "vpt_align", &b_info->u.hvm.vpt_align, 0);

+        /* For spoofing Xen */
+        xlu_cfg_get_defbool(config, "spoof_xen", &b_info->u.hvm.spoof_xen, 0);
+        xlu_cfg_get_defbool(config, "spoof_viridian", &b_info->u.hvm.spoof_viridian, 0);
+
         switch (xlu_cfg_get_list(config, "viridian",
                                  &viridian, &num_viridian, 1))
         {
Index: xen-4.8.5/tools/misc/xen-detect.c
===================================================================
--- xen-4.8.5.orig/tools/misc/xen-detect.c
+++ xen-4.8.5/tools/misc/xen-detect.c
@@ -69,6 +69,8 @@ static int check_for_xen(int pv_context)

         if ( !strcmp("XenVMMXenVMM", signature) && (regs[0] >= (base + 2)) )
             goto found;
+        if ( !strcmp("ZenZenZenZen", signature) && (regs[0] >= (base + 2)) )
+            goto found;
     }

     return 0;
Index: xen-4.8.5/xen/arch/x86/hvm/hvm.c
===================================================================
--- xen-4.8.5.orig/xen/arch/x86/hvm/hvm.c
+++ xen-4.8.5/xen/arch/x86/hvm/hvm.c
@@ -5378,6 +5378,14 @@ static int hvmop_set_param(
     case HVM_PARAM_IOREQ_SERVER_PFN:
         d->arch.hvm_domain.ioreq_gmfn.base = a.value;
         break;
+    case HVM_PARAM_SPOOF_XEN:
+        printk("spoof_xen %" PRId64 " - curr dom %d, dom %d\n", a.value, curr_d->domain_id, d->domain_id);
+        d->arch.hvm_domain.spoof_xen = a.value;
+        break;
+    case HVM_PARAM_SPOOF_VIRIDIAN:
+        printk("spoof_vir %" PRId64 " - curr dom %d, dom %d\n", a.value, curr_d->domain_id, d->domain_id);
+        d->arch.hvm_domain.spoof_viridian = a.value;
+        break;
     case HVM_PARAM_NR_IOREQ_SERVER_PAGES:
     {
         unsigned int i;
Index: xen-4.8.5/xen/arch/x86/hvm/viridian.c
===================================================================
--- xen-4.8.5.orig/xen/arch/x86/hvm/viridian.c
+++ xen-4.8.5/xen/arch/x86/hvm/viridian.c
@@ -84,9 +84,16 @@ int cpuid_viridian_leaves(unsigned int l
     {
     case 0:
         *eax = 0x40000006; /* Maximum leaf */
-        *ebx = 0x7263694d; /* Magic numbers  */
-        *ecx = 0x666F736F;
-        *edx = 0x76482074;
+        if (!d->arch.hvm_domain.spoof_viridian) {  // "Microsoft Hv"
+               *ebx = 0x7263694d; // rciM
+               *ecx = 0x666F736F; // foso
+               *edx = 0x76482074; // vH t
+        } else {
+            printk("wetware cpuid_viridian_leaves spoof_vir\n"); // "Wetware Labs"
+               *ebx = 0x77746557; // wteW
+               *ecx = 0x20657261; //  era
+               *edx = 0x7362614C; // sbaL
+        }
         break;
     case 1:
         *eax = 0x31237648; /* Version number */
Index: xen-4.8.5/xen/arch/x86/traps.c
===================================================================
--- xen-4.8.5.orig/xen/arch/x86/traps.c
+++ xen-4.8.5/xen/arch/x86/traps.c
@@ -917,9 +917,18 @@ int cpuid_hypervisor_leaves( uint32_t id
     {
     case 0:
         *eax = base + limit; /* Largest leaf */
-        *ebx = XEN_CPUID_SIGNATURE_EBX;
-        *ecx = XEN_CPUID_SIGNATURE_ECX;
-        *edx = XEN_CPUID_SIGNATURE_EDX;
+        if (!currd->arch.hvm_domain.spoof_xen) {
+               printk("cpuid_hypervisor_leaves - real id. domid %d\n",currd->domain_id);
+                   *ebx = XEN_CPUID_SIGNATURE_EBX;
+                   *ecx = XEN_CPUID_SIGNATURE_ECX;
+                   *edx = XEN_CPUID_SIGNATURE_EDX;
+        } else
+        {
+               printk("cpuid_hypervisor_leaves - spoofed id. domid %d\n",currd->domain_id);
+                   *ebx = ZEN_CPUID_SIGNATURE_EBX;
+                   *ecx = ZEN_CPUID_SIGNATURE_ECX;
+                   *edx = ZEN_CPUID_SIGNATURE_EDX;
+        }
         break;

     case 1:
Index: xen-4.8.5/xen/include/asm-x86/hvm/domain.h
===================================================================
--- xen-4.8.5.orig/xen/include/asm-x86/hvm/domain.h
+++ xen-4.8.5/xen/include/asm-x86/hvm/domain.h
@@ -134,6 +134,9 @@ struct hvm_domain {

     /* hypervisor intercepted msix table */
     struct list_head       msixtbl_list;
+
+    bool_t                 spoof_xen;
+    bool_t                 spoof_viridian;

     struct viridian_domain viridian;

Index: xen-4.8.5/xen/include/public/arch-x86/cpuid.h
===================================================================
--- xen-4.8.5.orig/xen/include/public/arch-x86/cpuid.h
+++ xen-4.8.5/xen/include/public/arch-x86/cpuid.h
@@ -53,6 +53,10 @@
 #define XEN_CPUID_SIGNATURE_ECX 0x65584d4d /* "MMXe" */
 #define XEN_CPUID_SIGNATURE_EDX 0x4d4d566e /* "nVMM" */

+#define ZEN_CPUID_SIGNATURE_EBX 0x5A6e655A /* "ZenZ" */
+#define ZEN_CPUID_SIGNATURE_ECX 0x655A6e65 /* "enZe" */
+#define ZEN_CPUID_SIGNATURE_EDX 0x6e655A6e /* "nZen" */
+
 /*
  * Leaf 2 (0x40000x01)
  * EAX[31:16]: Xen major version.
Index: xen-4.8.5/xen/include/public/hvm/params.h
===================================================================
--- xen-4.8.5.orig/xen/include/public/hvm/params.h
+++ xen-4.8.5/xen/include/public/hvm/params.h
@@ -253,6 +253,10 @@
  */
 #define HVM_PARAM_X87_FIP_WIDTH 36

-#define HVM_NR_PARAMS 37
+#define HVM_PARAM_SPOOF_XEN    37
+
+#define HVM_PARAM_SPOOF_VIRIDIAN    38
+
+#define HVM_NR_PARAMS 39

 #endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */
	Index: xen-4.8.5/tools/firmware/hvmloader/hvmloader.c
	===================================================================
	--- xen-4.8.5.orig/tools/firmware/hvmloader/hvmloader.c
	+++ xen-4.8.5/tools/firmware/hvmloader/hvmloader.c
	@@ -135,9 +135,11 @@ static void init_hypercalls(void)

	if ( !strcmp("XenVMMXenVMM", signature) )
	break;
	+ if ( !strcmp("ZenZenZenZen", signature) )
	+ break;
	}

	- BUG_ON(strcmp("XenVMMXenVMM", signature) \|\| ((eax - base) < 2));
	+ BUG_ON( (strcmp("XenVMMXenVMM", signature) && strcmp("ZenZenZenZen", signature) ) \|\| ((eax - base) < 2));

	/* Fill in hypercall transfer pages. */
	cpuid(base + 2, &eax, &ebx, &ecx, &edx);
	Index: xen-4.8.5/tools/libxl/libxl_create.c
	===================================================================
	--- xen-4.8.5.orig/tools/libxl/libxl_create.c
	+++ xen-4.8.5/tools/libxl/libxl_create.c
	@@ -338,6 +338,8 @@ int libxl__domain_build_info_setdefault(
	libxl_defbool_setdefault(&b_info->u.hvm.acpi_s4, true);
	libxl_defbool_setdefault(&b_info->u.hvm.nx, true);
	libxl_defbool_setdefault(&b_info->u.hvm.viridian, false);
	+ libxl_defbool_setdefault(&b_info->u.hvm.spoof_viridian, false);
	+ libxl_defbool_setdefault(&b_info->u.hvm.spoof_xen, false);
	libxl_defbool_setdefault(&b_info->u.hvm.hpet, true);
	libxl_defbool_setdefault(&b_info->u.hvm.vpt_align, true);
	libxl_defbool_setdefault(&b_info->u.hvm.altp2m, false);
	@@ -1402,6 +1404,12 @@ static void domcreate_launch_dm(libxl__e
	libxl__device_console_add(gc, domid, &console, state, &device);
	libxl__device_console_dispose(&console);

	+
	+ LOG(DEBUG, "Checking spoofing for guest (domid %d): xen %d, vir %d", domid,
	+ libxl_defbool_val(d_config->b_info.u.hvm.spoof_xen),
	+ libxl_defbool_val(d_config->b_info.u.hvm.spoof_viridian)
	+ );
	+
	dcs->sdss.dm.guest_domid = domid;
	if (libxl_defbool_val(d_config->b_info.device_model_stubdomain))
	libxl__spawn_stub_dm(egc, &dcs->sdss);
	Index: xen-4.8.5/tools/libxl/libxl_dom.c
	===================================================================
	--- xen-4.8.5.orig/tools/libxl/libxl_dom.c
	+++ xen-4.8.5/tools/libxl/libxl_dom.c
	@@ -326,6 +326,10 @@ static void hvm_set_conf_params(xc_inter
	/* XXX */
	xc_hvm_param_set(handle, domid, HVM_PARAM_ALTP2M,
	libxl_defbool_val(info->u.hvm.altp2m));
	+ xc_hvm_param_set(handle, domid, HVM_PARAM_SPOOF_XEN,
	+ libxl_defbool_val(info->u.hvm.spoof_xen));
	+ xc_hvm_param_set(handle, domid, HVM_PARAM_SPOOF_VIRIDIAN,
	+ libxl_defbool_val(info->u.hvm.spoof_viridian));
	break;
	default:
	abort();
	Index: xen-4.8.5/tools/libxl/libxl_types.idl
	===================================================================
	--- xen-4.8.5.orig/tools/libxl/libxl_types.idl
	+++ xen-4.8.5/tools/libxl/libxl_types.idl
	@@ -520,6 +520,8 @@ libxl_domain_build_info = Struct("domain
	("viridian", libxl_defbool),
	("viridian_enable", libxl_bitmap),
	("viridian_disable", libxl_bitmap),
	+ ("spoof_viridian", libxl_defbool),
	+ ("spoof_xen", libxl_defbool),
	("timeoffset", string),
	("hpet", libxl_defbool),
	("vpt_align", libxl_defbool),
	Index: xen-4.8.5/tools/libxl/xl_cmdimpl.c
	===================================================================
	--- xen-4.8.5.orig/tools/libxl/xl_cmdimpl.c
	+++ xen-4.8.5/tools/libxl/xl_cmdimpl.c
	@@ -1684,6 +1684,10 @@ static void parse_config_data(const char
	xlu_cfg_get_defbool(config, "hpet", &b_info->u.hvm.hpet, 0);
	xlu_cfg_get_defbool(config, "vpt_align", &b_info->u.hvm.vpt_align, 0);

	+ /* For spoofing Xen */
	+ xlu_cfg_get_defbool(config, "spoof_xen", &b_info->u.hvm.spoof_xen, 0);
	+ xlu_cfg_get_defbool(config, "spoof_viridian", &b_info->u.hvm.spoof_viridian, 0);
	+
	switch (xlu_cfg_get_list(config, "viridian",
	&viridian, &num_viridian, 1))
	{
	Index: xen-4.8.5/tools/misc/xen-detect.c
	===================================================================
	--- xen-4.8.5.orig/tools/misc/xen-detect.c
	+++ xen-4.8.5/tools/misc/xen-detect.c
	@@ -69,6 +69,8 @@ static int check_for_xen(int pv_context)

	if ( !strcmp("XenVMMXenVMM", signature) && (regs[0] >= (base + 2)) )
	goto found;
	+ if ( !strcmp("ZenZenZenZen", signature) && (regs[0] >= (base + 2)) )
	+ goto found;
	}

	return 0;
	Index: xen-4.8.5/xen/arch/x86/hvm/hvm.c
	===================================================================
	--- xen-4.8.5.orig/xen/arch/x86/hvm/hvm.c
	+++ xen-4.8.5/xen/arch/x86/hvm/hvm.c
	@@ -5378,6 +5378,14 @@ static int hvmop_set_param(
	case HVM_PARAM_IOREQ_SERVER_PFN:
	d->arch.hvm_domain.ioreq_gmfn.base = a.value;
	break;
	+ case HVM_PARAM_SPOOF_XEN:
	+ printk("spoof_xen %" PRId64 " - curr dom %d, dom %d\n", a.value, curr_d->domain_id, d->domain_id);
	+ d->arch.hvm_domain.spoof_xen = a.value;
	+ break;
	+ case HVM_PARAM_SPOOF_VIRIDIAN:
	+ printk("spoof_vir %" PRId64 " - curr dom %d, dom %d\n", a.value, curr_d->domain_id, d->domain_id);
	+ d->arch.hvm_domain.spoof_viridian = a.value;
	+ break;
	case HVM_PARAM_NR_IOREQ_SERVER_PAGES:
	{
	unsigned int i;
	Index: xen-4.8.5/xen/arch/x86/hvm/viridian.c
	===================================================================
	--- xen-4.8.5.orig/xen/arch/x86/hvm/viridian.c
	+++ xen-4.8.5/xen/arch/x86/hvm/viridian.c
	@@ -84,9 +84,16 @@ int cpuid_viridian_leaves(unsigned int l
	{
	case 0:
	eax = 0x40000006; / Maximum leaf */
	- ebx = 0x7263694d; / Magic numbers */
	- *ecx = 0x666F736F;
	- *edx = 0x76482074;
	+ if (!d->arch.hvm_domain.spoof_viridian) { // "Microsoft Hv"
	+ *ebx = 0x7263694d; // rciM
	+ *ecx = 0x666F736F; // foso
	+ *edx = 0x76482074; // vH t
	+ } else {
	+ printk("wetware cpuid_viridian_leaves spoof_vir\n"); // "Wetware Labs"
	+ *ebx = 0x77746557; // wteW
	+ *ecx = 0x20657261; // era
	+ *edx = 0x7362614C; // sbaL
	+ }
	break;
	case 1:
	eax = 0x31237648; / Version number */
	Index: xen-4.8.5/xen/arch/x86/traps.c
	===================================================================
	--- xen-4.8.5.orig/xen/arch/x86/traps.c
	+++ xen-4.8.5/xen/arch/x86/traps.c
	@@ -917,9 +917,18 @@ int cpuid_hypervisor_leaves( uint32_t id
	{
	case 0:
	eax = base + limit; / Largest leaf */
	- *ebx = XEN_CPUID_SIGNATURE_EBX;
	- *ecx = XEN_CPUID_SIGNATURE_ECX;
	- *edx = XEN_CPUID_SIGNATURE_EDX;
	+ if (!currd->arch.hvm_domain.spoof_xen) {
	+ printk("cpuid_hypervisor_leaves - real id. domid %d\n",currd->domain_id);
	+ *ebx = XEN_CPUID_SIGNATURE_EBX;
	+ *ecx = XEN_CPUID_SIGNATURE_ECX;
	+ *edx = XEN_CPUID_SIGNATURE_EDX;
	+ } else
	+ {
	+ printk("cpuid_hypervisor_leaves - spoofed id. domid %d\n",currd->domain_id);
	+ *ebx = ZEN_CPUID_SIGNATURE_EBX;
	+ *ecx = ZEN_CPUID_SIGNATURE_ECX;
	+ *edx = ZEN_CPUID_SIGNATURE_EDX;
	+ }
	break;

	case 1:
	Index: xen-4.8.5/xen/include/asm-x86/hvm/domain.h
	===================================================================
	--- xen-4.8.5.orig/xen/include/asm-x86/hvm/domain.h
	+++ xen-4.8.5/xen/include/asm-x86/hvm/domain.h
	@@ -134,6 +134,9 @@ struct hvm_domain {

	/* hypervisor intercepted msix table */
	struct list_head msixtbl_list;
	+
	+ bool_t spoof_xen;
	+ bool_t spoof_viridian;

	struct viridian_domain viridian;

	Index: xen-4.8.5/xen/include/public/arch-x86/cpuid.h
	===================================================================
	--- xen-4.8.5.orig/xen/include/public/arch-x86/cpuid.h
	+++ xen-4.8.5/xen/include/public/arch-x86/cpuid.h
	@@ -53,6 +53,10 @@
	#define XEN_CPUID_SIGNATURE_ECX 0x65584d4d /* "MMXe" */
	#define XEN_CPUID_SIGNATURE_EDX 0x4d4d566e /* "nVMM" */

	+#define ZEN_CPUID_SIGNATURE_EBX 0x5A6e655A /* "ZenZ" */
	+#define ZEN_CPUID_SIGNATURE_ECX 0x655A6e65 /* "enZe" */
	+#define ZEN_CPUID_SIGNATURE_EDX 0x6e655A6e /* "nZen" */
	+
	/*
	* Leaf 2 (0x40000x01)
	* EAX[31:16]: Xen major version.
	Index: xen-4.8.5/xen/include/public/hvm/params.h
	===================================================================
	--- xen-4.8.5.orig/xen/include/public/hvm/params.h
	+++ xen-4.8.5/xen/include/public/hvm/params.h
	@@ -253,6 +253,10 @@
	*/
	#define HVM_PARAM_X87_FIP_WIDTH 36

	-#define HVM_NR_PARAMS 37
	+#define HVM_PARAM_SPOOF_XEN 37
	+
	+#define HVM_PARAM_SPOOF_VIRIDIAN 38
	+
	+#define HVM_NR_PARAMS 39

	#endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */