Xen has to handle non-virtualizable instructions in the Guest OS kernel code.
But what if my user-space code contains such instructions (e.g., SGDT that stores the GDT info into memory)? Can my code still runs smoothly in a guest VM with Xen para-virtualization? Will it reveal the host's GDT info (and thus become some concern)?
Besides, can anybody show me the code/details how SGDT (and other non-virtualizable instructions) in the guest kernel is handled?
https://xenbits.xen.org/docs/xtf/test-umip.html
Seems that this was indeed a vulnerability until the new CPU feature:
User-Mode Instruction Prevention (UMIP) is a feature present in new Intel Processors.
When active, it causes the SGDT, SIDT, SLDT, STR and SMSW instructions to yield #GP when executed with CPL > 0. This prevents userspace applications from obtaining sensitive operating system information.
=================================================================
Seems that people from the security community take this seriously: On the Cutting Edge: Thwarting Virtual Machine Detection, 2006