[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ



And this time with attachment

Attachment: Matrix.pdf
Description: Adobe PDF document


On 11 Jan 2018, at 09:15, Lars Kurth <lars.kurth.xen@xxxxxxxxx> wrote:

I am wondering whether something like the attached table would make understanding the FAQ easier. Page 1 is clearly what is Xen specific and we definitely should cover.
Page 2 in general covers Linux and guests. The first block is relatively straightforward.

The 2nd and 3rd block is based on information from Doug: as there are many gaps, I would be uneasy about publishing these somewhere prominent. 

Also
As this is really guest specific this information can't be provided by
Xen.
which carries a risk that any analysis made by anyone might only apply to the context in which the analysis was done.

But the question keeps coming up, so making this clearer is maybe sensible.

Best Regards
Lars

On 10 Jan 2018, at 06:03, Juergen Gross <jgross@xxxxxxxx> wrote:

On 10/01/18 04:58, Peter wrote:
On 2018-01-09 15:04, Stefano Stabellini wrote:
On Sun, 7 Jan 2018, Marek Marczykowski-Górecki wrote:
On Fri, Jan 05, 2018 at 07:05:56PM +0000, Andrew Cooper wrote:
On 05/01/18 18:16, Rich Persaud wrote:
On Jan 5, 2018, at 06:35, Lars Kurth <lars.kurth.xen@xxxxxxxxx
<mailto:lars.kurth.xen@xxxxxxxxx>> wrote:
Linux’s KPTI series is designed to address SP3 only.  For Xen
guests,
only 64-bit PV guests are affected by SP3. A KPTI-like approach was
explored initially, but required significant ABI changes.  

Is some partial KPTI-like approach feasible? Like unmapping memory owned
by other guests, but keeping Xen areas mapped? This will still allow
leaking Xen memory, but there are very few secrets there (vCPUs state,
anything else?), so overall impact will be much lower.

+1


I believe
https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/
is clear re VMs attacking/accessing the host/dom0/hypervisor and the
mitigations for that.

However the page seems ambiguous about whether 64 bit VMs running as
PVHv2 with host provided kernels are protected or not (from each VM's
own processes).

PVHv2 is using exactly the same runtime environment as HVM seen from the
hypervisor. So a guest running as PVHv2 needs a PTI like approach like
HVM in its kernel.

Can the page be updated to be more explicit and perhaps describe how the
VM kernel or how the PVHv2 virtualization provides that protection.  And
ideally how that could be checked from the VM itself.  e.g. grep pti
/proc/cpuinfo?

As this is really guest specific this information can't be provided by
Xen.

e.g. the page says: "Guest kernels running in 64-bit PV mode are not
directly vulnerable to attack using SP3, because 64-bit PV guests
already run in a KPTI-like mode." but it does not mention PVHv2 for
that.  Is it protected under PVHv2?  Does it depend on the kernel?  Is
so what is the patchset/option/mechanism that protects the VM from its
own processes?

This question should have been answered above already.


Juergen

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.