From: "Nathan March" <nathan@gt.net>
To: 'Hans van Kranenburg' <hans@knorrie.org>,
'Peter' <xen@randomwebstuff.com>,
'Lars Kurth' <lars.kurth.xen@gmail.com>
Cc: 'Juergen Gross' <jgross@suse.com>,
'xen-devel' <xen-devel@lists.xenproject.org>,
'Doug Goldstein' <cardoe@cardoe.com>
Subject: Re: Xen Project Spectre/Meltdown FAQ
Date: Fri, 12 Jan 2018 09:17:06 -0800 [thread overview]
Message-ID: <05ed01d38bc9$2bcb0890$836119b0$@gt.net> (raw)
In-Reply-To: <b8c362b9-90e7-cef3-cb54-c89540424ab9@knorrie.org>
> > In the matrix I see "Is a user space attack on the guest kernel possible
> > (when running in a Xen VM)?" For PVH (and HVM) = Yes[1] where [1]
> > Impacts Intel CPUs only.
> >
> > Is there any mitigation for this? i.e. How to protect a guest VM from
> > its own userspace processes.
>
> That part is handled by the kernel inside the guest. Xen doesn't see
> that happening.
>
> It's for example the KPTI/KAISER patches that got into the linux kernels
> now.
The most recent update to XSA-254 seems to clearly state that the kernel KPTI patches will not protect the guest from itself with the shim installed:
> PV-in-PVH/HVM shim approach leaves *guest* vulnerable to Meltdown
> attacks from its unprivileged users, even if the guest has KPTI
> patches. That is, guest userspace can use Meltdown to read all memory
> in the same guest.
So the questions remains, how do you protect a guest from a malicious user inside of it?
Is it really the case that the *only* full solution to move to xen 4.10 and guest kernel 4.11?!
Cheers,
Nathan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-01-12 17:17 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-05 11:35 Xen Project Spectre/Meltdown FAQ Lars Kurth
2018-01-05 11:52 ` Juergen Gross
2018-01-05 12:11 ` George Dunlap
2018-01-05 14:40 ` Julien Grall
2018-01-05 14:54 ` Lars Kurth
2018-01-05 15:55 ` Hans van Kranenburg
2018-01-05 17:34 ` Lars Kurth
2018-01-08 10:11 ` Lars Kurth
2018-01-05 18:16 ` Rich Persaud
2018-01-05 19:05 ` Andrew Cooper
2018-01-07 15:00 ` Marek Marczykowski-Górecki
2018-01-07 17:11 ` Andrew Cooper
2018-01-08 9:02 ` Lars Kurth
2018-01-08 10:15 ` Roger Pau Monné
2018-01-08 11:42 ` George Dunlap
2018-01-09 2:04 ` Stefano Stabellini
2018-01-10 3:58 ` Peter
2018-01-10 6:03 ` Juergen Gross
2018-01-11 9:15 ` Lars Kurth
2018-01-11 9:16 ` Lars Kurth
2018-01-11 19:22 ` Peter
2018-01-11 19:30 ` Hans van Kranenburg
2018-01-12 17:17 ` Nathan March [this message]
2018-01-12 17:25 ` Andrew Cooper
2018-01-12 1:57 ` Doug Goldstein
2018-01-11 14:10 ` Hans van Kranenburg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='05ed01d38bc9$2bcb0890$836119b0$@gt.net' \
--to=nathan@gt.net \
--cc=cardoe@cardoe.com \
--cc=hans@knorrie.org \
--cc=jgross@suse.com \
--cc=lars.kurth.xen@gmail.com \
--cc=xen-devel@lists.xenproject.org \
--cc=xen@randomwebstuff.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.