* Clarification regarding Meltdown and 64-bit PV guests
@ 2018-01-13 6:42 Andy Smith
2018-01-13 9:43 ` Hans van Kranenburg
2018-01-14 14:41 ` What about dom0? (was: Re: Clarification regarding Meltdown and 64-bit PV guests) Hans van Kranenburg
0 siblings, 2 replies; 9+ messages in thread
From: Andy Smith @ 2018-01-13 6:42 UTC (permalink / raw)
To: xen-devel
Hi,
In
<https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/>:
"On Intel processors, only 64-bit PV mode guests can attack Xen
using Variant 3. Guests running in 32-bit PV mode, HVM mode, and
PVH mode (both v1 and v2) cannot attack the hypervisor using
Variant 3. However, in 32-bit PV mode, HVM mode, and PVH mode
(both v1 and v2), guest userspaces can attack guest kernels
using Variant 3; so updating guest kernels is advisable.
Interestingly, guest kernels running in 64-bit PV mode are not
vulnerable to attack using Variant 3, because 64-bit PV guests
already run in a KPTI-like mode."
However, in multiple other places, including
<https://xenbits.xen.org/xsa/xsa254/README.comet> and
<https://xenbits.xen.org/xsa/xsa254/README.vixen>:
"Note that both of these shim-based approaches prevent attacks on
the host, but leave the guest vulnerable to Meltdown attacks by
its own unprivileged processes; this is true even if the guest
OS has KPTI or similar Meltdown mitigation."
These seem to contradict each other.
The FAQ seems to suggest that:
- 32-bit PV guest userland processes can use Variant 3 against their
own kernels and that the KPTI patch would protect against that.
- Without Comet/Vixen, 64-bit PV guests can't use Variant 3 on
themselves but can use it on the hypervisor, and KPTI patches in
the guest do not prevent that.
- Running PV guests inside Comet or Vixen prevents them making use
of Variant 3, they still cannot use Variant 3 against their own
kernels, and KPTI patches in the guest are not necessary.
The Comet and Vixen READMEs seem to suggest that:
- Use of Comet/Vixen prevents PV guests from using Variant 3 against
the hypervisor (and thus other guests as well).
- The guest itself remains able to use Variant 3 on its own kernel
and KPTI patches inside the guest cannot prevent this.
Which is correct, or have I misunderstood and they are somehow both
correct?
Cheers,
Andy
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-13 6:42 Clarification regarding Meltdown and 64-bit PV guests Andy Smith @ 2018-01-13 9:43 ` Hans van Kranenburg 2018-01-13 10:08 ` Andy Smith 2018-01-14 14:41 ` What about dom0? (was: Re: Clarification regarding Meltdown and 64-bit PV guests) Hans van Kranenburg 1 sibling, 1 reply; 9+ messages in thread From: Hans van Kranenburg @ 2018-01-13 9:43 UTC (permalink / raw) To: Andy Smith, xen-devel On 01/13/2018 07:42 AM, Andy Smith wrote: > Hi, > > In > <https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/>: > > "On Intel processors, only 64-bit PV mode guests can attack Xen > using Variant 3. [...] 64bit PV domU userspace can attack the hypervisor -> read "host memory" which also contains contents of guest memory (including itself) > Interestingly, guest kernels running in 64-bit PV mode are not > vulnerable to attack using Variant 3, because 64-bit PV guests > already run in a KPTI-like mode." 64-bit PV domU userspace can't attack kernel inside guest Quoting Andrew C (on IRC): "the 64bit PV ABI already has split guest-user / guest-kernel pagetables; (because 64bit x86 took away working segment limits from the 32bit world); it mitigates guest userspace SP3 attacks against the guest kernel" This is also the reason for adding the if-statement which prevents the new kpti code from becoming active when booting your latest kernel in a 64-bit PV domU. > However, in multiple other places, including > <https://xenbits.xen.org/xsa/xsa254/README.comet> and > <https://xenbits.xen.org/xsa/xsa254/README.vixen>: > > "Note that both of these shim-based approaches prevent attacks on > the host, but leave the guest vulnerable to Meltdown attacks by > its own unprivileged processes; this is true even if the guest > OS has KPTI or similar Meltdown mitigation." So, even while it can't attack itself inside the guest, it can make a "detour" over the hypervisor to again read its own memory. > These seem to contradict each other. > > The FAQ seems to suggest that: > > - 32-bit PV guest userland processes can use Variant 3 against their > own kernels and that the KPTI patch would protect against that. > > - Without Comet/Vixen, 64-bit PV guests can't use Variant 3 on > themselves but can use it on the hypervisor, and KPTI patches in > the guest do not prevent that. ^^ > - Running PV guests inside Comet or Vixen prevents them making use > of Variant 3, they still cannot use Variant 3 against their own > kernels, and KPTI patches in the guest are not necessary. Like it was for a long time already, because of the "64bit PV ABI already has split [...]" > The Comet and Vixen READMEs seem to suggest that: > > - Use of Comet/Vixen prevents PV guests from using Variant 3 against > the hypervisor (and thus other guests as well). By injecting a copy of a hypervisor between the outer level hypervisor (that's called L0 right?) (in HVM or PVH mode) and the guest, having it just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, but it can attack the intermediate hypervisor which results in reading it's own memory from the fake intermediate "host memory". > - The guest itself remains able to use Variant 3 on its own kernel > and KPTI patches inside the guest cannot prevent this. This one should be incorrect. > Which is correct, or have I misunderstood and they are somehow both > correct? It's complicated. At least, the above is what I understood. Hans _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-13 9:43 ` Hans van Kranenburg @ 2018-01-13 10:08 ` Andy Smith 2018-01-13 11:12 ` Hans van Kranenburg 0 siblings, 1 reply; 9+ messages in thread From: Andy Smith @ 2018-01-13 10:08 UTC (permalink / raw) To: Hans van Kranenburg; +Cc: xen-devel Hi Hans, On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote: > By injecting a copy of a hypervisor between the outer level hypervisor > (that's called L0 right?) (in HVM or PVH mode) and the guest, having it > just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, > but it can attack the intermediate hypervisor which results in reading > it's own memory from the fake intermediate "host memory". So are you saying that, considering only SP3/Variant 3/Meltdown, it works out like this: == 64-bit PV mode guest == - Can't use SP3/Variant 3/Meltdown directly on its own kernel. - Can use SP3/Variant 3/Meltdown on the hypervisor to read data from hypervisor so effectively everything including other kernels and its own kernel. - Can't be mitigated by KPTI in the guest. == PV-in-Comet and PV-in-Vixen == - Can't use SP3/Variant 3/Meltdown directly on its own kernel - Can't use SP3/Variant 3/Meltdown on the real hypervisor. - Can still use SP3/Variant 3/Meltdown on the shim hypervisor to still gain access to data from itself. - Can't be mitigated by KPTI in the guest. == HVM and PVHv2 == - Can use SP3/Variant 3/Meltdown directly on its own kernel. - Can't use SP3/Variant 3/Meltdown on the hypervisor. - Can be mitigated by KPTI in the guest (becomes not a Xen issue). ? If so, then I can see how the FAQ, README.Comet and README.Vixen can all be correct in this regard, but do note that this is extremely confusing and a lot of people are only reading the comments that say that Xen PV can't make use of SP3/Variant 3/Meltdown. Cheers, Andy _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-13 10:08 ` Andy Smith @ 2018-01-13 11:12 ` Hans van Kranenburg 2018-01-14 14:00 ` Dongli Zhang 2018-01-14 14:05 ` Dongli Zhang 0 siblings, 2 replies; 9+ messages in thread From: Hans van Kranenburg @ 2018-01-13 11:12 UTC (permalink / raw) To: Andy Smith, Lars Kurth; +Cc: xen-devel On 01/13/2018 11:08 AM, Andy Smith wrote: > Hi Hans, > > On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote: >> By injecting a copy of a hypervisor between the outer level hypervisor >> (that's called L0 right?) (in HVM or PVH mode) and the guest, having it >> just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, >> but it can attack the intermediate hypervisor which results in reading >> it's own memory from the fake intermediate "host memory". > > So are you saying that, considering only SP3/Variant 3/Meltdown, it > works out like this: > > == 64-bit PV mode guest == > > - Can't use SP3/Variant 3/Meltdown directly on its own kernel. > > - Can use SP3/Variant 3/Meltdown on the hypervisor to read data from > hypervisor so effectively everything including other kernels and > its own kernel. > > - Can't be mitigated by KPTI in the guest. > > == PV-in-Comet and PV-in-Vixen == > > - Can't use SP3/Variant 3/Meltdown directly on its own kernel > > - Can't use SP3/Variant 3/Meltdown on the real hypervisor. > > - Can still use SP3/Variant 3/Meltdown on the shim hypervisor to > still gain access to data from itself. > > - Can't be mitigated by KPTI in the guest. > > == HVM and PVHv2 == > > - Can use SP3/Variant 3/Meltdown directly on its own kernel. > > - Can't use SP3/Variant 3/Meltdown on the hypervisor. > > - Can be mitigated by KPTI in the guest (becomes not a Xen issue). > > ? Exactly. > If so, then I can see how the FAQ, README.Comet and README.Vixen > can all be correct in this regard, Well, what just happened is that I didn't provide any new information, but presented the same information by just rewording it again, which triggered a few missing connections to complete your mental image. > but do note that this is extremely confusing Yes it is. A. Different types of Xen versions: 1. <= 4.5, which is EOL and EOS, but still used (like AWS popping up having things running based on Xen 3.4) 2. 4.6 and 4.7, which have some security support 3. 4.8 and 4.9, for which rumours are going that it might get PVHv2 from 4.10 backported 4. 4.10, which can be used with PVHv2 (with guest kernel linux 4.14) B. Different archs: 1. x86 / 32-bit 2. x64 / amd64 / 64-bit 3. Add ARM things here... 4. ... C. Different CPU vendors: 1. Intel 2. AMD 3. ... D. Then different virtualization modes: 1. PV 2. HVM 3. PVHv2 E. Different mitigation techniques for Xen (which are each only possible with a subset of choices from other categories): 1. Convert PV -> HVM 2. Convert PV -> PVHv2 3. Insert shim Vixen 4. Insert shim Comet F. Different kernels in the guest (only looking at linux here now): 1. Any kernel released < Jan 3 2018 2. Old version without any kaiser/kpti patch available 3. Old version with kaiser backport patch (3.2, 3.16, 4.9 etc) 4. 4.14 or 4.15 kernel with KPTI patch G. Different mitigation techniques for inside the guest: 1. Do nothing because 64-bit PV guest 2. Get kernel with kaiser or kpti patch H. And of course describing any situation as "vulnerable" has a shortcoming, because we need to distinguish (4 combinations possible): 1. Can the situation be used to attack? 2. Is the situation vulnerable to attack by another guest/whatever? ad H. Oh, and what if someone has a mix of HVM and PV guests? If there are only HVM guests, they're safe from each other, but if you add 1 64-bit PV guest to it, suddenly you have one available to do an attack, and all the HVM are suddenly vulnerable. So it's a bit of an 7 or 8-dimensional space, and every situation of different users is floating somewhere in there as a point. Every combination of all of those can result in a wildly different outcome. Oh wait, I forgot we're only talking about SP3. Let's add SP1 and SP2, now we are 9-dimensional. You know these kind of puzzles? http://www.burre.nl/p/puzzels/logisch/logisch_1.gif It's what we're doing here. :-) Well, instead of a boolean result, our puzzle has multiple results, describing what's relevant for hypervisor, for guest kernel etc... > and a lot of people are only reading the > comments that say that Xen PV can't make use of SP3/Variant > 3/Meltdown. Expressing all these things in text is really hard. Lars made a new attempt with the tables, but you immediately see it takes 4 or 5 tables below each other, and then it's still like "argh!" because we can't flatten 8-dimensional to 2-dimensional that easy. ------------ >8 ------------ So, I have a new idea: Let's make an interactive html/javascript thingie where you can play around with all the combinations above. Based on everything you choose, there's a different explanation as result, and different suggestions about what to do next... Some of the categories are radio buttons, like the CPU type of the physical server. Others are checkboxes with multiple options, e.g. are you running HVM guests, PV guests, or both? I'm not a html/javascript guy, but I think that makes most sense, since a user can also just git clone the thing and open the page in a local browser. If there's some initial code that works, I can help adding all options and results and then we can keep improving it. (E.g. if limitations of shim implementations change or xen 4.8 and 4.9 get PVHv2 backported, it has to change again etc...) Nice to have: If you have everything checked in the right way, show a "code" (like A3-B1-C5-D6... or something more clever) that expresses the exact combination, so you can save it and put it back in later to reset the page to that state. And, you can share that code/sequence to explain your exact situation to someone else. Now we would have something that's easier to work with than hearing a user out with 14 questions on IRC and then trying to explain everything in words. Any change you make on the page refreshes the outcome immediately. So, who has a better idea than this, or knows why this is a bad idea and we shouldn't do this, or who wants to help creating it? Hans _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-13 11:12 ` Hans van Kranenburg @ 2018-01-14 14:00 ` Dongli Zhang 2018-01-14 14:15 ` Hans van Kranenburg 2018-01-14 14:05 ` Dongli Zhang 1 sibling, 1 reply; 9+ messages in thread From: Dongli Zhang @ 2018-01-14 14:00 UTC (permalink / raw) To: Hans van Kranenburg; +Cc: Andy Smith, Lars Kurth, xen-devel Hi Hans, On 01/13/2018 07:12 PM, Hans van Kranenburg wrote: > On 01/13/2018 11:08 AM, Andy Smith wrote: >> Hi Hans, >> >> On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote: >>> By injecting a copy of a hypervisor between the outer level hypervisor >>> (that's called L0 right?) (in HVM or PVH mode) and the guest, having it >>> just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, >>> but it can attack the intermediate hypervisor which results in reading >>> it's own memory from the fake intermediate "host memory". >> >> So are you saying that, considering only SP3/Variant 3/Meltdown, it >> works out like this: >> >> == 64-bit PV mode guest == >> >> - Can't use SP3/Variant 3/Meltdown directly on its own kernel. >> >> - Can use SP3/Variant 3/Meltdown on the hypervisor to read data from >> hypervisor so effectively everything including other kernels and >> its own kernel. >> >> - Can't be mitigated by KPTI in the guest. >> >> == PV-in-Comet and PV-in-Vixen == >> >> - Can't use SP3/Variant 3/Meltdown directly on its own kernel >> >> - Can't use SP3/Variant 3/Meltdown on the real hypervisor. >> >> - Can still use SP3/Variant 3/Meltdown on the shim hypervisor to >> still gain access to data from itself. >> >> - Can't be mitigated by KPTI in the guest. >> >> == HVM and PVHv2 == >> >> - Can use SP3/Variant 3/Meltdown directly on its own kernel. >> >> - Can't use SP3/Variant 3/Meltdown on the hypervisor. >> >> - Can be mitigated by KPTI in the guest (becomes not a Xen issue). >> >> ? > > Exactly. Does this indicate that there is no solution to prevent a malicious user space program (running on 64-bit PV domU) from reading the memory of domU kernel space (via meltdown), no matter whether comet/vixen is enabled or not? Therefore, comet/vixen is only used to prevent the cross-VM meltdown attack. > >> If so, then I can see how the FAQ, README.Comet and README.Vixen >> can all be correct in this regard, > > Well, what just happened is that I didn't provide any new information, > but presented the same information by just rewording it again, which > triggered a few missing connections to complete your mental image. > >> but do note that this is extremely confusing > > Yes it is. > > A. Different types of Xen versions: > 1. <= 4.5, which is EOL and EOS, but still used (like AWS popping up > having things running based on Xen 3.4) > 2. 4.6 and 4.7, which have some security support > 3. 4.8 and 4.9, for which rumours are going that it might get PVHv2 > from 4.10 backported > 4. 4.10, which can be used with PVHv2 (with guest kernel linux 4.14) > > B. Different archs: > 1. x86 / 32-bit > 2. x64 / amd64 / 64-bit > 3. Add ARM things here... > 4. ... > > C. Different CPU vendors: > 1. Intel > 2. AMD > 3. ... > > D. Then different virtualization modes: > 1. PV > 2. HVM > 3. PVHv2 > > E. Different mitigation techniques for Xen (which are each only possible > with a subset of choices from other categories): > 1. Convert PV -> HVM > 2. Convert PV -> PVHv2 > 3. Insert shim Vixen > 4. Insert shim Comet > > F. Different kernels in the guest (only looking at linux here now): > 1. Any kernel released < Jan 3 2018 > 2. Old version without any kaiser/kpti patch available > 3. Old version with kaiser backport patch (3.2, 3.16, 4.9 etc) > 4. 4.14 or 4.15 kernel with KPTI patch > > G. Different mitigation techniques for inside the guest: > 1. Do nothing because 64-bit PV guest > 2. Get kernel with kaiser or kpti patch > > H. And of course describing any situation as "vulnerable" has a > shortcoming, because we need to distinguish (4 combinations possible): > 1. Can the situation be used to attack? > 2. Is the situation vulnerable to attack by another guest/whatever? > > ad H. Oh, and what if someone has a mix of HVM and PV guests? If there > are only HVM guests, they're safe from each other, but if you add 1 > 64-bit PV guest to it, suddenly you have one available to do an attack, > and all the HVM are suddenly vulnerable. > > So it's a bit of an 7 or 8-dimensional space, and every situation of > different users is floating somewhere in there as a point. Every > combination of all of those can result in a wildly different outcome. > > Oh wait, I forgot we're only talking about SP3. Let's add SP1 and SP2, > now we are 9-dimensional. > > You know these kind of puzzles? > http://www.burre.nl/p/puzzels/logisch/logisch_1.gif > > It's what we're doing here. :-) Well, instead of a boolean result, our > puzzle has multiple results, describing what's relevant for hypervisor, > for guest kernel etc... > >> and a lot of people are only reading the >> comments that say that Xen PV can't make use of SP3/Variant >> 3/Meltdown. > > Expressing all these things in text is really hard. > > Lars made a new attempt with the tables, but you immediately see it > takes 4 or 5 tables below each other, and then it's still like "argh!" > because we can't flatten 8-dimensional to 2-dimensional that easy. > > ------------ >8 ------------ > > So, I have a new idea: > > Let's make an interactive html/javascript thingie where you can play > around with all the combinations above. Based on everything you choose, > there's a different explanation as result, and different suggestions > about what to do next... > > Some of the categories are radio buttons, like the CPU type of the > physical server. Others are checkboxes with multiple options, e.g. are > you running HVM guests, PV guests, or both? > > I'm not a html/javascript guy, but I think that makes most sense, since > a user can also just git clone the thing and open the page in a local > browser. If there's some initial code that works, I can help adding all > options and results and then we can keep improving it. (E.g. if > limitations of shim implementations change or xen 4.8 and 4.9 get PVHv2 > backported, it has to change again etc...) > > Nice to have: If you have everything checked in the right way, show a > "code" (like A3-B1-C5-D6... or something more clever) that expresses the > exact combination, so you can save it and put it back in later to reset > the page to that state. And, you can share that code/sequence to explain > your exact situation to someone else. > > Now we would have something that's easier to work with than hearing a > user out with 14 questions on IRC and then trying to explain everything > in words. Any change you make on the page refreshes the outcome immediately. > > So, who has a better idea than this, or knows why this is a bad idea and > we shouldn't do this, or who wants to help creating it? > > Hans > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xenproject.org > https://lists.xenproject.org/mailman/listinfo/xen-devel > Dongli Zhang _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-14 14:00 ` Dongli Zhang @ 2018-01-14 14:15 ` Hans van Kranenburg 2018-01-15 17:48 ` Stefano Stabellini 0 siblings, 1 reply; 9+ messages in thread From: Hans van Kranenburg @ 2018-01-14 14:15 UTC (permalink / raw) To: Dongli Zhang; +Cc: Andy Smith, Lars Kurth, xen-devel On 14/01/2018 15:00, Dongli Zhang wrote: > Hi Hans, > > On 01/13/2018 07:12 PM, Hans van Kranenburg wrote: >> On 01/13/2018 11:08 AM, Andy Smith wrote: >>> Hi Hans, >>> >>> On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote: >>>> By injecting a copy of a hypervisor between the outer level hypervisor >>>> (that's called L0 right?) (in HVM or PVH mode) and the guest, having it >>>> just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, >>>> but it can attack the intermediate hypervisor which results in reading >>>> it's own memory from the fake intermediate "host memory". >>> >>> So are you saying that, considering only SP3/Variant 3/Meltdown, it >>> works out like this: >>> >>> == 64-bit PV mode guest == >>> >>> - Can't use SP3/Variant 3/Meltdown directly on its own kernel. >>> >>> - Can use SP3/Variant 3/Meltdown on the hypervisor to read data from >>> hypervisor so effectively everything including other kernels and >>> its own kernel. >>> >>> - Can't be mitigated by KPTI in the guest. >>> >>> == PV-in-Comet and PV-in-Vixen == >>> >>> - Can't use SP3/Variant 3/Meltdown directly on its own kernel >>> >>> - Can't use SP3/Variant 3/Meltdown on the real hypervisor. >>> >>> - Can still use SP3/Variant 3/Meltdown on the shim hypervisor to >>> still gain access to data from itself. >>> >>> - Can't be mitigated by KPTI in the guest. >>> >>> == HVM and PVHv2 == >>> >>> - Can use SP3/Variant 3/Meltdown directly on its own kernel. >>> >>> - Can't use SP3/Variant 3/Meltdown on the hypervisor. >>> >>> - Can be mitigated by KPTI in the guest (becomes not a Xen issue). >>> >>> ? >> >> Exactly. > > Does this indicate that there is no solution to prevent a malicious user space > program (running on 64-bit PV domU) from reading the memory of domU kernel space > (via meltdown), no matter whether comet/vixen is enabled or not? > > Therefore, comet/vixen is only used to prevent the cross-VM meltdown attack. Yes. For reference, I looked back at my IRC logs. This is the related conversation about it, #xen IRC on freenode, from Jan 6 2018, when I was firing off questions to Andrew. 18:17 < Knorrie> with Xen 4.8+ and the pvshim method for non-pvh guest kernels, is the xen implementation that does the same as KPTI inside the guest for 64bit PV still present? 18:20 < andyhhp> hmm 18:20 < Knorrie> I think that's an interesting questino :) 18:20 < andyhhp> the 64bit PV ABI already has an isolation between guest userspace and guest kernel 18:20 < andyhhp> so in effect, has had KPTI for 12 years already... 18:21 < andyhhp> however 18:21 < andyhhp> Xen's mappings are not currently isolated, so either guest userspace or guest kernel can attack Xen using SP3/Meltdown 18:22 < Knorrie> yes, as I understood the reason of the pvshim feature was to fix exactly that 18:23 < andyhhp> the Linux KPTI feature should turn itself off when it detects it is running as a PV guest under Xen 18:24 < andyhhp> but this was quite late to the party, and it appears that Redhat have published an update to RHEL 6.x which bricks PV guests :( 18:24 < Knorrie> ah right, I remember having seen that if statement one of these days yes 18:24 < Knorrie> so no need to manually turn it off in exactly that scenario 18:26 < andyhhp> the PV-shim doesn't do anything clever 18:26 < andyhhp> all we do is stick a second version of Xen in there 18:26 < andyhhp> so we've got L0 Xen running a PVH guest (so in an HVM container). 18:26 < andyhhp> that PVH guest is actually a Xen running a single legacy PV guest 18:27 < Knorrie> well, the clever things is that you can't see outside of your own memory any more right 18:27 < Knorrie> s/things/thing/ 18:27 < andyhhp> the alteration is/should/will be transparent from the point of view of the legacy PV guest 18:28 < andyhhp> the legacy PV guest can still attempt to pull off SP3/Meltdown attacks, but they stop at the L1 Xen 18:29 < andyhhp> so all it can do is do is read details relating to itself. It can't read anything belonging to other VMs 18:29 < Knorrie> like, outgoing network traffic from other processes on the same guest? 18:29 < Knorrie> (regardless of how practical and realistic those attacks are) ---- >8 ---- 18:30 < andyhhp> it should be noted that PV-SHIM isn't a perfect replacement for some kind of Xen based KPTI solution. A piece of userspace inside the PV guest can still use SP3 to attack othe r processes by bypassing the PV guest kernel and attacking via L1 Xen 18:30 < andyhhp> but that is a darn sight better than having said piece of PV guest userspace being able to read every VM on the entire system ---- >8 ---- 18:31 < Knorrie> yes 18:32 < andyhhp> however, I've come to the executive decision that Xen can't do some kind of KPTI-based solution without a change in the PV ABI 18:32 < andyhhp> because PV guests currently have too much control over their pagetables for Xen to implement KPTI behind them 18:34 < Knorrie> sounds like this is the moment when PV is going to be declared dead 18:34 < Knorrie> well 18:34 < Knorrie> of course there's hardware that cannot do PVH 18:35 < Knorrie> but I mean, for who can do PVH whenever they're updated to recent guest kernels the changes would come even later again, so for them it's the PVH way 18:36 < Knorrie> and PV remains half-broken for a longer time for who cant 18:36 < andyhhp> PV isn't dead by any means, and I'm going to refuse to declare it so 18:37 < andyhhp> there are still legitimate (and indeed, modern) usecases where PV guests will unconditionally always outperform HVM guests 18:38 < andyhhp> but all such usecases have the PV guests at least in the semi-TCB _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-14 14:15 ` Hans van Kranenburg @ 2018-01-15 17:48 ` Stefano Stabellini 0 siblings, 0 replies; 9+ messages in thread From: Stefano Stabellini @ 2018-01-15 17:48 UTC (permalink / raw) To: Hans van Kranenburg; +Cc: Andy Smith, Dongli Zhang, xen-devel, Lars Kurth On Sun, 14 Jan 2018, Hans van Kranenburg wrote: > On 14/01/2018 15:00, Dongli Zhang wrote: > > Hi Hans, > > > > On 01/13/2018 07:12 PM, Hans van Kranenburg wrote: > >> On 01/13/2018 11:08 AM, Andy Smith wrote: > >>> Hi Hans, > >>> > >>> On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote: > >>>> By injecting a copy of a hypervisor between the outer level hypervisor > >>>> (that's called L0 right?) (in HVM or PVH mode) and the guest, having it > >>>> just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, > >>>> but it can attack the intermediate hypervisor which results in reading > >>>> it's own memory from the fake intermediate "host memory". > >>> > >>> So are you saying that, considering only SP3/Variant 3/Meltdown, it > >>> works out like this: > >>> > >>> == 64-bit PV mode guest == > >>> > >>> - Can't use SP3/Variant 3/Meltdown directly on its own kernel. > >>> > >>> - Can use SP3/Variant 3/Meltdown on the hypervisor to read data from > >>> hypervisor so effectively everything including other kernels and > >>> its own kernel. > >>> > >>> - Can't be mitigated by KPTI in the guest. > >>> > >>> == PV-in-Comet and PV-in-Vixen == > >>> > >>> - Can't use SP3/Variant 3/Meltdown directly on its own kernel > >>> > >>> - Can't use SP3/Variant 3/Meltdown on the real hypervisor. > >>> > >>> - Can still use SP3/Variant 3/Meltdown on the shim hypervisor to > >>> still gain access to data from itself. > >>> > >>> - Can't be mitigated by KPTI in the guest. > >>> > >>> == HVM and PVHv2 == > >>> > >>> - Can use SP3/Variant 3/Meltdown directly on its own kernel. > >>> > >>> - Can't use SP3/Variant 3/Meltdown on the hypervisor. > >>> > >>> - Can be mitigated by KPTI in the guest (becomes not a Xen issue). > >>> > >>> ? > >> > >> Exactly. > > > > Does this indicate that there is no solution to prevent a malicious user space > > program (running on 64-bit PV domU) from reading the memory of domU kernel space > > (via meltdown), no matter whether comet/vixen is enabled or not? > > > > Therefore, comet/vixen is only used to prevent the cross-VM meltdown attack. > > Yes. Keep an eye on this series, and future follow-ups: https://marc.info/?l=xen-devel&m=151601415717228 It mitigates Meltdown/SP3 for Xen without introducing an intermediate hypervisor. Thus, it protects Xen while retaining the property that the guest kernel is already protected from the guest userspace because it runs in a KPTI-like mode. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Clarification regarding Meltdown and 64-bit PV guests 2018-01-13 11:12 ` Hans van Kranenburg 2018-01-14 14:00 ` Dongli Zhang @ 2018-01-14 14:05 ` Dongli Zhang 1 sibling, 0 replies; 9+ messages in thread From: Dongli Zhang @ 2018-01-14 14:05 UTC (permalink / raw) To: Hans van Kranenburg, Andy Smith, Lars Kurth; +Cc: xen-devel Hi Hans and Lars, On 01/13/2018 07:12 PM, Hans van Kranenburg wrote: > On 01/13/2018 11:08 AM, Andy Smith wrote: >> Hi Hans, >> >> On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote: >>> By injecting a copy of a hypervisor between the outer level hypervisor >>> (that's called L0 right?) (in HVM or PVH mode) and the guest, having it >>> just run 1 guest, that (64-bit PV) guest cannot attack its own kernel, >>> but it can attack the intermediate hypervisor which results in reading >>> it's own memory from the fake intermediate "host memory". >> >> So are you saying that, considering only SP3/Variant 3/Meltdown, it >> works out like this: >> >> == 64-bit PV mode guest == >> >> - Can't use SP3/Variant 3/Meltdown directly on its own kernel. >> >> - Can use SP3/Variant 3/Meltdown on the hypervisor to read data from >> hypervisor so effectively everything including other kernels and >> its own kernel. >> >> - Can't be mitigated by KPTI in the guest. >> >> == PV-in-Comet and PV-in-Vixen == >> >> - Can't use SP3/Variant 3/Meltdown directly on its own kernel >> >> - Can't use SP3/Variant 3/Meltdown on the real hypervisor. >> >> - Can still use SP3/Variant 3/Meltdown on the shim hypervisor to >> still gain access to data from itself. >> >> - Can't be mitigated by KPTI in the guest. >> >> == HVM and PVHv2 == >> >> - Can use SP3/Variant 3/Meltdown directly on its own kernel. >> >> - Can't use SP3/Variant 3/Meltdown on the hypervisor. >> >> - Can be mitigated by KPTI in the guest (becomes not a Xen issue). >> >> ? > > Exactly. > >> If so, then I can see how the FAQ, README.Comet and README.Vixen >> can all be correct in this regard, > > Well, what just happened is that I didn't provide any new information, > but presented the same information by just rewording it again, which > triggered a few missing connections to complete your mental image. > >> but do note that this is extremely confusing > > Yes it is. > > A. Different types of Xen versions: > 1. <= 4.5, which is EOL and EOS, but still used (like AWS popping up > having things running based on Xen 3.4) > 2. 4.6 and 4.7, which have some security support > 3. 4.8 and 4.9, for which rumours are going that it might get PVHv2 > from 4.10 backported > 4. 4.10, which can be used with PVHv2 (with guest kernel linux 4.14) I suggest we add the source of attacker as well: 1. Arbitrary user space program on domU 2. Kernel space on domU > > B. Different archs: > 1. x86 / 32-bit > 2. x64 / amd64 / 64-bit > 3. Add ARM things here... > 4. ... > > C. Different CPU vendors: > 1. Intel > 2. AMD > 3. ... > > D. Then different virtualization modes: > 1. PV > 2. HVM > 3. PVHv2 > > E. Different mitigation techniques for Xen (which are each only possible > with a subset of choices from other categories): > 1. Convert PV -> HVM > 2. Convert PV -> PVHv2 > 3. Insert shim Vixen > 4. Insert shim Comet > > F. Different kernels in the guest (only looking at linux here now): > 1. Any kernel released < Jan 3 2018 > 2. Old version without any kaiser/kpti patch available > 3. Old version with kaiser backport patch (3.2, 3.16, 4.9 etc) > 4. 4.14 or 4.15 kernel with KPTI patch > > G. Different mitigation techniques for inside the guest: > 1. Do nothing because 64-bit PV guest > 2. Get kernel with kaiser or kpti patch > > H. And of course describing any situation as "vulnerable" has a > shortcoming, because we need to distinguish (4 combinations possible): > 1. Can the situation be used to attack? > 2. Is the situation vulnerable to attack by another guest/whatever? > > ad H. Oh, and what if someone has a mix of HVM and PV guests? If there > are only HVM guests, they're safe from each other, but if you add 1 > 64-bit PV guest to it, suddenly you have one available to do an attack, > and all the HVM are suddenly vulnerable. > > So it's a bit of an 7 or 8-dimensional space, and every situation of > different users is floating somewhere in there as a point. Every > combination of all of those can result in a wildly different outcome. > > Oh wait, I forgot we're only talking about SP3. Let's add SP1 and SP2, > now we are 9-dimensional. > > You know these kind of puzzles? > http://www.burre.nl/p/puzzels/logisch/logisch_1.gif > > It's what we're doing here. :-) Well, instead of a boolean result, our > puzzle has multiple results, describing what's relevant for hypervisor, > for guest kernel etc... > >> and a lot of people are only reading the >> comments that say that Xen PV can't make use of SP3/Variant >> 3/Meltdown. > > Expressing all these things in text is really hard. > > Lars made a new attempt with the tables, but you immediately see it > takes 4 or 5 tables below each other, and then it's still like "argh!" > because we can't flatten 8-dimensional to 2-dimensional that easy. > > ------------ >8 ------------ > > So, I have a new idea: > > Let's make an interactive html/javascript thingie where you can play > around with all the combinations above. Based on everything you choose, > there's a different explanation as result, and different suggestions > about what to do next... > > Some of the categories are radio buttons, like the CPU type of the > physical server. Others are checkboxes with multiple options, e.g. are > you running HVM guests, PV guests, or both? > > I'm not a html/javascript guy, but I think that makes most sense, since > a user can also just git clone the thing and open the page in a local > browser. If there's some initial code that works, I can help adding all > options and results and then we can keep improving it. (E.g. if > limitations of shim implementations change or xen 4.8 and 4.9 get PVHv2 > backported, it has to change again etc...) > > Nice to have: If you have everything checked in the right way, show a > "code" (like A3-B1-C5-D6... or something more clever) that expresses the > exact combination, so you can save it and put it back in later to reset > the page to that state. And, you can share that code/sequence to explain > your exact situation to someone else. > > Now we would have something that's easier to work with than hearing a > user out with 14 questions on IRC and then trying to explain everything > in words. Any change you make on the page refreshes the outcome immediately. > > So, who has a better idea than this, or knows why this is a bad idea and > we shouldn't do this, or who wants to help creating it? > > Hans > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xenproject.org > https://lists.xenproject.org/mailman/listinfo/xen-devel > Dongli Zhang _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
* What about dom0? (was: Re: Clarification regarding Meltdown and 64-bit PV guests) 2018-01-13 6:42 Clarification regarding Meltdown and 64-bit PV guests Andy Smith 2018-01-13 9:43 ` Hans van Kranenburg @ 2018-01-14 14:41 ` Hans van Kranenburg 1 sibling, 0 replies; 9+ messages in thread From: Hans van Kranenburg @ 2018-01-14 14:41 UTC (permalink / raw) To: xen-devel; +Cc: Andy Smith, Lars Kurth On 13/01/2018 07:42, Andy Smith wrote: > [...] Related... Dom0 is a PV guest with more privileges than a domU, right? Currently all documentation and FAQ do not contain a section about this. It's all about the hypervisor and guests. Probable reason for this is that most people on this list implicitly think about dom0 as a thing that has as only purpose to manage starting and stopping domUs, forwarding some network traffic using bridges or openvswitch, and with its own network connection probably on a separate management network... But what about small-deployment-users who use the dom0 for more things, and have a bunch of Xen domUs running inside. Who knows what they do, maybe they even have their graphical desktop environment running in dom0 with web browser and everything? Just throwing some dust in the air... :) Hans _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-01-15 17:49 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-01-13 6:42 Clarification regarding Meltdown and 64-bit PV guests Andy Smith 2018-01-13 9:43 ` Hans van Kranenburg 2018-01-13 10:08 ` Andy Smith 2018-01-13 11:12 ` Hans van Kranenburg 2018-01-14 14:00 ` Dongli Zhang 2018-01-14 14:15 ` Hans van Kranenburg 2018-01-15 17:48 ` Stefano Stabellini 2018-01-14 14:05 ` Dongli Zhang 2018-01-14 14:41 ` What about dom0? (was: Re: Clarification regarding Meltdown and 64-bit PV guests) Hans van Kranenburg
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.
