From: Andy Smith <andy@strugglers.net>
To: Hans van Kranenburg <hans@knorrie.org>
Cc: xen-devel@lists.xenproject.org
Subject: Re: Clarification regarding Meltdown and 64-bit PV guests
Date: Sat, 13 Jan 2018 10:08:50 +0000 [thread overview]
Message-ID: <20180113100850.GX29360@bitfolk.com> (raw)
In-Reply-To: <b345d657-aaad-e7be-eee8-c6309acac1e9@knorrie.org>
Hi Hans,
On Sat, Jan 13, 2018 at 10:43:03AM +0100, Hans van Kranenburg wrote:
> By injecting a copy of a hypervisor between the outer level hypervisor
> (that's called L0 right?) (in HVM or PVH mode) and the guest, having it
> just run 1 guest, that (64-bit PV) guest cannot attack its own kernel,
> but it can attack the intermediate hypervisor which results in reading
> it's own memory from the fake intermediate "host memory".
So are you saying that, considering only SP3/Variant 3/Meltdown, it
works out like this:
== 64-bit PV mode guest ==
- Can't use SP3/Variant 3/Meltdown directly on its own kernel.
- Can use SP3/Variant 3/Meltdown on the hypervisor to read data from
hypervisor so effectively everything including other kernels and
its own kernel.
- Can't be mitigated by KPTI in the guest.
== PV-in-Comet and PV-in-Vixen ==
- Can't use SP3/Variant 3/Meltdown directly on its own kernel
- Can't use SP3/Variant 3/Meltdown on the real hypervisor.
- Can still use SP3/Variant 3/Meltdown on the shim hypervisor to
still gain access to data from itself.
- Can't be mitigated by KPTI in the guest.
== HVM and PVHv2 ==
- Can use SP3/Variant 3/Meltdown directly on its own kernel.
- Can't use SP3/Variant 3/Meltdown on the hypervisor.
- Can be mitigated by KPTI in the guest (becomes not a Xen issue).
?
If so, then I can see how the FAQ, README.Comet and README.Vixen
can all be correct in this regard, but do note that this is
extremely confusing and a lot of people are only reading the
comments that say that Xen PV can't make use of SP3/Variant
3/Meltdown.
Cheers,
Andy
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-01-13 10:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-13 6:42 Clarification regarding Meltdown and 64-bit PV guests Andy Smith
2018-01-13 9:43 ` Hans van Kranenburg
2018-01-13 10:08 ` Andy Smith [this message]
2018-01-13 11:12 ` Hans van Kranenburg
2018-01-14 14:00 ` Dongli Zhang
2018-01-14 14:15 ` Hans van Kranenburg
2018-01-15 17:48 ` Stefano Stabellini
2018-01-14 14:05 ` Dongli Zhang
2018-01-14 14:41 ` What about dom0? (was: Re: Clarification regarding Meltdown and 64-bit PV guests) Hans van Kranenburg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180113100850.GX29360@bitfolk.com \
--to=andy@strugglers.net \
--cc=hans@knorrie.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.