From: Jan Kara <jack-AlSwsSmVLrQ@public.gmane.org>
To: Dave Chinner <david-FqsqvQoI3Ljby3iVrkZq2A@public.gmane.org>
Cc: jack-AlSwsSmVLrQ@public.gmane.org,
kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
david-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-nvdimm-y27Ovi1pjclAfugRpC6u6w@public.gmane.org,
jasowang-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
qemu-devel-qX2TKyscuCcdnm+yROfE0A@public.gmane.org,
virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
adilger.kernel-m1MBpc4rdrD3fQ9qLvQP4Q@public.gmane.org,
zwisler-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
eblake-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
darrick.wong-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org,
mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
willy-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org,
hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org,
linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-ext4-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
riel-ebMLmSuQjDVBDgjK7y7TUQ@public.gmane.org,
stefanha-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
imammedo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
lcapitulino-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
kwolf-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
nilal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
tytso-3s7WtUTddSA@public.gmane.org,
xiaoguangrong.eric-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
rjw-LthD3rsA81gm4RdzfppkhA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-xfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
pbonzini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH v3 0/5] kvm "virtio pmem" device
Date: Thu, 10 Jan 2019 11:17:57 +0100 [thread overview]
Message-ID: <20190110101757.GC15790@quack2.suse.cz> (raw)
In-Reply-To: <20190110012617.GA4205@dastard>
On Thu 10-01-19 12:26:17, Dave Chinner wrote:
> On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote:
> > This patch series has implementation for "virtio pmem".
> > "virtio pmem" is fake persistent memory(nvdimm) in guest
> > which allows to bypass the guest page cache. This also
> > implements a VIRTIO based asynchronous flush mechanism.
>
> Hmmmm. Sharing the host page cache direct into the guest VM. Sounds
> like a good idea, but.....
>
> This means the guest VM can now run timing attacks to observe host
> side page cache residency, and depending on the implementation I'm
> guessing that the guest will be able to control host side page
> cache eviction, too (e.g. via discard or hole punch operations).
>
> Which means this functionality looks to me like a new vector for
> information leakage into and out of the guest VM via guest
> controlled host page cache manipulation.
>
> https://arxiv.org/pdf/1901.01161
>
> I might be wrong, but if I'm not we're going to have to be very
> careful about how guest VMs can access and manipulate host side
> resources like the page cache.....
Right. Thinking about this I would be more concerned about the fact that
guest can effectively pin amount of host's page cache upto size of the
device/file passed to guest as PMEM, can't it Pankaj? Or is there some QEMU
magic that avoids this?
Honza
--
Jan Kara <jack-IBi9RG/b67k@public.gmane.org>
SUSE Labs, CR
WARNING: multiple messages have this Message-ID (diff)
From: Jan Kara <jack@suse.cz>
To: Dave Chinner <david@fromorbit.com>
Cc: Pankaj Gupta <pagupta@redhat.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
qemu-devel@nongnu.org, linux-nvdimm@ml01.01.org,
linux-fsdevel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
linux-acpi@vger.kernel.org, linux-ext4@vger.kernel.org,
linux-xfs@vger.kernel.org, jack@suse.cz, stefanha@redhat.com,
dan.j.williams@intel.com, riel@surriel.com, nilal@redhat.com,
kwolf@redhat.com, pbonzini@redhat.com, zwisler@kernel.org,
vishal.l.verma@intel.com, dave.jiang@intel.com, david@redhat.com,
jmoyer@redhat.com, xiaoguangrong.eric@gmail.com,
hch@infradead.org, mst@redhat.com, jasowang@redhat.com,
lcapitulino@redhat.com, imammedo@redhat.com, eblake@redhat.com,
willy@infradead.org, tytso@mit.edu, adilger.kernel@dilger.ca,
darrick.wong@oracle.com, rjw@rjwysocki.net
Subject: Re: [PATCH v3 0/5] kvm "virtio pmem" device
Date: Thu, 10 Jan 2019 11:17:57 +0100 [thread overview]
Message-ID: <20190110101757.GC15790@quack2.suse.cz> (raw)
In-Reply-To: <20190110012617.GA4205@dastard>
On Thu 10-01-19 12:26:17, Dave Chinner wrote:
> On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote:
> > This patch series has implementation for "virtio pmem".
> > "virtio pmem" is fake persistent memory(nvdimm) in guest
> > which allows to bypass the guest page cache. This also
> > implements a VIRTIO based asynchronous flush mechanism.
>
> Hmmmm. Sharing the host page cache direct into the guest VM. Sounds
> like a good idea, but.....
>
> This means the guest VM can now run timing attacks to observe host
> side page cache residency, and depending on the implementation I'm
> guessing that the guest will be able to control host side page
> cache eviction, too (e.g. via discard or hole punch operations).
>
> Which means this functionality looks to me like a new vector for
> information leakage into and out of the guest VM via guest
> controlled host page cache manipulation.
>
> https://arxiv.org/pdf/1901.01161
>
> I might be wrong, but if I'm not we're going to have to be very
> careful about how guest VMs can access and manipulate host side
> resources like the page cache.....
Right. Thinking about this I would be more concerned about the fact that
guest can effectively pin amount of host's page cache upto size of the
device/file passed to guest as PMEM, can't it Pankaj? Or is there some QEMU
magic that avoids this?
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2019-01-10 10:17 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-09 14:47 [PATCH v3 0/5] kvm "virtio pmem" device Pankaj Gupta
2019-01-09 14:47 ` [PATCH v3 1/5] libnvdimm: nd_region flush callback support Pankaj Gupta
2019-01-09 14:47 ` Pankaj Gupta
2019-01-09 14:47 ` [PATCH v3 2/5] virtio-pmem: Add virtio pmem driver Pankaj Gupta
2019-01-09 14:47 ` Pankaj Gupta
2019-01-14 15:54 ` Michael S. Tsirkin
2019-01-14 15:54 ` Michael S. Tsirkin
[not found] ` <20190114105314-mutt-send-email-mst-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2019-01-15 6:33 ` Pankaj Gupta
2019-01-15 6:33 ` Pankaj Gupta
2019-01-15 6:33 ` Pankaj Gupta
2019-01-09 14:47 ` [PATCH v3 3/5] libnvdimm: add nd_region buffered dax_dev flag Pankaj Gupta
2019-01-09 14:47 ` Pankaj Gupta
2019-01-09 14:47 ` [PATCH v3 4/5] ext4: disable map_sync for virtio pmem Pankaj Gupta
2019-01-09 14:47 ` Pankaj Gupta
2019-01-09 14:47 ` [PATCH v3 5/5] xfs: " Pankaj Gupta
2019-01-09 14:47 ` Pankaj Gupta
2019-01-09 16:26 ` Darrick J. Wong
[not found] ` <20190109144736.17452-6-pagupta-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-09 16:26 ` Darrick J. Wong
2019-01-09 16:26 ` Darrick J. Wong
2019-01-09 18:08 ` Pankaj Gupta
2019-01-09 18:08 ` Pankaj Gupta
2019-01-09 18:08 ` Pankaj Gupta
2019-01-10 1:26 ` [PATCH v3 0/5] kvm "virtio pmem" device Dave Chinner
[not found] ` <20190109144736.17452-1-pagupta-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-10 1:26 ` Dave Chinner
2019-01-10 1:26 ` Dave Chinner
2019-01-10 2:40 ` Rik van Riel
2019-01-10 10:17 ` Jan Kara [this message]
2019-01-10 10:17 ` Jan Kara
[not found] ` <20190110101757.GC15790-4I4JzKEfoa/jFM9bn6wA6Q@public.gmane.org>
2019-01-13 1:38 ` Pankaj Gupta
2019-01-13 1:38 ` Pankaj Gupta
[not found] ` <1354249849.63357171.1547343519970.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-13 1:43 ` Dan Williams
2019-01-13 1:43 ` Dan Williams
2019-01-13 2:17 ` [Qemu-devel] " Pankaj Gupta
[not found] ` <CAPcyv4hwcgTUpgNCefCGu4DvgkYBp5b=f+hJ+FC=s5APYKoycg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-01-13 2:17 ` Pankaj Gupta
2019-01-13 2:17 ` Pankaj Gupta
2019-01-13 2:17 ` Pankaj Gupta
[not found] ` <540171952.63371441.1547345866585.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-14 9:55 ` Jan Kara
2019-01-14 9:55 ` Jan Kara
2019-01-14 9:55 ` Jan Kara
2019-01-14 10:16 ` Pankaj Gupta
[not found] ` <20190114095520.GC13316-4I4JzKEfoa/jFM9bn6wA6Q@public.gmane.org>
2019-01-14 10:16 ` Pankaj Gupta
2019-01-14 10:16 ` Pankaj Gupta
2019-01-14 9:55 ` Jan Kara
2019-01-13 1:43 ` Dan Williams
2019-01-13 1:38 ` Pankaj Gupta
2019-01-10 10:17 ` Jan Kara
2019-01-11 7:45 ` Pankaj Gupta
2019-01-11 7:45 ` Pankaj Gupta
2019-01-11 7:45 ` Pankaj Gupta
2019-01-11 7:45 ` Pankaj Gupta
[not found] ` <1326478078.61913951.1547192704870.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-13 23:29 ` Dave Chinner
2019-01-13 23:29 ` Dave Chinner
2019-01-13 23:38 ` Matthew Wilcox
2019-01-13 23:38 ` Matthew Wilcox
2019-01-13 23:38 ` Matthew Wilcox
2019-01-14 2:50 ` Dave Chinner
[not found] ` <20190113233820.GX6310-PfSpb0PWhxZc2C7mugBRk2EX/6BAtgUQ@public.gmane.org>
2019-01-14 2:50 ` Dave Chinner
2019-01-14 2:50 ` Dave Chinner
2019-01-14 7:15 ` Pankaj Gupta
2019-01-14 7:15 ` Pankaj Gupta
2019-01-14 21:25 ` Dave Chinner
[not found] ` <942065073.64011540.1547450140670.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-14 21:25 ` Dave Chinner
2019-01-14 21:25 ` Dave Chinner
2019-01-14 21:35 ` Dan Williams
2019-01-14 21:35 ` Dan Williams
2019-01-14 21:35 ` Dan Williams
2019-01-14 22:21 ` Dave Chinner
[not found] ` <CAPcyv4jtPcLV-s0sKNHwwk0ug7GLBV6699dpm1h3r2xSo879dg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-01-14 22:21 ` Dave Chinner
2019-01-14 22:21 ` Dave Chinner
2019-01-14 22:21 ` Dave Chinner
2019-01-15 2:19 ` Michael S. Tsirkin
2019-01-15 2:19 ` Michael S. Tsirkin
2019-01-15 2:19 ` Michael S. Tsirkin
2019-01-15 2:19 ` Michael S. Tsirkin
2019-01-15 5:37 ` [Qemu-devel] " Pankaj Gupta
[not found] ` <20190114205031-mutt-send-email-mst-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2019-01-15 5:37 ` Pankaj Gupta
2019-01-15 5:37 ` Pankaj Gupta
2019-01-15 5:37 ` Pankaj Gupta
2019-01-15 5:35 ` Pankaj Gupta
2019-01-15 5:35 ` Pankaj Gupta
2019-01-15 5:35 ` Pankaj Gupta
2019-01-15 5:35 ` Pankaj Gupta
2019-01-15 20:42 ` Dave Chinner
[not found] ` <1684638419.64320214.1547530506805.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-01-15 20:42 ` Dave Chinner
2019-01-15 20:42 ` Dave Chinner
2019-01-15 20:42 ` Dave Chinner
2019-01-14 21:35 ` Dan Williams
2019-01-14 7:15 ` Pankaj Gupta
2019-01-13 23:29 ` Dave Chinner
2019-02-04 22:56 ` security implications of caching with virtio pmem (was Re: [PATCH v3 0/5] kvm "virtio pmem" device) Michael S. Tsirkin
2019-02-04 22:56 ` Michael S. Tsirkin
2019-02-05 7:29 ` [Qemu-devel] " Pankaj Gupta
2019-02-05 7:29 ` Pankaj Gupta
2019-02-05 7:29 ` Pankaj Gupta
2019-02-06 14:00 ` David Hildenbrand
2019-02-06 18:01 ` Michael S. Tsirkin
2019-02-06 18:01 ` Michael S. Tsirkin
2019-02-06 14:00 ` David Hildenbrand
2019-02-11 7:29 ` [Qemu-devel] " Pankaj Gupta
2019-02-11 7:29 ` Pankaj Gupta
2019-02-11 22:29 ` Dave Chinner
[not found] ` <888328358.132676.1549870186945.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2019-02-11 22:29 ` Dave Chinner
2019-02-11 22:29 ` Dave Chinner
2019-02-11 22:58 ` David Hildenbrand
2019-02-11 22:58 ` David Hildenbrand
2019-02-11 22:58 ` David Hildenbrand
2019-02-11 22:58 ` David Hildenbrand
2019-02-11 23:07 ` Michael S. Tsirkin
2019-02-11 23:07 ` Michael S. Tsirkin
2019-02-11 23:07 ` Michael S. Tsirkin
2019-02-11 7:29 ` Pankaj Gupta
-- strict thread matches above, loose matches on Subject: below --
2019-01-09 14:47 [PATCH v3 0/5] kvm "virtio pmem" device Pankaj Gupta
2019-01-09 13:50 Pankaj Gupta
2019-01-09 13:50 Pankaj Gupta
2019-01-09 13:50 ` Pankaj Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190110101757.GC15790@quack2.suse.cz \
--to=jack-alswssmvlrq@public.gmane.org \
--cc=adilger.kernel-m1MBpc4rdrD3fQ9qLvQP4Q@public.gmane.org \
--cc=darrick.wong-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=david-FqsqvQoI3Ljby3iVrkZq2A@public.gmane.org \
--cc=david-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eblake-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=imammedo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jasowang-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=kwolf-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=lcapitulino-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-ext4-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nvdimm-y27Ovi1pjclAfugRpC6u6w@public.gmane.org \
--cc=linux-xfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=nilal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=pbonzini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=qemu-devel-qX2TKyscuCcdnm+yROfE0A@public.gmane.org \
--cc=riel-ebMLmSuQjDVBDgjK7y7TUQ@public.gmane.org \
--cc=rjw-LthD3rsA81gm4RdzfppkhA@public.gmane.org \
--cc=stefanha-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=tytso-3s7WtUTddSA@public.gmane.org \
--cc=virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=willy-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=xiaoguangrong.eric-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=zwisler-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.