From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: EuroSec'11 Presentation Date: Mon, 11 Apr 2011 18:48:41 +0300 Message-ID: <4DA322D9.40304@redhat.com> References: <20110411.001930.73371943.k.suzaki@aist.go.jp> <4DA31DDF.7060605@codemonkey.ws> <20110412.004641.91284108.k.suzaki@aist.go.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: anthony@codemonkey.ws, stefanha@gmail.com, kvm@vger.kernel.org To: Kuniyasu Suzaki Return-path: Received: from mx1.redhat.com ([209.132.183.28]:14909 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751673Ab1DKPst (ORCPT ); Mon, 11 Apr 2011 11:48:49 -0400 In-Reply-To: <20110412.004641.91284108.k.suzaki@aist.go.jp> Sender: kvm-owner@vger.kernel.org List-ID: On 04/11/2011 06:46 PM, Kuniyasu Suzaki wrote: > > > > But it's a well known issue with colocation and the attack can be > > executed just by looking at raw memory access time (to guess whether > > another process brought something into the cache). > > Thank you for comments. > The memory disclosure attack can be prevented by several ways mention in my "Countermeasure" side (Page 22). > > If we limit KSM on READ-ONLY pages, we detect and prevent the attack. > I also think most memory deduplication is on READ-ONLY pages. > With EPT or NPT you cannot detect if a page is read only. Furthermore, at least Linux (without highmem) maps all of memory with a read/write mapping in addition to the per-process mapping, so no page is read-only. -- error compiling committee.c: too many arguments to function