[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ

On 05/01/18 12:35, Lars Kurth wrote:
> Hi all, this is a repost of 
> https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/ for 
> xen-users/xen-devel. If you have questions, please reply to this thread and 
> we will try and improve the FAQ based on questions.
> Regards
> Lars
> Google’s Project Zero announced several information leak vulnerabilities 
> affecting all modern superscalar processors. Details can be found on their 
> blog, and in the Xen Project Advisory 254 [1]. To help our users understand 
> the impact and our next steps forward, we put together the following FAQ.
> Note that we will update the FAQ as new information surfaces.
> = Is Xen impacted by Meltdown and Spectre? =
> There are two angles to consider for this question:
> * Can an untrusted guest attack the hypervisor using Meltdown or Spectre?
> * Can a guest user-space program attack a guest kernel using Meltdown or 
> Spectre?
> Systems running Xen, like all operating systems and hypervisors, are 
> potentially affected by Spectre (referred to as SP1 and SP2 in Advisory 254 
> [1]). For Arm Processors information, you can find which processors are 
> impacted here [2].  In general, both the hypervisor and a guest kernel are 
> vulnerable to attack via SP1 and SP2.
> Only Intel processors are impacted by Meltdown (referred to as SP3 in 
> Advisory 254 [1]). On Intel processors, only 64-bit PV mode guests can attack 
> Xen. Guests running in 32-bit PV mode, HVM mode, and PVH mode cannot attack 
> the hypervisor using SP3. However, in 32-bit PV mode, HVM mode, and PVH mode, 
> guest userspaces can attack guest kernels using SP3; so updating guest 
> kernels is advisable.
> Interestingly, guest kernels running in 64-bit PV mode are not vulnerable to 
> attack using SP3, because 64-bit PV guests already run in a KPTI-like mode.

And this is wrong. Guest kernels running in 64-bit PV mode can't be
attacked directly from their users, but indirectly via a user program
reading the host's memory, of which the guest's kernel memory is a
part of.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.