[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution



>>> On 05.01.18 at 15:11, <dunlapg@xxxxxxxxx> wrote:
> Here's a question:  What if we didn't try to prevent the guest from
> reading hypervisor memory at all, but instead just tried to make sure
> that there was nothing of interest there?
> 
> If sensitive information pertaining to a given vcpu were only maped on
> the processor currently running that vcpu, then it would mitigate not
> only SP3, but also SP2 and SP1.

Unless there were hypervisor secrets pertaining to this guest.
Also, while the idea behind your question is certainly nice, fully
separating memories related to individual guests would come
at quite significant a price: No direct access to a random
domain's control structures would be possible anymore, which
I'd foresee to be a problem in particular when wanting to
forward interrupts / event channel operations to the right
destination. But as I've said elsewhere recently: With all the
workarounds now being put in place, perhaps we don't care
about performance all that much anymore anyway...

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.