[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ

To: Hans van Kranenburg <hans@xxxxxxxxxxx>
From: Lars Kurth <lars.kurth.xen@xxxxxxxxx>
Date: Fri, 5 Jan 2018 17:34:29 +0000
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 05 Jan 2018 17:34:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 5 Jan 2018, at 15:55, Hans van Kranenburg <hans@xxxxxxxxxxx> wrote:

On 01/05/2018 12:35 PM, Lars Kurth wrote:
Hi all, this is a repost of
https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/
for xen-users/xen-devel. If you have questions, please reply to this
thread and we will try and improve the FAQ based on questions.
Regards Lars

Thanks for the writeup.

The main reason for the reader to get confused is the amount of
different combinations of situations that are possible, which all again
have their own set of vulnerabilities and also their own (maybe even
different) set of possibilities to be used as environment for executing
an attack.

So let's help them by being more explicit.

That sounds reasonable

On Intel processors, only 64-bit PV mode guests can attack Xen.

"On Intel processors an attack at Xen using SP3 can only be done by
64-bit PV mode guests."

Even if it looks super-redundant, I think keeping explicit information
in every sentence is preferable, so they cannot be misinterpreted or
accidentally be taken out of context.

Alright: I think I prefer "On Intel processors, only 64-bit PV mode guests can attack Xen using SP3."

Guests running in 32-bit PV mode, HVM mode, and PVH
mode cannot attack the hypervisor using SP3. However, in 32-bit PV
mode, HVM mode, and PVH mode, guest userspaces can attack guest
kernels using SP3; so updating guest kernels is advisable.

Interestingly, guest kernels running in 64-bit PV mode are not
vulnerable to attack using SP3, because 64-bit PV guests already run
in a KPTI-like mode.

Like Juergen already mentioned, additionally: "However, keep in mind
that a succesful attack on the hypervisor can still be used to recover
information about the same guest from physical memory."

Good suggestion.

= Does Xen have any equivalent to Linux’s KPTI series? =

Linux’s KPTI series is designed to address SP3 only.

This one...

For Xen guests, only 64-bit PV guests are affected by SP3.

...should be more explicit. The words "affected" and "impacted" do not
tell the reader if it's about being an attacker, or about being the
victim and what is attacked or attacking.

"For Xen guests, only 64-bit PV guests are able to execute a SP3 attack
against the hypervisor."

Sounds fine

I will update the blog post sometimes tomorrow or Monday. There were a few further comments, which may be worth rolling into a change

Lars

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] Xen Project Spectre/Meltdown FAQ
  - From: Lars Kurth
- Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ
  - From: Hans van Kranenburg

Prev by Date: Re: [Xen-devel] Xen Security Advisory 254 - Information leak via side effects of speculative execution
Next by Date: Re: [Xen-devel] [PATCH RFC v1 36/74] --- x86/shim: Kconfig and command line options
Previous by thread: Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ
Next by thread: Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ
Index(es):
- Date
- Thread