[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ

On Mon, Jan 08, 2018 at 09:02:37AM +0000, Lars Kurth wrote:
> > On 7 Jan 2018, at 17:11, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> > 
> > 
> >>>> Since PVH does not yet support PCI passthrough, are there other
> >>>> recommended SP3 mitigations for 64-bit PV driver domains?
> >>> Lock them down?  Device driver domains, even if not fully trusted, are
> >>> going to be part of the system and therefore at least semi-TCB.
> >>> 
> >>> If an attacker can't run code in your driver domain (and be aware of
> >>> things like server side processing, JIT of SQL, etc as "running code"
> >>> methods), they aren't in a position to mount an SP3 attack.
> >> Well, the main reason why driver domains are used in Qubes OS is
> >> assumption that it is not possible to really "lock them down", given
> >> full OS (Linux) running inside and being exposed to the outside world
> >> (having network adapters, USB controllers etc). There are so many
> >> components running them, that for sure some of them are buggy. Just some
> >> examples exploitable in the near past: DHCP client, Bluetooth stack.
> >> 
> >> If we'd believe that handling those devices exposed to the outside world
> >> is "safe", we wouldn't use driver domains at all...
> > 
> > Indeed, but they are in a better position than arbitrary VMs, because
> > users can't just log into them and start running code.  (I really hope...)
> I wanted to point out 
> https://lists.xenproject.org/archives/html/xen-devel/2018-01/msg00497.html 
> <https://lists.xenproject.org/archives/html/xen-devel/2018-01/msg00497.html> 
> which according to the cover letter is based on HVM and not PVH. I am not 
> really sure whether this would solve some of the problems around PCI 
> passthrough. 

The pv-shim should also work inside an HVM guest, we just use PVH
because it's easier to setup from a toolstack PoV. The passthrough
problem is going to be the same with either PVH or HVM, which is that
the shim would have to provide something like pciback to the guest.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.