Xen project Mailing List

Re: [Xen-devel] [PATCH 00/22] Vixen: A PV-in-HVM shim

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Mon, 8 Jan 2018 12:11:55 +0000

Cc: Anthony Liguori <aliguori@xxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>, KarimAllah Ahmed <karahmed@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan H. Schönherr <jschoenh@xxxxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 08 Jan 2018 12:12:08 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Jan 08, 2018 at 11:54:57AM +0000, Wei Liu wrote: > Hi Anthony > > On Sat, Jan 06, 2018 at 02:54:15PM -0800, Anthony Liguori wrote: > > From: Anthony Liguori <aliguori@xxxxxxxxxx> > > > > CVE-2017-5754 is problematic for paravirtualized x86 domUs because it > > appears to be very difficult to isolate the hypervisor's page tables > > from PV domUs while maintaining ABI compatibility. Instead of trying > > to make a KPTI-like approach work for Xen PV, it seems reasonable to > > run a copy of Xen within an HVM (or PVH) domU to provide backwards > > compatibility with guests as mentioned in XSA-254 [1]. > > > > This patch series adds a new mode to Xen called Vixen (Virtualized > > Xen) which provides a PV-compatible interface while gaining > > CVE-2017-5754 protection for the host provided by hardware > > virtualization. Vixen supports running a single unprivileged PV > > domain (a dom1) that is constructed by the dom0 domain builder. > > > > Please note the Xen page table configuration fundamental to the > > current PV ABI makes it impossible for an operating system to mitigate > > CVE-2017-5754 through mechanisms like Kernel Page Table Isolation > > (KPTI). In order for an operating system to mitigate CVE-2017-5754 it > > must run directly in a HVM or PVH domU. > > > > This series is very similar to the PVH series posted by Wei and we > > have been discussing how to merge efforts. We were hoping to have > > more time to work this out. I am posting this because I'm fairly > > confident that this series is complete (all PV instances in EC2 are > > using this) and others might find it useful. I also wanted to have > > more of a discussion about the best way to merge and some of the > > differences in designs. > > > > This series is also available at: > > > > git clone https://github.com/aliguori/xen.git vixen-upstream-v1 > > I do want to make the shim be able to run in both pvh and hvm mode > (which doesn't seem to be too hard in practice). AFAIK the pv-shim code will already work in HVM mode. It's just that booting the pv-shim in HVM mode requires that you install the shim inside of the guest and then boot it using grub or a similar loader that can do multiboot. Roger. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.