[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ

On 01/11/2018 10:15 AM, Lars Kurth wrote:
> I am wondering whether something like the attached table would make
> understanding the FAQ easier. Page 1 is clearly what is Xen specific and
> we definitely should cover.
> Page 2 in general covers Linux and guests. The first block is relatively
> straightforward.
> The 2nd and 3rd block is based on information from Doug: as there are
> many gaps, I would be uneasy about publishing these somewhere prominent. 
> Also
>> As this is really guest specific this information can't be provided by
>> Xen.
> which carries a risk that any analysis made by anyone might only apply
> to the context in which the analysis was done.
> But the question keeps coming up, so making this clearer is maybe sensible.

Yes! This is a really good thing do do, since it's much more powerful
than trying to express the "multi-dimensional combinations" in  sentences.

When having this, the amount of text in the faq should just clearly
describe the categories, and cut out all the "X can but not if Y, but
also Y but not if Z" type sentences and then refer to the tables for the
end verdict for a specific users own situation.

  -- >8 --

The one thing I would want to point out again, which keeps to be a
non-obvious thing for users, is that in the short term with the pvshim
solution, a 64 bit PV guest in pvshim mode can still not be protected
against itself.

At  "Is a user space attack on the guest kernel possible (when running
in a Xen VM)"  there could be a [3] at 64 bit PV no, with the
explanation that while technically correct, this can again be
circumvented by exploiting the attack via Xen (see 'on other guest'
table) back to itself.

Or maybe adding an extra table "Is a user space attack via Xen back to
the guest itself possible (when running in a Xen VM)?" will help instead.

And to make it more complicated, a user would want to see how the tables
change when injecting the pvshim approach... For that, it might be
sufficient to add an extra row to all tables with "64 bit PV in pvhsim"
just below "64 bit PV".


[0] I also haven't see this info in any PR from AWS about PV guests?
Like, "hey, we protected ourselves and other customers against you, but
we can't do anything about your own business. Please stop using 64bit PV
instances for now if there's anything untrusted running inside."

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.