[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen Project Spectre/Meltdown FAQ
On 12/01/18 17:17, Nathan March wrote: >>> In the matrix I see "Is a user space attack on the guest kernel possible >>> (when running in a Xen VM)?" For PVH (and HVM) = Yes[1] where [1] >>> Impacts Intel CPUs only. >>> >>> Is there any mitigation for this? i.e. How to protect a guest VM from >>> its own userspace processes. >> That part is handled by the kernel inside the guest. Xen doesn't see >> that happening. >> >> It's for example the KPTI/KAISER patches that got into the linux kernels >> now. > The most recent update to XSA-254 seems to clearly state that the kernel KPTI > patches will not protect the guest from itself with the shim installed: > >> PV-in-PVH/HVM shim approach leaves *guest* vulnerable to Meltdown >> attacks from its unprivileged users, even if the guest has KPTI >> patches. That is, guest userspace can use Meltdown to read all memory >> in the same guest. > So the questions remains, how do you protect a guest from a malicious user > inside of it? Switch it to being an HVM/PVH guest, and use Linux's KPTI, or wait to see if we can sensibly implement XPTI. A PV executes just like a userspace process under native Linux. The architecture means that Xen owns the pagetables, but that the guest kernel controls the content (albeit, audited) of the pagetables. A full and proper fix for SP3/Meltdown for PV guests can only come from a change in Xen. Otherwise, it is like expecting that a change in systemd would be able to make your native system secure to SP3/Meltdown. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |