[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86: Meltdown band-aid against malicious 64-bit PV guests

On 01/16/2018 07:12 AM, Jan Beulich wrote:
>>>> On 15.01.18 at 17:54, <persaur@xxxxxxxxx> wrote:
>> On Jan 12, 2018, at 05:19, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>
>>> This is a very simplistic change limiting the amount of memory a running
>>> 64-bit PV guest has mapped (and hence available for attacking): Only the
>>> mappings of stack, IDT, and TSS are being cloned from the direct map
>>> into per-CPU page tables. Guest controlled parts of the page tables are
>>> being copied into those per-CPU page tables upon entry into the guest.
>>> Cross-vCPU synchronization of top level page table entry changes is
>>> being effected by forcing other active vCPU-s of the guest into the
>>> hypervisor.
>>>
>>> The change to context_switch() isn't strictly necessary, but there's no
>>> reason to keep switching page tables once a PV guest is being scheduled
>>> out.
>>>
>>> There is certainly much room for improvement, especially of performance,
>>> here - first and foremost suppressing all the negative effects on AMD
>>> systems. But in the interest of backportability (including to really old
>>> hypervisors, which may not even have alternative patching) any such is
>>> being left out here.
>>
>> Thanks for releasing this patch to support use cases not covered by the 
>> previous mitigations.  Is there a name or acronym we can use to reference 
>> this patch in the FAQ, XSA and other support documents?
> 
> I'm against any such naming, but XPTI-light would come to mind.

Rich, I'm afraid we tend to be a pedestrian bunch when it comes to
naming. :-)

I personally much prefer labels that contain enough information to hint
as to what the thing being referred to is.  One of the things I really
dislike about, say, OpenStack, is the hundreds of projects they have,
each with a cute name that people throw around, that as an outsider you
have no idea what they're talking about, and no real way to find out
rather than brute-force memorization.

Vixen / Comet thing was a special case.  First of all, Amazon had
already named Vixen; but even so, I initially referred to the two shims
as "the HVM shim" and "the PVH shim".  But when "the HVM shim" began to
get PVH support, and "the PVH shim" successfully got HVM support, those
names started to be inaccurate.  They really were just different
versions of the same thing (even sharing a lot of the same code).  Under
those circumstances, there's not much choice but to give "meaningless"
names.

Hopefully we'll never be in a position of discussing which of two
nearly-identical XPTI patches to start future development from, nor of
presenting two nearly-identical XPTI patchsets to our downstreams.

Since it seems like we may have several iterations of an SP3 solution,
each of which adds more protection / improves performance on previous
iterations, what about adding a number?  Say, "XPTI stage 1"?

Then we can discuss which technical mitigations will be in each 'stage'
that we release.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.