[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Ongoing/future speculative mitigation work

To: <george.dunlap@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 25 Oct 2018 09:02:04 -0600
Cc: Martin Pohlack <mpohlack@xxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Joao Martins <joao.m.martins@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Mihai Dontu <mdontu@xxxxxxxxxxxxxxx>, Marek Marczykowski <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>, uwed@xxxxxxxxx, Lars Kurth <lars.kurth@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Matt Wilson <msw@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel List <xen-devel@xxxxxxxxxxxxx>, Daniel Kiper <daniel.kiper@xxxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Thu, 25 Oct 2018 15:02:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 25.10.18 at 16:56, <george.dunlap@xxxxxxxxxx> wrote:
> On 10/25/2018 03:50 PM, Jan Beulich wrote:
>>>>> On 22.10.18 at 16:55, <wei.liu2@xxxxxxxxxx> wrote:
>>> On Thu, Oct 18, 2018 at 06:46:22PM +0100, Andrew Cooper wrote:
>>>> An easy first step here is to remove Xen's directmap, which will mean
>>>> that guests general RAM isn't mapped by default into Xen's address
>>>> space.  This will come with some performance hit, as the
>>>> map_domain_page() infrastructure will now have to actually
>>>> create/destroy mappings, but removing the directmap will cause an
>>>> improvement for non-speculative security as well (No possibility of
>>>> ret2dir as an exploit technique).
>>>
>>> I have looked into making the "separate xenheap domheap with partial
>>> direct map" mode (see common/page_alloc.c) work but found it not as
>>> straight forward as it should've been.
>>>
>>> Before I spend more time on this, I would like some opinions on if there
>>> is other approach which might be more useful than that mode.
>> 
>> How would such a split heap model help with L1TF, where the
>> guest specifies host physical addresses in its vulnerable page
>> table entries
> 
> I don't think it would.
> 
>> (and hence could spy at xenheap but - due to not
>> being mapped - not domheap)?
> 
> Er, didn't follow this bit -- if L1TF is related to host physical
> addresses, how does having a virtual mapping in Xen affect things in any
> way?

Hmm, indeed. Scratch that part.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] Ongoing/future speculative mitigation work
  - From: Andrew Cooper

References:
- [Xen-devel] Ongoing/future speculative mitigation work
  - From: Andrew Cooper
- Re: [Xen-devel] Ongoing/future speculative mitigation work
  - From: Wei Liu
- Re: [Xen-devel] Ongoing/future speculative mitigation work
  - From: Jan Beulich
- Re: [Xen-devel] Ongoing/future speculative mitigation work
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH v2] x86/mm/p2m: don't needlessly limit MMIO mapping order to 4k
Next by Date: Re: [Xen-devel] Fix VGA logdirty related display freezes with altp2m
Previous by thread: Re: [Xen-devel] Ongoing/future speculative mitigation work
Next by thread: Re: [Xen-devel] Ongoing/future speculative mitigation work
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.