Ingo Molnar wrote: > I've got a security related question as well: vcpu_load() sets up a > physical CPU's VM registers/state, and vcpu_put() drops that. But > vcpu_put() only does a put_cpu() call - it does not tear down any VM > state that has been loaded into the CPU. Is it guaranteed that (hostile) > user-space cannot use that VM state in any unauthorized way? The state > is still loaded while arbitrary tasks execute on the CPU. The next > vcpu_load() will then override it, but the state lingers around forever. > > The new x86 VM instructions: vmclear, vmlaunch, vmresume, vmptrld, > vmread, vmwrite, vmxoff, vmxon are all privileged so i guess it should > be mostly safe - i'm just wondering whether you thought about this > attack angle. >
Yes. Userspace cannot snoop on a VM state. > ultimately we want to integrate VM state management into the scheduler > and the context-switch lowlevel arch code, but right now CPU state > management is done by the KVM 'driver' and there's nothing that isolates > other tasks from possible side-effects of a loaded VMX/SVN state. > AFAICS in vmx root mode the vm state only affects vmx instructions; SVM has no architecturally hidden state. -- error compiling committee.c: too many arguments to function ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
