Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-09 Thread Stefano Stabellini
On Fri, 5 Jan 2018, Juergen Gross wrote: > On 04/01/18 21:21, Andrew Cooper wrote: > > This work was developed as an SP3 mitigation, but shelved when it became > > clear > > that it wasn't viable to get done in the timeframe. > > > > To protect against SP3 attacks, most mappings needs to be

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-08 Thread George Dunlap
On Fri, Jan 5, 2018 at 2:35 PM, Andrew Cooper wrote: > On 05/01/18 14:27, Jan Beulich wrote: > On 05.01.18 at 15:11, wrote: >>> Here's a question: What if we didn't try to prevent the guest from >>> reading hypervisor memory at all, but instead

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread Andrew Cooper
On 05/01/18 14:27, Jan Beulich wrote: On 05.01.18 at 15:11, wrote: >> Here's a question: What if we didn't try to prevent the guest from >> reading hypervisor memory at all, but instead just tried to make sure >> that there was nothing of interest there? >> >> If

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread George Dunlap
On Fri, Jan 5, 2018 at 2:17 PM, Juergen Gross wrote: > On 05/01/18 15:11, George Dunlap wrote: >> On Fri, Jan 5, 2018 at 9:39 AM, Juergen Gross wrote: >>> On 05/01/18 10:26, Andrew Cooper wrote: On 05/01/2018 07:48, Juergen Gross wrote: > On 04/01/18

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread Jan Beulich
>>> On 05.01.18 at 15:21, wrote: > We already have map_domain_page(), as a result of 32-bit mode and >>5TiB mode, so getting the domain pages out of the HV should be pretty > easy. E.g. by doing away with the directmap altogether. Jan

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread Jan Beulich
>>> On 05.01.18 at 15:11, wrote: > Here's a question: What if we didn't try to prevent the guest from > reading hypervisor memory at all, but instead just tried to make sure > that there was nothing of interest there? > > If sensitive information pertaining to a given vcpu

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread Juergen Gross
On 05/01/18 15:11, George Dunlap wrote: > On Fri, Jan 5, 2018 at 9:39 AM, Juergen Gross wrote: >> On 05/01/18 10:26, Andrew Cooper wrote: >>> On 05/01/2018 07:48, Juergen Gross wrote: On 04/01/18 21:21, Andrew Cooper wrote: > This work was developed as an SP3 mitigation,

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread George Dunlap
On Fri, Jan 5, 2018 at 9:39 AM, Juergen Gross wrote: > On 05/01/18 10:26, Andrew Cooper wrote: >> On 05/01/2018 07:48, Juergen Gross wrote: >>> On 04/01/18 21:21, Andrew Cooper wrote: This work was developed as an SP3 mitigation, but shelved when it became clear

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread Andrew Cooper
On 05/01/2018 09:39, Juergen Gross wrote: > On 05/01/18 10:26, Andrew Cooper wrote: >> On 05/01/2018 07:48, Juergen Gross wrote: >>> On 04/01/18 21:21, Andrew Cooper wrote: This work was developed as an SP3 mitigation, but shelved when it became clear that it wasn't viable to get

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-05 Thread Andrew Cooper
On 05/01/2018 07:48, Juergen Gross wrote: > On 04/01/18 21:21, Andrew Cooper wrote: >> This work was developed as an SP3 mitigation, but shelved when it became >> clear >> that it wasn't viable to get done in the timeframe. >> >> To protect against SP3 attacks, most mappings needs to be flushed

Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-04 Thread Juergen Gross
On 04/01/18 21:21, Andrew Cooper wrote: > This work was developed as an SP3 mitigation, but shelved when it became clear > that it wasn't viable to get done in the timeframe. > > To protect against SP3 attacks, most mappings needs to be flushed while in > user context. However, to protect

[Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

2018-01-04 Thread Andrew Cooper
This work was developed as an SP3 mitigation, but shelved when it became clear that it wasn't viable to get done in the timeframe. To protect against SP3 attacks, most mappings needs to be flushed while in user context. However, to protect against all cross-VM attacks, it is necessary to ensure