On Fri, 5 Jan 2018, Juergen Gross wrote:
> On 04/01/18 21:21, Andrew Cooper wrote:
> > This work was developed as an SP3 mitigation, but shelved when it became
> > clear
> > that it wasn't viable to get done in the timeframe.
> >
> > To protect against SP3 attacks, most mappings needs to be
On Fri, Jan 5, 2018 at 2:35 PM, Andrew Cooper wrote:
> On 05/01/18 14:27, Jan Beulich wrote:
> On 05.01.18 at 15:11, wrote:
>>> Here's a question: What if we didn't try to prevent the guest from
>>> reading hypervisor memory at all, but instead
On 05/01/18 14:27, Jan Beulich wrote:
On 05.01.18 at 15:11, wrote:
>> Here's a question: What if we didn't try to prevent the guest from
>> reading hypervisor memory at all, but instead just tried to make sure
>> that there was nothing of interest there?
>>
>> If
On Fri, Jan 5, 2018 at 2:17 PM, Juergen Gross wrote:
> On 05/01/18 15:11, George Dunlap wrote:
>> On Fri, Jan 5, 2018 at 9:39 AM, Juergen Gross wrote:
>>> On 05/01/18 10:26, Andrew Cooper wrote:
On 05/01/2018 07:48, Juergen Gross wrote:
> On 04/01/18
>>> On 05.01.18 at 15:21, wrote:
> We already have map_domain_page(), as a result of 32-bit mode and
>>5TiB mode, so getting the domain pages out of the HV should be pretty
> easy.
E.g. by doing away with the directmap altogether.
Jan
>>> On 05.01.18 at 15:11, wrote:
> Here's a question: What if we didn't try to prevent the guest from
> reading hypervisor memory at all, but instead just tried to make sure
> that there was nothing of interest there?
>
> If sensitive information pertaining to a given vcpu
On 05/01/18 15:11, George Dunlap wrote:
> On Fri, Jan 5, 2018 at 9:39 AM, Juergen Gross wrote:
>> On 05/01/18 10:26, Andrew Cooper wrote:
>>> On 05/01/2018 07:48, Juergen Gross wrote:
On 04/01/18 21:21, Andrew Cooper wrote:
> This work was developed as an SP3 mitigation,
On Fri, Jan 5, 2018 at 9:39 AM, Juergen Gross wrote:
> On 05/01/18 10:26, Andrew Cooper wrote:
>> On 05/01/2018 07:48, Juergen Gross wrote:
>>> On 04/01/18 21:21, Andrew Cooper wrote:
This work was developed as an SP3 mitigation, but shelved when it became
clear
On 05/01/2018 09:39, Juergen Gross wrote:
> On 05/01/18 10:26, Andrew Cooper wrote:
>> On 05/01/2018 07:48, Juergen Gross wrote:
>>> On 04/01/18 21:21, Andrew Cooper wrote:
This work was developed as an SP3 mitigation, but shelved when it became
clear
that it wasn't viable to get
On 05/01/2018 07:48, Juergen Gross wrote:
> On 04/01/18 21:21, Andrew Cooper wrote:
>> This work was developed as an SP3 mitigation, but shelved when it became
>> clear
>> that it wasn't viable to get done in the timeframe.
>>
>> To protect against SP3 attacks, most mappings needs to be flushed
On 04/01/18 21:21, Andrew Cooper wrote:
> This work was developed as an SP3 mitigation, but shelved when it became clear
> that it wasn't viable to get done in the timeframe.
>
> To protect against SP3 attacks, most mappings needs to be flushed while in
> user context. However, to protect
This work was developed as an SP3 mitigation, but shelved when it became clear
that it wasn't viable to get done in the timeframe.
To protect against SP3 attacks, most mappings needs to be flushed while in
user context. However, to protect against all cross-VM attacks, it is
necessary to ensure
12 matches
Mail list logo