Ingo Molnar wrote:
I've got a security related question as well: vcpu_load() sets up a
physical CPU's VM registers/state, and vcpu_put() drops that. But
vcpu_put() only does a put_cpu() call - it does not tear down any VM
state that has been loaded into the CPU. Is it guaranteed that (hostile)
user-space cannot use that VM state in any unauthorized way? The state
is still loaded while arbitrary tasks execute on the CPU. The next
vcpu_load() will then override it, but the state lingers around forever.
The new x86 VM instructions: vmclear, vmlaunch, vmresume, vmptrld,
vmread, vmwrite, vmxoff, vmxon are all privileged so i guess it should
be mostly safe - i'm just wondering whether you thought about this
attack angle.
Yes. Userspace cannot snoop on a VM state.
ultimately we want to integrate VM state management into the scheduler
and the context-switch lowlevel arch code, but right now CPU state
management is done by the KVM 'driver' and there's nothing that isolates
other tasks from possible side-effects of a loaded VMX/SVN state.
AFAICS in vmx root mode the vm state only affects vmx instructions; SVM
has no architecturally hidden state.
--
error compiling committee.c: too many arguments to function
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
