| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Oct 2006 11:10:16 +0200 From: Avi Kivity <avi@...ranet.com> To: Arnd Bergmann <arnd@...db.de> CC: linux-kernel@...r.kernel.org, kvm-devel@...ts.sourceforge.net Subject: Re: [PATCH 6/13] KVM: memory slot management Arnd Bergmann wrote: >> It can shoot not only its foot, but anything the monitor's uid has >> access to. Host files, the host network, other guests belonging to the >> user, etc. >> > > Yes, that's what I meant. It's obviously nicer if the guest can't do that, > but it's a tradeoff of the potential security impact against on how hard > it is to implement hiding the addresses you don't want your guest to see. > To put it into other words, do you want the optimal performance, or the > optimal security? > > Well, isolation is one of the most significant features of full virtualization, both for security and reliability. I don't think we can compromise that. >> It's worse than I thouht: tlb entries generated by guest accesses are >> tagged with the guest virtual address, to if you remove a guest >> physical/host virtual page you need to invalidate the entire guest tlb. >> > > Ok, so it's the HW's fault. They either copied bad or decided doing the > s390 approach was too expensive. > x86 tradition is to make all possible mistakes before getting a working solution. -- error compiling committee.c: too many arguments to function - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists