| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Mar 2010 18:16:05 +0200 From: Avi Kivity <avi@...hat.com> To: Peter Zijlstra <peterz@...radead.org> CC: Joerg Roedel <joro@...tes.org>, Anthony Liguori <anthony@...emonkey.ws>, Ingo Molnar <mingo@...e.hu>, Pekka Enberg <penberg@...helsinki.fi>, "Zhang, Yanmin" <yanmin_zhang@...ux.intel.com>, Sheng Yang <sheng@...ux.intel.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, Marcelo Tosatti <mtosatti@...hat.com>, Jes Sorensen <Jes.Sorensen@...hat.com>, Gleb Natapov <gleb@...hat.com>, ziteng.huang@...el.com, Arnaldo Carvalho de Melo <acme@...hat.com>, Fr?d?ric Weisbecker <fweisbec@...il.com>, Gregory Haskins <ghaskins@...ell.com> Subject: Re: [RFC] Unify KVM kernel-space and user-space code into a single project On 03/24/2010 06:03 PM, Peter Zijlstra wrote: > On Wed, 2010-03-24 at 16:01 +0100, Joerg Roedel wrote: > > >> What I meant was: perf-kernel puts the guest-name into every sample and >> perf-userspace accesses /sys/kvm/guest_name/fs/ later to resolve the >> symbols. I leave the question of how the guest-fs is exposed to the host >> out of this discussion. We should discuss this seperatly. >> > I'd much prefer a pid like suggested later, keeps the samples smaller. > > But that said, we need guest kernel events like mmap and context > switches too, otherwise we simply can't make sense of guest userspace > addresses, we need to know the guest address space layout. > The kernel knows some of the address space layout, qemu knows all of it. > So aside from a filesystem content, we first need mmap and context > switch events to find the files we need to access. > This only works for the guest kernel, we don't know anything about guest processes [1]. > And while I appreciate all the security talk, its basically pointless > anyway, the host can access it anyway, everybody agrees on that, but > still you're arguing the case.. > root can access anything, but we're not talking about root. The idea is to protect against a guest that has exploited its qemu and is now attacking the host and its fellow guests. uid protection is no good since we want to isolate the guest from host processes belonging to the same uid and from other guests running under the same uid. [1] We can find out guest pids if we teach the kernel what to dereference, i.e. gs:offset1->offset2->offset3. Of course this varies from kernel to kernel, so we need some kind of bytecode that we can run in perf nmi context. Kind of what we need to run an unwinder for -fomit-frame-pointer. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists