lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <500FDBD2.1050906@parallels.com>
Date:	Wed, 25 Jul 2012 15:43:14 +0400
From:	Vladimir Davydov <vdavydov@...allels.com>
To:	Andre Przywara <andre.przywara@....com>
CC:	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Borislav Petkov <bp@...64.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, Andi Kleen <ak@...ux.intel.com>,
	Borislav Petkov <borislav.petkov@....com>,
	"x86@...nel.org" <x86@...nel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Andreas Herrmann <andreas.herrmann3@....com>,
	Pavel Emelianov <xemul@...allels.com>,
	Konstantin Khorenko <khorenko@...allels.com>,
	Daniel Lezcano <daniel.lezcano@...aro.org>
Subject: Re: [PATCH 2/2] cpu: intel, amd: mask cleared cpuid features

On 07/25/2012 03:17 PM, Andre Przywara wrote:
> On 07/25/2012 01:02 PM, Vladimir Davydov wrote:
>> On 07/25/2012 02:58 PM, Andre Przywara wrote:
>>> On 07/25/2012 12:31 PM, Vladimir Davydov wrote:
>>>> On 07/24/2012 04:44 PM, Alan Cox wrote:
>>>>>> This approach does not need any kernel support (except for the
>>>>>> /proc/cpuinfo filtering). Does this address the issues you have?
>>>>> You can do the /proc/cpuinfo filtering in user space too
>>>>>
>>>> How?
>>> I wanted to write the same reply yesterday, but followed the hint in
>>> Alan's previous mail:
>>> # mount --bind /dev/shm/faked_cpuinfo /somepath/proc/cpuinfo
>>>
>>> I checked it, it works even with chroots and is not visible from within.
>> If CPUs go online/offline?
> Do you support CPU offlining from within the guest? My OpenVZ guest only
> has /sys/class and nothing else, so I cannot offline any CPU.
>
> So you setup a "hand-crafted" cpuinfo for the guest and this should stay
> valid for the whole guest's runtime, right?
>
> And since it is a dumped file, "host" CPU off/onlining does not affect
> it. Or do you want to propagate this to the guests?

A guest cannot have more CPUs than the host in container virtualization 
(at least in OpenVZ). So yes, we will have to propagate.

Anyway, we've agreed that you were right and are going to think about 
/proc/cpuinfo virtualization.

Thank you for your time and feedback.

> (Sorry, but my thinking is more Xen/KVM oriented, where guests can only
> do most things if they are explicitly allowed to do it and separation
> between guests and host is much stricter).
>
>
> Regards,
> Andre.
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ