lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <37a18a24-7825-9e75-39a7-a66086a5e3a6@suse.com>
Date:   Fri, 15 Jun 2018 09:00:28 +0200
From:   Juergen Gross <jgross@...e.com>
To:     Jiri Kosina <jikos@...nel.org>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...e.de>,
        Mike Latimer <mlatimer@...e.com>, x86@...nel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/pti: don't report XenPV as vulnerable

On 15/06/18 08:39, Jiri Kosina wrote:
> On Fri, 15 Jun 2018, Juergen Gross wrote:
> 
>> Why? PTI has to be disabled in PV guests as it can't work there due to 
>> missing paravirtualization of the PTI feature (mov to/from %cr3).
>>
>> The Xen meltdown mitigation ("XPTI") for 64-bit pv guests is primarily 
>> securing the hypervisor against meltdown attacks of the guest. The guest 
>> itself can't do anything in this regard in 64-bit mode, as user and 
>> kernel code are already using different %cr3 values even without PTI.
> 
> That I know. Then I am probably dense today, but could you please again 
> explain what you meant by this in your first reply:
> 
> 	"This is wrong for [ ... ] for 64-bit, too, in case the mitigation is 
> 	 disabled at hypervisor level."
> 

Like it is possible to switch off PTI in the kernel it is possible to do
the same with XPTI in the hypervisor (it is even possible to disable
XPTI for dom0 only).

In case XPTI is disabled for the currently running system it is possible
to make use of Meltdown in user programs to read arbitrary physical host
memory (i.e. attacking the hypervisor) and this includes the own systems
kernel memory.

So telling a user the system isn't vulnerable regarding Meltdown when
running as 64-bit pv-guest might not be the truth.


Juergen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ