| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Jun 2019 10:43:12 -0700
From: Eric Hankland <ehankland@...gle.com>
To: Wei Wang <wei.w.wang@...el.com>
Cc: Cfir Cohen <cfir@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>,
rkrcmar@...hat.com, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, Stephane Eranian <eranian@...gle.com>
Subject: Re: [PATCH v1] KVM: x86: PMU Whitelist
Since we aren't using QEMU, I don't have those patches ready yet, but
I can work on them if you want to review them at the same time as this
patch. The architectural events (minus the LLC events) are probably a
reasonable starting point for the whitelist.
Eric
On Thu, Jun 6, 2019 at 12:31 AM Wei Wang <wei.w.wang@...el.com> wrote:
>
> On 06/06/2019 05:35 AM, Eric Hankland wrote:
> >>> Right - I'm aware there are other ways of detecting this - it's still
> >>> a class of events that some people don't want to surface. I'll ask if
> >>> there are any better examples.
> > I asked and it sounds like we are treating all events as potentially
> > insecure until they've been reviewed. If Intel were to publish
> > official (reasonably substantiated) guidance stating that the PMU is
> > secure, then I think we'd be happy without such a safeguard in place,
> > but short of that I think we want to err on the side of caution.
> >
>
> I'm not aware of any vendors who'd published statements like that.
>
> Anyway, are you ready to share your QEMU patches or the events you want
> to be on the whitelists?
>
>
> Best,
> Wei
Powered by blists - more mailing lists