lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 15 Jan 2024 12:30:50 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: Yan Zhao <yan.y.zhao@...el.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
	dri-devel@...ts.freedesktop.org, pbonzini@...hat.com,
	seanjc@...gle.com, olvaffe@...il.com, kevin.tian@...el.com,
	zhiyuan.lv@...el.com, zhenyu.z.wang@...el.com, yongwei.ma@...el.com,
	vkuznets@...hat.com, wanpengli@...cent.com, jmattson@...gle.com,
	joro@...tes.org, gurchetansingh@...omium.org, kraxel@...hat.com,
	zzyiwei@...gle.com, ankita@...dia.com, alex.williamson@...hat.com,
	maz@...nel.org, oliver.upton@...ux.dev, james.morse@....com,
	suzuki.poulose@....com, yuzenghui@...wei.com
Subject: Re: [PATCH 0/4] KVM: Honor guest memory types for virtio GPU devices

On Tue, Jan 09, 2024 at 10:11:23AM +0800, Yan Zhao wrote:

> > Well, for instance, when you install pages into the KVM the hypervisor
> > will have taken kernel memory, then zero'd it with cachable writes,
> > however the VM can read it incoherently with DMA and access the
> > pre-zero'd data since the zero'd writes potentially hasn't left the
> > cache. That is an information leakage exploit.
>
> This makes sense.
> How about KVM doing cache flush before installing/revoking the
> page if guest memory type is honored?

I think if you are going to allow the guest to bypass the cache in any
way then KVM should fully flush the cache before allowing the guest to
access memory and it should fully flush the cache after removing
memory from the guest.

Noting that fully removing the memory now includes VFIO too, which is
going to be very hard to co-ordinate between KVM and VFIO.

ARM has the hooks for most of this in the common code already, so it
should not be outrageous to do, but slow I suspect.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ