lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3b1a1b17-9a93-47c6-99a1-43639cd05cbf@redhat.com>
Date: Wed, 24 Sep 2025 13:38:31 +0200
From: David Hildenbrand <david@...hat.com>
To: Stefan Hajnoczi <stefanha@...hat.com>,
 Cong Wang <xiyou.wangcong@...il.com>
Cc: linux-kernel@...r.kernel.org, pasha.tatashin@...een.com,
 Cong Wang <cwang@...tikernel.io>, Andrew Morton <akpm@...ux-foundation.org>,
 Baoquan He <bhe@...hat.com>, Alexander Graf <graf@...zon.com>,
 Mike Rapoport <rppt@...nel.org>, Changyuan Lyu <changyuanl@...gle.com>,
 kexec@...ts.infradead.org, linux-mm@...ck.org, multikernel@...ts.linux.dev
Subject: Re: [RFC Patch 0/7] kernel: Introduce multikernel architecture
 support

>>
>> Two more points:
>>
>> 1) Security lockdown. Security lockdown transforms multikernel from
>> "0-day means total compromise" to "0-day means single workload
>> compromise with rapid recovery." This is still a significant improvement
>> over containers where a single kernel 0-day compromises everything
>> simultaneously.
> 
> I don't follow. My understanding is that multikernel currently does not
> prevent spawned kernels from affecting each other, so a kernel 0-day in
> multikernel still compromises everything?

I would assume that if there is no enforced isolation by the hardware 
(e.g., virtualization, including partitioning hypervisors like 
jailhouse, pkvm etc) nothing would stop a kernel A to access memory 
assigned to kernel B.

And of course, memory is just one of the resources that would not be 
properly isolated.

Not sure if encrypting memory per kernel would really allow to not let 
other kernels still damage such kernels.

Also, what stops a kernel to just reboot the whole machine? Happy to 
learn how that will be handled such that there is proper isolation.

-- 
Cheers

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ