Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1377184imu; Wed, 9 Jan 2019 17:27:43 -0800 (PST) X-Google-Smtp-Source: ALg8bN5uiAGUF5imdKM2bSP/62//YBbcnB2hmL3pQp+opvdC27o35wQt4IvfhU1/bIPCvnmvRTXy X-Received: by 2002:a63:6346:: with SMTP id x67mr5329947pgb.183.1547083663247; Wed, 09 Jan 2019 17:27:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547083663; cv=none; d=google.com; s=arc-20160816; b=FqxYDqnQKVR4c35ACGKyBMEApFZ8WUCC7WpwGy8O4l3xJ2RZzuuN4aT7lF9YqCwDA9 iKUHIY8Oa1gW22W0LAQUEmBlp00TRGYKTDLwGEX3A0zNCuiKJnlopChnXdbpAd94DpYn DxiJclWieLv7wI+BCWihRoiwg6nDXOyL1O67EN37uQGqd2lE5mRtZMUyItemtwi51Agg nc+f7UIuoq4qndP2QZ8Wgln/GB9uXQ/+/JW7IbcVEYjZIQSX5BD5pGJWF/ShLZ/pbMw6 +FAjJHcl4Xo42afTNv+T1JsV4EYGL9gzLHyXUxAcJb1ZnSudbMHq3Ps5sUDce7HwwZvl Td5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=e7TyeDhPVwC7IYDvtBCrKKTsVu9LpaUYxPebWN7Rgf0=; b=hnPOKmWVrZaDeu0CrhiAO99lFOl4GjFTNid2u0y/lxu4PpLnjZ0P6gC/63wSmVaMXj /86PTkaIfg5RhlNWMztMmizpPCXvEGR9UBA1hCL3UylPv31u2Ust+qYjg9lKEv50JZpH Uw7ewPjIseueFteknyA41m6KDbMNjuJEmdSnc7nahVJMuF3emPuIQbR8Bv1FN8joKfo0 /32BSzMBu30rN1MV+pGYqNwv8YPB3JiLosxAoW3Y+WnOWYjkcfuYbDsKj9gXhTT2B1RL 6/Trvjn/XAIohB1Fe5rVCQZR+ej6R4s+GdetZgJXyJVHkOzC7PGJ8DRNDrtWktlKPAXk DMDg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p14si6040419pfi.12.2019.01.09.17.27.28; Wed, 09 Jan 2019 17:27:43 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727091AbfAJB0W (ORCPT + 99 others); Wed, 9 Jan 2019 20:26:22 -0500 Received: from ipmail01.adl6.internode.on.net ([150.101.137.136]:54468 "EHLO ipmail01.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726590AbfAJB0W (ORCPT ); Wed, 9 Jan 2019 20:26:22 -0500 Received: from ppp59-167-129-252.static.internode.on.net (HELO dastard) ([59.167.129.252]) by ipmail01.adl6.internode.on.net with ESMTP; 10 Jan 2019 11:56:18 +1030 Received: from dave by dastard with local (Exim 4.80) (envelope-from ) id 1ghP6v-0001r4-Ly; Thu, 10 Jan 2019 12:26:17 +1100 Date: Thu, 10 Jan 2019 12:26:17 +1100 From: Dave Chinner To: Pankaj Gupta Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, qemu-devel@nongnu.org, linux-nvdimm@ml01.01.org, linux-fsdevel@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-acpi@vger.kernel.org, linux-ext4@vger.kernel.org, linux-xfs@vger.kernel.org, jack@suse.cz, stefanha@redhat.com, dan.j.williams@intel.com, riel@surriel.com, nilal@redhat.com, kwolf@redhat.com, pbonzini@redhat.com, zwisler@kernel.org, vishal.l.verma@intel.com, dave.jiang@intel.com, david@redhat.com, jmoyer@redhat.com, xiaoguangrong.eric@gmail.com, hch@infradead.org, mst@redhat.com, jasowang@redhat.com, lcapitulino@redhat.com, imammedo@redhat.com, eblake@redhat.com, willy@infradead.org, tytso@mit.edu, adilger.kernel@dilger.ca, darrick.wong@oracle.com, rjw@rjwysocki.net Subject: Re: [PATCH v3 0/5] kvm "virtio pmem" device Message-ID: <20190110012617.GA4205@dastard> References: <20190109144736.17452-1-pagupta@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190109144736.17452-1-pagupta@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 09, 2019 at 08:17:31PM +0530, Pankaj Gupta wrote: > This patch series has implementation for "virtio pmem". > "virtio pmem" is fake persistent memory(nvdimm) in guest > which allows to bypass the guest page cache. This also > implements a VIRTIO based asynchronous flush mechanism. Hmmmm. Sharing the host page cache direct into the guest VM. Sounds like a good idea, but..... This means the guest VM can now run timing attacks to observe host side page cache residency, and depending on the implementation I'm guessing that the guest will be able to control host side page cache eviction, too (e.g. via discard or hole punch operations). Which means this functionality looks to me like a new vector for information leakage into and out of the guest VM via guest controlled host page cache manipulation. https://arxiv.org/pdf/1901.01161 I might be wrong, but if I'm not we're going to have to be very careful about how guest VMs can access and manipulate host side resources like the page cache..... Cheers, Dave. -- Dave Chinner david@fromorbit.com