On Wed, Apr 01, 2020 at 03:15:37PM -0400, Noah Meyerhans wrote: > Should we simply say "yes" to any request to add functionality to the > cloud kernel? None of the drivers will add *that* much to the size of > the image, and if people are asking for them, then they've obviously got > a use case for them. Or is this a slipperly slope that diminishes the > value of the cloud kernel? I can see both sides of the argument, so I'd > like to hear what others have to say.
I don't think just saying "yes" automatically is the best approach. But I'm not sure we can come up with a clear set of rules. Evaluating the use cases will involve judgment calls about size vs functionality. I guess I think that's okay. The first two bugs are about nested virtualization. I like the idea of deciding to support that or not. I don't know much about nested virt, so I don't have a strong opinion. It seems pretty widely supported on our platforms. I don't know if it raises performance or security concerns. So these seem okay to me, as long as we decide to support nested virt, and there aren't major cons that I'm unaware of. Can you share more about the KSM use case? I'm worried about raising security concerns for this one. KSM has had a history of enabling attacks that are sorta serious, but also sorta theoretical. This might cause upset from infosec folks that freak out about any vulnerability - even when they don't really understand the magnitude of the risk. I tried to understand the current state of KSM security. But I couldn't easily find a recent summary, and I'm not an expert on the issues. Here are the older links I looked at: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2877 - https://access.redhat.com/blogs/766093/posts/1976303 - https://staff.aist.go.jp/k.suzaki/EuroSec2011-suzaki.pdf - https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf These sound mostly impractical to me, but they do enable scary sounding threats (read/write across vmm and hypervisor boundaries). That makes me nervous, but someone who understands the issues could convince me that these aren't worth worrying about. Ross
