Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 30.11.24 13:48, Wei Chen wrote: > That doesn't explain the full story about MIGRATE_UNMOVABLE. I assume > one precondition is missing in your explanation. I have double-checked the source code. My initial description of the process seems somewhat imprecise. vIOMMU does not convert pages to

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

> That doesn't explain the full story about MIGRATE_UNMOVABLE. I assume > one precondition is missing in your explanation. I have double-checked the source code. My initial description of the process seems somewhat imprecise. vIOMMU does not convert pages to UNMOVABLE during pinning, it is that pi

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 16:41, Wei Chen wrote: Thanks for the information! I will try to come up with V2 that does not impact virtio-mem's functionality. So, thinking about this ... both UNPLUG_ALL and "over-UNPLUG" (exceeding the request) will happen in sane environment currently very rarely. In many se

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 27.11.24 03:00, zhi zhang wrote: On Tue, Nov 26, 2024 at 11:52 PM David Hildenbrand > wrote: On 26.11.24 16:31, Wei Chen wrote: >   > How can you be sure (IOW trigger) that the system will store >   > "important data" like EPTs? > > We canno

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On Tue, Nov 26, 2024 at 11:52 PM David Hildenbrand wrote: > On 26.11.24 16:31, Wei Chen wrote: > > > How can you be sure (IOW trigger) that the system will store > > > "important data" like EPTs? > > > > We cannot, but we have designed the attack (see below) to improve the > > possibility. >

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 16:41, Wei Chen wrote: Thanks for the information! I will try to come up with V2 that does not impact virtio-mem's functionality. Thanks. In case we want to go this path in this patch, we'd have to glue the new behavior to a new feature flag, and implement support for that in Linu

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 16:31, Wei Chen wrote: > How can you be sure (IOW trigger) that the system will store > "important data" like EPTs? We cannot, but we have designed the attack (see below) to improve the possibility. > So is one magic bit really that for your experiments, one needs a > viommu

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

Thanks for the information! I will try to come up with V2 that does not impact virtio-mem's functionality. Best regards, Wei Chen On 2024/11/26 23:14, David Hildenbrand wrote: On 26.11.24 16:08, David Hildenbrand wrote: On 26.11.24 15:46, David Hildenbrand wrote: On 26.11.24 15:20, Wei Chen

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

> How can you be sure (IOW trigger) that the system will store > "important data" like EPTs? We cannot, but we have designed the attack (see below) to improve the possibility. > So is one magic bit really that for your experiments, one needs a > viommu? Admittedly the way we accomplish a VM esc

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 16:08, David Hildenbrand wrote: On 26.11.24 15:46, David Hildenbrand wrote: On 26.11.24 15:20, Wei Chen wrote: > Please provide more information how this is supposed to work Thanks for the information. A lot of what you wrote belongs into the patch description. Especially, th

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 15:46, David Hildenbrand wrote: On 26.11.24 15:20, Wei Chen wrote: > Please provide more information how this is supposed to work Thanks for the information. A lot of what you wrote belongs into the patch description. Especially, that this might currently only be relevant with

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 15:20, Wei Chen wrote: > Please provide more information how this is supposed to work Thanks for the information. A lot of what you wrote belongs into the patch description. Especially, that this might currently only be relevant with device passthrough + viommu. We initially

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

> Please provide more information how this is supposed to work We initially discovered that virtio-mem could be used by a malicious agent to trigger the Rowhammer vulnerability and further achieve a VM escape. Simply speaking, Rowhammer is a DRAM vulnerability where frequent access to a memory l

[PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

A malicious guest can exploit virtio-mem to release memory back to the hypervisor and attempt Rowhammer attacks. The only case reasonable for unplugging is when the size > requested_size. Signed-off-by: Wei Chen Signed-off-by: Zhi Zhang --- hw/virtio/virtio-mem.c | 4 1 file changed, 4 ins

Re: [PATCH] hw/virtio/virtio-mem: Prohibit unplugging when size <= requested_size

On 26.11.24 09:02, Wei Chen wrote: A malicious guest can exploit virtio-mem to release memory back to the hypervisor and attempt Rowhammer attacks. Please provide more information how this is supposed to work, whether this is a purely theoretical case, and how relevant this is in practice. B