From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-3.3 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.3 Received: by atuin.qyliss.net (Postfix, from userid 496) id A8D073329; Wed, 26 Aug 2020 13:24:06 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 010D432CA; Wed, 26 Aug 2020 13:23:47 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id C9C3A3247; Wed, 26 Aug 2020 13:23:44 +0000 (UTC) Received: from smtp58.i.mail.ru (smtp58.i.mail.ru [217.69.128.38]) by atuin.qyliss.net (Postfix) with ESMTPS id E329C3245; Wed, 26 Aug 2020 13:23:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail3; h=Message-Id:Content-type:Mime-Version:REFERENCES:IN-REPLY-TO:Reply-To:Subject:Cc:To:From:Date:From:Subject:Content-Type:Content-Transfer-Encoding:To:Cc; bh=u4g12q+B7L2DIDsfIBMQFAoId/VuW1RW/xQyMjhu2UE=; b=ml1OyVgqc8j05whSFe+PTN2+E1PKMaH3l+YozwRTTUJa57dHg6d5a6zNfKEJprp1+xvaAUaxu4vtYhUJ5DakI/rtSu2dzLJLBWmrJIAU0yTnUWdUmwNGv1XSEC51pf6v8bynt/OUUPmgoWNjNEQNPoDlCK9jbfi7TYXRlE86Pro=; Received: by smtp58.i.mail.ru with esmtpa (envelope-from <7c6f434c@mail.ru>) id 1kAvOt-0007no-1V; Wed, 26 Aug 2020 16:23:39 +0300 Date: Wed, 26 Aug 2020 15:31:38 +0200 From: Michael Raskin <7c6f434c@mail.ru> To: hi@alyssa.is, discuss@spectrum-os.org, devel@spectrum-os.org Subject: This (and Last) Week in Spectrum, 2020-W34 & 2020-W35 X-Mailer: cl-smtp (SBCL 2.0.0.nixos) IN-REPLY-TO: <87zh6jk8gr.fsf@alyssa.is> REFERENCES: (<87zh6jk8gr.fsf@alyssa.is> . <87zh6jk8gr.fsf@alyssa.is> ) Mime-Version: 1.0 Content-type: text/plain; charset="UTF-8" Message-Id: Authentication-Results: smtp58.i.mail.ru; auth=pass smtp.auth=7c6f434c@mail.ru smtp.mailfrom=7c6f434c@mail.ru X-7564579A: 78E4E2B564C1792B X-77F55803: 4F1203BC0FB41BD954C81FEE9E182B690DFB6F5E10C24A7B4337DC51DBE6B3E5182A05F53808504050125BF1AE31BA02D2639904AE1420DEB47BAA9BB3EF1CB5CF743D4E85547A05 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE77806F8AEFB2C8BE8EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637D08ED87D5614270A8638F802B75D45FF5571747095F342E8C7A0BC55FA0FE5FC99694630EBA89A92C711FEFD4402430AB53CC16DD3167C5E389733CBF5DBD5E913377AFFFEAFD269176DF2183F8FC7C0D9442B0B5983000E8941B15DA834481FCF19DD082D7633A0E7DDDDC251EA7DABA471835C12D1D977725E5C173C3A84C3BEC81E4AEBD6D2BF117882F4460429728AD0CFFFB425014E38874BB89490CB1476E601842F6C81A19E625A9149C048EE140C956E756FBB7A4782AAF36435267CD8FC6C240DEA76429449624AB7ADAF37B2D370F7B14D4BC40A6AB1C7CE11FEE36A1CB4668A9CA5FA2D242C3BD2E3F4C6C4224003CC836476526C483CD25F9C73A7F4EDE966BC389F9E8FC8737B5C22496429CA7FAE996019089D37D7C0E48F6CCF19DD082D7633A0E7DDDDC251EA7DABAAAE862A0553A3920E30A4C9C8E338DA20DB78958566D50543847C11F186F3C5E7DDDDC251EA7DABCC89B49CDF41148F53FDB0A1CE3EC88B3B503F486389A921A5CC5B56E945C8DA X-C8649E89: E11504846EB59ABA201B1F739F855E7BCA1A2167FFB5B1E1D2F2CA380FCD0A34CB7449BD8EA555AE X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojJMurrHlghjlocCAGKPJ2rQ== X-Mailru-Sender: A682F7DD9AD981BB986F37D43648BD576D6567BD8C0362EC1FAF10B8F493DA2FDA1AEEF18BCB1A9B1067336AA944228D744DAD48789798D71BF529556E022BFBBD344289D9E86D240D4ABDE8C577C2ED X-Mras: Ok Message-ID-Hash: J33IR4HXKDXGHLQM5626FTEN75WX56I4 X-Message-ID-Hash: J33IR4HXKDXGHLQM5626FTEN75WX56I4 X-MailFrom: 7c6f434c@mail.ru X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: edef@edef.eu, philipp@xndr.de X-Mailman-Version: 3.3.1 Precedence: list Reply-To: 7c6f434c@mail.ru List-Id: General high-level discussion about Spectrum Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: >to handle 9P over vsock, but I haven't tested yet. We can use existing >virtiofsd and 9P software (there are promising Rust implementations of >each), and harden them against potential vulnerabilites like directory >traversals using kernel features like RESOLVE_BENEATH and >RESOLVE_NO_XDEV. For the boot device, maybe there's no reason not to Also, if the server is in a namespace seeing only a bind mount to the necessary part of the FS, in a VM that only sees that one FS, the cheap attacks just become moot. You can probably talk it into traversal, but it doesn't see more than allowed anyway; talking it into attacking the VM kernel is hopefully harder (and still has limited impact) >just mount it using the host kernel, or maybe there's something to be >gained by just reading a small bootstrap payload into memory from the >start of the disk once, and then making all future communication go via >a VM. I'm not really sure yet. But the important thing is we'll have >mechanisms for all this in place. Maybe we'll decide that non-boot >devices should just go over inter-VM 9P, but in any case, we'll still >need all these pieces. Can virtiofs eventually be backed by a VM-wrapped vhost-user? Although we probably do want host-side page cache, as VM's requests to host are way more transparent for the scheduler than inter-VM requests. >computers I've tried it on so far. I suspect that I will get GPU >isolation working, but I'm not sure how reliable or performant it will >be. Hmm. Also a good question what is the timeslice for inter-VM communication. Does it make sense to have two VMs alternate for slices of ten milliseconds? This is just what is probably needed to have 25fps video playback??? >I'm pushing quite hard to make it over the line with my hardware >isolation funding milestone. I'm so close, and I'm about to need the >money. But once I've hit that, I think I'm going to need a break. This >stuff is gruelling. I wish you strength for this push!