Bug 1573042
Summary: | [Docs][Security] Update section for TPS/KSM issues to Sec/Hardening Guide | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Summer Long <slong> |
Component: | documentation | Assignee: | Martin Lopes <mlopes> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | RHOS Documentation Team <rhos-docs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 12.0 (Pike) | CC: | lbopf, slong, srevivo |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-01 03:47:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Summer Long
2018-04-30 01:49:42 UTC
Or this: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/chap-ksm Basically just need to ensure that the user is aware of the risk of a VM-to-VM attack on the same host, and tell them how to fix it by disabling KSM. Here you go: "Both kernel same-page merging (KSM) and transparent page sharing (TPS) are vulnerable to attack: * Memory de-duplication systems are vulnerable to side-channel attacks. In academic studies, attackers were able to identify software packages and versions running on neighboring virtual machines as well as software downloads and other sensitive information through analyzing memory access times on the attacker VM. * More importantly, row-hammer type attacks[0] have been demonstrated against KSM to enact cross-VM modification of executable memory. This means that a hostile VM can gain code-execution access to other VMs on the same compute host. If a cloud deployment requires the strong separation of tenants, as with public clouds and some private clouds, deployers should disable both TPS and KSM. To disable KSM, refer to <link> To disable TPS, refer to <link>" [0]https://access.redhat.com/articles/1377393 Thanks Martin. * Because disabling KSM/TPS is RHEL specific, could you get the best reference from the rhel folk? There must be a rhel product doc that has tps info? * Except for the first sentence, most of that preceding paragraph could probably be combined with the first bullet point. side-channel...side-channel, etc. Was going to edit it for you, but wouldn't let me :D thanks, s Thanks, Martin, text looks good (sorry, just got back from PTO). However, please check your links. TPS isn't the same as THP. In fact (went off and read more), looks like TPS is the vmware option for de-duplication. If there isn't a compute option for TPS, perhaps only include the link for disabling KSM? |