Description of problem:
4.1.1. Hypervisors in OpenStack
This section has a good description of the KSM/TPS, but the security aspect needs to be emphasised (the PoC is no longer academic). Could you please add procedures for disabling these? Or add a link to the relevant doc?
Version-Release number of selected component (if applicable):
Or this: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/chap-ksm
Basically just need to ensure that the user is aware of the risk of a VM-to-VM attack on the same host, and tell them how to fix it by disabling KSM.
Here you go:
"Both kernel same-page merging (KSM) and transparent page sharing (TPS) are vulnerable to attack:
* Memory de-duplication systems are vulnerable to side-channel attacks. In academic studies, attackers were able to identify software packages and versions running on neighboring virtual machines as well as software downloads and other sensitive information through analyzing memory access times on the attacker VM.
* More importantly, row-hammer type attacks have been
demonstrated against KSM to enact cross-VM modification of executable
memory. This means that a hostile VM can gain code-execution access to
other VMs on the same compute host.
If a cloud deployment requires the strong separation of tenants, as with public clouds and some private clouds, deployers should disable both TPS and KSM.
To disable KSM, refer to <link>
To disable TPS, refer to <link>"
* Because disabling KSM/TPS is RHEL specific, could you get the best reference from the rhel folk? There must be a rhel product doc that has tps info?
* Except for the first sentence, most of that preceding paragraph could probably be combined with the first bullet point. side-channel...side-channel, etc. Was going to edit it for you, but wouldn't let me :D
Thanks, Martin, text looks good (sorry, just got back from PTO).
However, please check your links. TPS isn't the same as THP. In fact (went off and read more), looks like TPS is the vmware option for de-duplication. If there isn't a compute option for TPS, perhaps only include the link for disabling KSM?
Guide has been republished: