ksmd should be opt-in rather than opt-out

Bug #2033565 reported by Seth Arnold
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
qemu (Ubuntu)
Confirmed
Undecided
Sergio Durigan Junior

Bug Description

This was originally raised in https://bugs.launchpad.net/cloud-images/+bug/2032933/comments/13 :

> > +ksmd
>$
> I'm concerned about this change. Historically, the page-merging
> code has allowed cross-VM snooping, including even recovery of
> GnuPG private keys: https://eprint.iacr.org/2013/448.pdf
>$
> Unless something has changed to mitigate the cross-domain privacy
> leaks in ksmd, it ought to be opt-in for administrators to select
> if all their VMs are in the same security domain.

There's a collection of references on Wikipedia https://en.wikipedia.org/wiki/Kernel_same-page_merging#Security_risks showing the work; there's a paper from 2021 demonstrating the issue remotely: https://graz.elsevierpure.com/en/publications/remote-memory-deduplication-attacks

I realize KSM is the difference between some workloads working and not working, so I'm not proposing that it be removed entirely. It has its place. But I also think it should be opt-in rather than opt-out.

Thanks

Tags: server-todo
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Hi Seth, thanks for making the bug report!

Did you see Thomas' recent comment in the original bug? https://bugs.launchpad.net/cloud-images/+bug/2032933/comments/21

Does having it enabled only when installing ksmtuned good enough?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qemu (Ubuntu):
status: New → Confirmed
Revision history for this message
Thomas Bechtold (toabctl) wrote :

As Christian pointed out (see https://bugs.launchpad.net/cloud-images/+bug/2032933/comments/22), it also gets activated when installing qemu-system-...

tags: added: server-todo
Changed in qemu (Ubuntu):
assignee: nobody → Sergio Durigan Junior (sergiodj)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.