mask more /proc/cpuinfo output in KVM

Information

ID: 449
PHID: PHID-TASK-4ihcgqr5ulhwv32v263n
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal

Description

Currently lots of information from inside a compromised workstation (or fancy application reading and reporting it somewhere for whatever statistic purpose) can be read:

Seems like CPU features can be reduced:
https://www.berrange.com/posts/2010/02/15/guest-cpu-model-configuration-in-libvirt-with-qemukvm/

Add new ‘kvm’ domain feature and ability to hide KVM signature:
https://www.redhat.com/archives/libvir-list/2014-August/msg00744.html

Maybe more can be masked such as model and clock frequency.

As I understand, these features have been added to ease CPU migration in heterogeneous CPU environments. We can reuse these features to hide more hardware identifiers.

Needs research if there would be a performance penalty or something else would speak against this.

Comments


Patrick

2015-12-07 17:27:26 UTC


HulaHoop

2015-12-07 22:50:12 UTC


HulaHoop

2015-12-07 23:09:49 UTC


HulaHoop

2015-12-07 23:21:56 UTC


Patrick

2015-12-07 23:31:30 UTC


Patrick

2015-12-07 23:46:59 UTC


Patrick

2015-12-07 23:55:39 UTC


HulaHoop

2015-12-08 01:05:29 UTC


HulaHoop

2015-12-08 01:48:48 UTC


Patrick

2015-12-08 21:33:49 UTC


HulaHoop

2015-12-10 03:21:10 UTC


HulaHoop

2015-12-12 03:31:21 UTC


HulaHoop

2015-12-12 03:38:33 UTC


Patrick

2015-12-12 04:31:43 UTC


Patrick

2016-06-01 13:29:21 UTC


HulaHoop

2016-06-01 23:44:16 UTC


Patrick

2016-06-02 08:59:06 UTC


Patrick

2016-06-02 09:23:09 UTC


HulaHoop

2016-06-02 14:43:11 UTC


HulaHoop

2016-06-07 13:55:00 UTC