- Timestamp:
- Sep 3, 2015 11:33:32 AM (9 years ago)
- Location:
- trunk/doc/manual/en_US
- Files:
-
- 2 edited
-
user_GuestAdditions.xml (modified) (1 diff)
-
user_Security.xml (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/doc/manual/en_US/user_GuestAdditions.xml
r56881 r57607 1855 1855 <computeroutput>Guest/RAM/Usage/Shared</computeroutput> will return the 1856 1856 amount of fused memory for a given VM. Please refer to <xref 1857 linkend="metrics" /> for information on how to query metrics.</para> 1857 linkend="metrics" /> for information on how to query metrics.</para> 1858 1859 <note><para>Enabling Page Fusion might improve the chances for malicious 1860 guests to successfully attack other VMs running on the same host using 1861 side-channel attacks, see <xref linkend="pot-insecure"/>.</para></note> 1858 1862 </sect2> 1859 1863 </sect1> -
trunk/doc/manual/en_US/user_Security.xml
r56451 r57607 306 306 --> 307 307 308 <sect2 >308 <sect2 id="pot-insecure"> 309 309 <title>Potentially insecure operations</title> 310 310 … … 326 326 network the first question to answer is how both VMs can securely 327 327 access the same virtual disk image(s) with a reasonable performance. </para> 328 </listitem> 329 330 <listitem> 331 <para>When Page Fusion (see <xref linkend="guestadd-pagefusion"/>) 332 is enabled, a malicious guest doing a side-channel attack could be 333 able to determine the address space layout of another guest running 334 on the same host. This would improve the chances of the malicious guest 335 to take advantage of other attack vectors he might have against the 336 target VM. To prevent potential malcious guest process from doing 337 such side-channel attacks, Page Fusion should be disabled.</para> 328 338 </listitem> 329 339
Note:
See TracChangeset
for help on using the changeset viewer.
