Mitigations for resource usage covert side channels in qubes

fsflover · April 20, 2022, 9:16am

VM suspend ("Pause") and qmemman

opened 11:37AM - 09 Sep 19 UTC

closed 09:21AM - 05 Aug 23 UTC

T: bug C: core P: default eol-4.0

**Qubes OS version** R4.0 current-testing **Affected component(s) or functio…nality** Resuming from the the Qubes Domain VM/Pause functionality (aka VM suspend) **Brief summary** If I suspend a domain utilizing significant RAM that has meminfo-writer service enabled, perform several VM operations, and then resume the VM, the VM usually instantly terminates. **To Reproduce** Create a VM where maxmem is 1/3 of RAM. Perform some memory intenstive operations in the VM. Stop the operations and let the VM settle. Pause the VM. Do something similar in other VMs without suspending them. Resume the VM. **Expected behavior** VM terminates. **Actual behavior** Resuming a VM should be able to ease a VM back into the memory horsetrading without panicking. B

github.com/QubesOS/qubes-issues

Explicitly paused VMs get started on system suspend/resume.

opened 10:49AM - 13 Jan 16 UTC

caturandom

T: bug C: core P: minor needs diagnosis affects-4.1 affects-4.2

When suspending a VM I'd expect it to be still suspended after closing and openi…ng my laptop lid. But this is not the case. I assume that on system suspend every VM gets paused and on system resume every VM gets started again even if it has been explicitly sent to sleep before .

github.com/QubesOS/qubes-issues

Improve UX regarding VM pausing

opened 10:15AM - 10 Aug 20 UTC

andrewdavidwong

T: enhancement C: core ux P: default

**The problem you're addressing (if any)** Most users don't know what pausing… a VM does or when they should do it. **Describe the solution you'd like** Some better way for Qubes OS to make VM pausing intuitive for users, or just improve the UX regarding VM pausing in general, however you deem best. **Where is the value to a user, and who might that user be?** Users won't use the pause functionality for the wrong reasons or in the wrong way. Users won't see the pause button and wonder fearfully what it does. **Describe alternatives you've considered** Document information about pausing VMs. This would also be good, but of course not everyone will read the documentation. **Additional context** See the discussion on #5988. **Relevant [documentation](https://www.qubes-os.org/doc/) you've consulted** We currently don't mention pausing much in the documentation. [Understanding and Preventing Data Leaks](https://www.qubes-os.org/doc/data-leaks/) mentions it in passing. **Related, [non-duplicate](https://www.qubes-os.org/doc/reporting-bugs/#new-issues-should-not-be-duplicates-of-existing-issues) issues** #5988, #5987, #5967, #5305, #4700, #4101

github.com/QubesOS/qubes-issues

qvm-shutdown on paused VMs behaves oddly

opened 04:32PM - 07 Aug 20 UTC

closed 09:24AM - 05 Aug 23 UTC

3hhh

T: bug C: core ux P: default eol-4.0

**Qubes OS version** 4.0 **Affected component(s) or functionality** `qvm-sh…utdown` **Brief summary** `qvm-shutdown` hangs for a while and then apparently kills paused VMs. **To Reproduce** ``` qvm-run --dispvm surfing-dvm xterm qvm-pause disp1234 qvm-shutdown --wait disp1234 ``` **Expected behavior** `qvm-shutdown` performs the shutdown. Possibly even gracefully (i.e. by unpausing the VM first). **Actual behavior** `qvm-shutdown` hangs for 10s or so. Then it apparently kills the VM. **Recommendation** From my point of view it would be sensible to handle paused VMs as follows: `qvm-shutdown`: Unpause and shutdown gracefully as usual. `qvm-kill`: Do not unpause, remove it from memory instantly (shouldn't take 10s). **Related, [non-duplicate](https://www.qubes-os.org/doc/reporting-bugs/#new-issues-should-not-be-duplicates-of-existing-issues) issues** #5967