[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] possible packet sniffer between domains?

> > This might be a security problem for some people -- currently the
> > pages that are returned to Xen could have previously be used for any
> > purpose (e.g., they could be pages containg contents of arbitrary
> > files, or arbitrary VM pages from any running application).
> yowza. Yes, this could be a security issue for some people :-)
> The pages Plan 9 returns are going to get zero'ed. It might be a good idea
> to have a build option for domU (or even dom0) Linux/freebsd/etc. that
> pages returned to Zen always get zero'd. 

If you naively scub memory every time you allocate a network page,
your network performance will undoubtedly be affected.

I've checked in code for Linux that scrubs memory before freeing it to
Xen. Furthermore, after a guest has died, Xen will scrub its memory as
it becomes free. The exceptions to this scrubbing are:

 1. It can be entirely disabled via a config option under the 'XEN'
    menu in the Linux build configurator.

 2. Network-receive memory is allocated out of a dedicated slab-cache
    allocator. I only scrub memory when it enters the slab cache --
    this means that a guest may leak partial contents of
    previously-received network packets, but NOT arbitrary
    VM/buffer-cache pages. This is perfectly adequate if
    security-sensitive connections are end-to-end secured, as they
    should be.

 -- Keir

This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.