[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] New heap API and scrubbing

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, "Xen-Devel (E-mail)" <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
Date: Wed, 11 Feb 2009 14:20:10 +0000 (GMT)
Cc:
Delivery-date: Wed, 11 Feb 2009 06:21:38 -0800
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

> > Moreover, it appears that there are MANY calls throughout
> > Xen to free_XXXheap_page/s() but I don't see much code
> > that scrubs the pages before freeing them.  Isn't
> > this a potential security issue?  Perhaps it should
> > be easier to free+scrub pages?
> 
> Pages which are currently not scrubbed are either:
>  1. Freed by a domain before it dies, so it has to scrub them.
>  2. Xenheap pages or anonymous domheap pages which thus 
> contained no guest
> data and no security risk in not scrubbing them.

I realize that's true of "data" pages.  I'm no security
expert, but I think I'm referring to "sideband" attacks.
I.e. if an attacker gets enough "non-data" pages (such
as page-table pages) from another domain, there is eventually
sufficient information to derive something useful.
The security guys get into a tizzy about such things.
 
> Feel free to add a free+scrub function.

OK.  Since tmem has true "data" pages to free, I will
do that.

Thanks,
Dan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- Re: [Xen-devel] New heap API and scrubbing
  - From: Keir Fraser

Prev by Date: [Xen-devel] Re: [ofa-general] Fwd: pciback module not working
Next by Date: Re: [Xen-devel] HYPERVISOR_multicall Limitation
Previous by thread: Re: [Xen-devel] New heap API and scrubbing
Next by thread: [Xen-devel] hang on restore in 3.3.1
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.