[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0



On 03/06/2010 07:02 AM, Keir Fraser wrote:
> On 06/03/2010 10:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
> 
>> It's really interesting how much control does the VM have over the data
>> (and location) that are corrupted in Dom0 -- if it has any control, then
>> it might allow for an interesting VM escape attack perhaps :)
>>
>> Unfortunately we don't have time to investigate this problem any further
>> in our lab.
> 
> Thanks, I'll see if I can repro with your simple setup. It's an interesting
> one since presumably the domU is not doing much other waiting on its
> rootdelay timeout when the corruption manifests. Sounds like the dom0 kernel
> version doesn't matter at all?
> 
Yes, I tried at least a few different Dom0 kernels (based on 2.6.31 and
2.6.32 git).

One correction to the report: I think I actually haven't tried
2.6.32-based kernel in the VM -- only in Dom0, and a Rafal tried 2.6.32
in a VM and it didn't show the corruption in that case. So, it something
specific to xen/master kernel branch (and 4.0 hypervisors).

joanna.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.