[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0



On Sat, Mar 06, 2010 at 01:36:15PM +0000, Keir Fraser wrote:
> On 06/03/2010 12:02, "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx> wrote:
> 
> > On 06/03/2010 10:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> > wrote:
> > 
> >> It's really interesting how much control does the VM have over the data
> >> (and location) that are corrupted in Dom0 -- if it has any control, then
> >> it might allow for an interesting VM escape attack perhaps :)
> >> 
> >> Unfortunately we don't have time to investigate this problem any further
> >> in our lab.
> > 
> > Thanks, I'll see if I can repro with your simple setup. It's an interesting
> > one since presumably the domU is not doing much other waiting on its
> > rootdelay timeout when the corruption manifests. Sounds like the dom0 kernel
> > version doesn't matter at all?
> 
> Tried a few times and no luck reproducing so far. I hope some other people
> on the list also will give it a go, since it's so easy to try it out.
> 

I'm able to reproduce this with xen/master 2.6.31.6 dom0 kernel (from 
2010-02-20),
but I'm not able to reproduce it with the current xen/stable 2.6.32.9.

I'll try with the most recent 2.6.31.6 dom0 kernel aswell..

-- Pasi


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.