[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.
>>> On 02.11.16 at 11:22, <dario.faggioli@xxxxxxxxxx> wrote: > 3) Is there any information leakage? > > The only information which the scheduler exposes to unprivileged > guests is the timing information. This may be able to be used for > side-channel attacks to probabilistically infer things about other > vcpus running on the same system; but this has not traditionally > been considered within the security boundary. And, again, this is > possible with all schedulers. > > The control domain can issue DOMCTL_SCHEDOP and SYSCTL_SCHEDOP > hypercalls. Auditing such code, nothing that looks like a security > risk has been found (E.g., there's no risk of leaking content of > the hypervisor stack, as no buffer/local variables is returned). There certainly are buffers being returned here. Namely in the credit2 case there's also a 32-bit padding field in the domctl interface structure (and uniformly for all schedulers there's one in the sysctl structure), which provides the fundamental means to leak stack data. However, none of this is a problem, both because iirc leaking stack data to Dom0 is not really considered a security issue, and because of the way the structures get dealt with. Nevertheless I think the above paragraph should be re-worded. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |