Re: [Xen-devel] New heap API and scrubbing

To:	Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>, "Xen-Devel (E-mail)" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] New heap API and scrubbing
From:	Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date:	Wed, 11 Feb 2009 07:58:07 +0000
Cc:
Delivery-date:	Tue, 10 Feb 2009 23:58:39 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<5af4178a-100f-4359-a4fa-5c8bc2227899@default>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcmL0o+ydMHWuTqwREeHC+CVGpNAywAS+mtx
Thread-topic:	[Xen-devel] New heap API and scrubbing
User-agent:	Microsoft-Entourage/12.15.0.081119

On 10/02/2009 22:53, "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx> wrote:

> Moreover, it appears that there are MANY calls throughout
> Xen to free_XXXheap_page/s() but I don't see much code
> that scrubs the pages before freeing them.  Isn't
> this a potential security issue?  Perhaps it should
> be easier to free+scrub pages?

Pages which are currently not scrubbed are either:
 1. Freed by a domain before it dies, so it has to scrub them.
 2. Xenheap pages or anonymous domheap pages which thus contained no guest
data and no security risk in not scrubbing them.

Feel free to add a free+scrub function.

 -- Keir

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] New heap API and scrubbing