WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0

To: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Sat, 06 Mar 2010 12:02:12 +0000
Cc:
Delivery-date: Sat, 06 Mar 2010 04:03:51 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B922A89.2060105@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acq9F5Nm7XXkIbVIRa+QTgMgSBHlLwADUdbH
Thread-topic: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
User-agent: Microsoft-Entourage/12.23.0.091001
On 06/03/2010 10:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
wrote:

> It's really interesting how much control does the VM have over the data
> (and location) that are corrupted in Dom0 -- if it has any control, then
> it might allow for an interesting VM escape attack perhaps :)
> 
> Unfortunately we don't have time to investigate this problem any further
> in our lab.

Thanks, I'll see if I can repro with your simple setup. It's an interesting
one since presumably the domU is not doing much other waiting on its
rootdelay timeout when the corruption manifests. Sounds like the dom0 kernel
version doesn't matter at all?

 Regards,
 Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel