WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-devel] New heap API and scrubbing

from [Dan Magenheimer] [Permanent Link][Original]
To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, "Xen-Devel (E-mail)" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] New heap API and scrubbing
From: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
Date: Wed, 11 Feb 2009 14:20:10 +0000 (GMT)
Cc:
Delivery-date: Wed, 11 Feb 2009 06:21:38 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C5B8358F.192E%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> > Moreover, it appears that there are MANY calls throughout
> > Xen to free_XXXheap_page/s() but I don't see much code
> > that scrubs the pages before freeing them.  Isn't
> > this a potential security issue?  Perhaps it should
> > be easier to free+scrub pages?
> 
> Pages which are currently not scrubbed are either:
>  1. Freed by a domain before it dies, so it has to scrub them.
>  2. Xenheap pages or anonymous domheap pages which thus 
> contained no guest
> data and no security risk in not scrubbing them.

I realize that's true of "data" pages.  I'm no security
expert, but I think I'm referring to "sideband" attacks.
I.e. if an attacker gets enough "non-data" pages (such
as page-table pages) from another domain, there is eventually
sufficient information to derive something useful.
The security guys get into a tizzy about such things.
 
> Feel free to add a free+scrub function.

OK.  Since tmem has true "data" pages to free, I will
do that.

Thanks,
Dan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [ofa-general] Fwd: pciback module not working, subbu kl
Next by Date:  Re: [Xen-devel] HYPERVISOR_multicall Limitation, Keir Fraser
Previous by Thread:  Re: [Xen-devel] New heap API and scrubbing, Keir Fraser
Next by Thread:  [Xen-devel] hang on restore in 3.3.1, James Harper
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy