WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0

from [Joanna Rutkowska] [Permanent Link][Original]
To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
From: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 06 Mar 2010 06:53:07 -0500
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sat, 06 Mar 2010 04:07:15 -0800
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=1JzhBegKucfp8/PcITS0FEbVK+o=; b=DjMi+/zce1g6Cir+uIukP5aCHR0PxL4FAj2nOAsvARGswwkniR/YrThBLX3DvIZdHJf2EN7RgFU2hPbquNlsmjosQFqu3kCEEoH7m107rFwKeTKqVdTspGf+8s6EGvhKOfxjc5KLTeBeK9GE7JntLblCKVLmJTqfN2FbK+TNDn8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C7B7F4C4.C5D8%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C7B7F4C4.C5D8%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100301 Fedora/3.0.3-1.fc12 Thunderbird/3.0.3 
On 03/06/2010 07:02 AM, Keir Fraser wrote:
> On 06/03/2010 10:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
> 
>> It's really interesting how much control does the VM have over the data
>> (and location) that are corrupted in Dom0 -- if it has any control, then
>> it might allow for an interesting VM escape attack perhaps :)
>>
>> Unfortunately we don't have time to investigate this problem any further
>> in our lab.
> 
> Thanks, I'll see if I can repro with your simple setup. It's an interesting
> one since presumably the domU is not doing much other waiting on its
> rootdelay timeout when the corruption manifests. Sounds like the dom0 kernel
> version doesn't matter at all?
> 
Yes, I tried at least a few different Dom0 kernels (based on 2.6.31 and
2.6.32 git).

One correction to the report: I think I actually haven't tried
2.6.32-based kernel in the VM -- only in Dom0, and a Rafal tried 2.6.32
in a VM and it didn't show the corruption in that case. So, it something
specific to xen/master kernel branch (and 4.0 hypervisors).

joanna.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0, Keir Fraser
Next by Date:  [Xen-users] Re: [Xen-devel] unstable 4.0 config file/ build error, Pasi Kärkkäinen
Previous by Thread:  Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0, Keir Fraser
Next by Thread:  Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy