This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
From: Pasi Kärkkäinen <pasik@xxxxxx>
Date: Sun, 7 Mar 2010 16:36:31 +0200
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Sun, 07 Mar 2010 06:37:09 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C7B80ACF.C5EE%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C7B7F4C4.C5D8%keir.fraser@xxxxxxxxxxxxx> <C7B80ACF.C5EE%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)
On Sat, Mar 06, 2010 at 01:36:15PM +0000, Keir Fraser wrote:
> On 06/03/2010 12:02, "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx> wrote:
> > On 06/03/2010 10:12, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> > wrote:
> > 
> >> It's really interesting how much control does the VM have over the data
> >> (and location) that are corrupted in Dom0 -- if it has any control, then
> >> it might allow for an interesting VM escape attack perhaps :)
> >> 
> >> Unfortunately we don't have time to investigate this problem any further
> >> in our lab.
> > 
> > Thanks, I'll see if I can repro with your simple setup. It's an interesting
> > one since presumably the domU is not doing much other waiting on its
> > rootdelay timeout when the corruption manifests. Sounds like the dom0 kernel
> > version doesn't matter at all?
> Tried a few times and no luck reproducing so far. I hope some other people
> on the list also will give it a go, since it's so easy to try it out.

I'm able to reproduce this with xen/master dom0 kernel (from 
but I'm not able to reproduce it with the current xen/stable

I'll try with the most recent dom0 kernel aswell..

-- Pasi

Xen-devel mailing list