WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] RAM security

from [Jonathan Tripathy] [Permanent Link][Original]
To: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] RAM security
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Mon, 06 Dec 2010 15:13:38 +0000
Cc:
Delivery-date: Mon, 06 Dec 2010 07:15:22 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTinVW1NNkNkqYaeyi08dBX+iPTRbipv7+AG4sFUZ@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F0AFF44@xxxxxxxxxxxxxxxxxxx> <46C13AA90DB8844DAB79680243857F0F0AFF45@xxxxxxxxxxxxxxxxxxx> <AANLkTinVW1NNkNkqYaeyi08dBX+iPTRbipv7+AG4sFUZ@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 
Would one way around this be to disable ballooning in the DomUs?
At the minute, only my Dom0 can be ballooned, all DomU have a fixed memory size. Is this sufficient? 

Thanks


On 06/12/10 14:49, George Dunlap wrote:

I looked into this sometime this last year.  I believe the answer is
"no": the domain destruction routines will zero memory before handing
it back to Xen.

One potential data leak, however (last time I looked at this), is that
Xen does not scrub memory handed back by the balloon driver.  So if
the guest OS hasn't scrubbed it, and it contains sensitive
information, it may end up being assigned to another domain as-is
(either via ballooning or start-of-day domain creation).  At the
moment that's considered the guest's responsibility.

  -George

On Mon, Dec 6, 2010 at 2:35 PM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx>  wrote:

Hi Everyone,

In Xen, is a DomU able to access data in RAM which a previous DomU has
stored in the past, but didn't "zero" it?

I understand that this is a problem with physical disks (using phy:/), just
wondering if the same stands with RAM

Thanks

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] RAM security, George Dunlap
Next by Date:  Re: [Xen-devel] Accessing HW from Virtual machine, Pasi Kärkkäinen
Previous by Thread:  Re: [Xen-devel] RAM security, George Dunlap
Next by Thread:  Re: [Xen-devel] RAM security, Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy