WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] RAM security

from [Jonathan Tripathy] [Permanent Link][Original]
To: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] RAM security
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Mon, 06 Dec 2010 15:35:49 +0000
Cc:
Delivery-date: Mon, 06 Dec 2010 07:37:07 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <AANLkTinVW1NNkNkqYaeyi08dBX+iPTRbipv7+AG4sFUZ@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F0AFF44@xxxxxxxxxxxxxxxxxxx> <46C13AA90DB8844DAB79680243857F0F0AFF45@xxxxxxxxxxxxxxxxxxx> <AANLkTinVW1NNkNkqYaeyi08dBX+iPTRbipv7+AG4sFUZ@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 
Just a few questions:
1) By saying "the guest's responsibility", does this mean that CONFIG_XEN_SCRUB_PAGES=y is set in the DomU kernel config?
2) Also, if a DomU was shutdown by xm destroy, obviously the DomU wouldn’t scrub the RAM. However would Xen still scrub the RAM?
3) If the physical server was shutdown (e.g. plug pulled), I'm guessing this will presetn a problem? 

4) Why doesn't Xen scrub the RAM before giving it to the DomU?

Thanks

On 06/12/10 14:49, George Dunlap wrote:

I looked into this sometime this last year.  I believe the answer is
"no": the domain destruction routines will zero memory before handing
it back to Xen.

One potential data leak, however (last time I looked at this), is that
Xen does not scrub memory handed back by the balloon driver.  So if
the guest OS hasn't scrubbed it, and it contains sensitive
information, it may end up being assigned to another domain as-is
(either via ballooning or start-of-day domain creation).  At the
moment that's considered the guest's responsibility.

  -George

On Mon, Dec 6, 2010 at 2:35 PM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx>  wrote:

Hi Everyone,

In Xen, is a DomU able to access data in RAM which a previous DomU has
stored in the past, but didn't "zero" it?

I understand that this is a problem with physical disks (using phy:/), just
wondering if the same stands with RAM

Thanks

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Accessing HW from Virtual machine, Pasi Kärkkäinen
Next by Date:  Re: [Xen-devel] RAM security, Keir Fraser
Previous by Thread:  Re: [Xen-devel] RAM security, Jonathan Tripathy
Next by Thread:  Re: [Xen-devel] RAM security, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy