WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] RAM security

To: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, <Xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] RAM security
From: Keir Fraser <keir@xxxxxxx>
Date: Mon, 06 Dec 2010 08:26:34 -0800
Cc:
Delivery-date: Mon, 06 Dec 2010 08:28:24 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:user-agent:date :subject:from:to:message-id:thread-topic:thread-index:in-reply-to :mime-version:content-type:content-transfer-encoding; bh=TSbwXlQzvFtJHkVvmSIQFix+uValwaWGzjMojoO0cak=; b=ZHmguILtl42DPgAqiy4t9IOCgydeFliNjOPhpJx3TWtQAOpI9uLdr6DY12tWUZKhCD ppOmn+CgvUHwynSwB2t2RUoy33Osp1EXCTZ0SzX8RZZ/keDq9B/kebg4hq+Jy/2B2qor DgHTer7bbLtdc0okVy3AuTOl5MG5hJ7TVDfzY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=ZzKQpvnzmZzqHgTPIyi1TitKaoC2BhUMWEg37K4UERoeSEr2rte8utLDGL+uXJL8xq 1TSChi7vCcbGxJFe9+q7PF5Mf4cetbo7GH39DHEEecggRTqhVHaYHZXUmEIeUSx7rChX RJaexNK0KPTUeJ+sOzDQn0FeT/NnWDlU5EPPE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4CFD02D5.7080903@xxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcuVYljWE041ahZjUkOK8fzI1Wmhuw==
Thread-topic: [Xen-devel] RAM security
User-agent: Microsoft-Entourage/12.23.0.091001
On 06/12/2010 07:35, "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx> wrote:

> Just a few questions:
> 
> 1) By saying "the guest's responsibility", does this mean that
> CONFIG_XEN_SCRUB_PAGES=y is set in the DomU kernel config?

Yes.

> 2) Also, if a DomU was shutdown by xm destroy, obviously the DomU
> wouldn¹t scrub the RAM. However would Xen still scrub the RAM?

Xen always scrubs memory on behalf of a dead domain.

> 3) If the physical server was shutdown (e.g. plug pulled), I'm guessing
> this will presetn a problem?

Xen scrubs all memory during boot, unless told not to via a boot parameter.

> 4) Why doesn't Xen scrub the RAM before giving it to the DomU?

It does in the above circumstances. Otherwise it is up to the domU, and why
not.

 -- Keir

> Thanks
> 
> On 06/12/10 14:49, George Dunlap wrote:
>> I looked into this sometime this last year.  I believe the answer is
>> "no": the domain destruction routines will zero memory before handing
>> it back to Xen.
>> 
>> One potential data leak, however (last time I looked at this), is that
>> Xen does not scrub memory handed back by the balloon driver.  So if
>> the guest OS hasn't scrubbed it, and it contains sensitive
>> information, it may end up being assigned to another domain as-is
>> (either via ballooning or start-of-day domain creation).  At the
>> moment that's considered the guest's responsibility.
>> 
>>   -George
>> 
>> On Mon, Dec 6, 2010 at 2:35 PM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx>  wrote:
>>> Hi Everyone,
>>> 
>>> In Xen, is a DomU able to access data in RAM which a previous DomU has
>>> stored in the past, but didn't "zero" it?
>>> 
>>> I understand that this is a problem with physical disks (using phy:/), just
>>> wondering if the same stands with RAM
>>> 
>>> Thanks
>>> 
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>>> http://lists.xensource.com/xen-devel
>>> 
>>> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>