From: Anthony Liguori <anthony@codemonkey.ws>
To: Markus Armbruster <armbru@redhat.com>, Peter Lieven <pl@kamp.de>
Cc: Stefan Hajnoczi <stefanha@gmail.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [Qemu-devel] [RFC] sanitize memory on system reset
Date: Thu, 13 Jun 2013 06:56:59 -0500 [thread overview]
Message-ID: <87vc5iz0j8.fsf@codemonkey.ws> (raw)
In-Reply-To: <8761xi7016.fsf@blackfin.pond.sub.org>
Markus Armbruster <armbru@redhat.com> writes:
> Peter Lieven <pl@kamp.de> writes:
>
>> On 13.06.2013 10:40, Stefan Hajnoczi wrote:
>>> On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:
>>>> I was thinking if it would be a good idea to zeroize all memory
>>>> resources on system reset and
>>>> madvise dontneed them afterwards. This would avoid system reset
>>>> attacks in case the attacker
>>>> has only access to the console of a vServer but not on the physical
>>>> host and it would shrink
>>>> RSS size of the vServer siginificantly.
>>> I wonder if you'll hit weird OS installers or PXE clients that rely on
>>> stashing stuff in memory across reset.
>> One point:
>> Wouldn't a memory test which some systems do at startup break these as well?
>
> Systems that distinguish between warm and cold boot (such as PCs)
> generally run POST only on cold boot.
>
> I'm not saying triggering warm reboot and expecting memory contents to
> survive is a good idea, but it has been done.
Doesn't kexec do a warm reboot stashing the new kernel somewhere in
memory?
Regards,
Anthony Liguori
next prev parent reply other threads:[~2013-06-13 11:57 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 6:09 [Qemu-devel] [RFC] sanitize memory on system reset Peter Lieven
2013-06-13 8:40 ` Stefan Hajnoczi
2013-06-13 8:46 ` Peter Lieven
2013-06-14 11:06 ` Stefan Hajnoczi
2013-06-13 8:51 ` Peter Lieven
2013-06-13 10:55 ` Markus Armbruster
2013-06-13 11:56 ` Anthony Liguori [this message]
2013-06-13 12:30 ` Paolo Bonzini
2013-06-14 6:56 ` Christian Borntraeger
2013-06-14 9:44 ` Alexander Graf
2013-06-14 13:43 ` Paolo Bonzini
2013-06-17 7:18 ` Peter Lieven
2013-06-14 16:14 ` H. Peter Anvin
2013-06-13 14:23 ` Peter Lieven
2013-06-13 15:51 ` Markus Armbruster
2013-06-13 19:20 ` Peter Lieven
2013-06-13 9:22 ` Andreas Färber
2013-06-13 9:33 ` Peter Lieven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vc5iz0j8.fsf@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=armbru@redhat.com \
--cc=hpa@zytor.com \
--cc=pl@kamp.de \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.