From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60876)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Un69V-00012V-LN
	for qemu-devel@nongnu.org; Thu, 13 Jun 2013 07:57:19 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Un69U-0003lU-Jn
	for qemu-devel@nongnu.org; Thu, 13 Jun 2013 07:57:17 -0400
Received: from mail-ob0-x234.google.com ([2607:f8b0:4003:c01::234]:38651)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Un69U-0003lF-Ez
	for qemu-devel@nongnu.org; Thu, 13 Jun 2013 07:57:16 -0400
Received: by mail-ob0-f180.google.com with SMTP id eh20so14974948obb.11
	for <qemu-devel@nongnu.org>; Thu, 13 Jun 2013 04:57:15 -0700 (PDT)
From: Anthony Liguori <anthony@codemonkey.ws>
In-Reply-To: <8761xi7016.fsf@blackfin.pond.sub.org>
References: <51B96205.4010601@kamp.de>
	<20130613084015.GF2633@stefanha-thinkpad.redhat.com>
	<51B98822.1030402@kamp.de> <8761xi7016.fsf@blackfin.pond.sub.org>
Date: Thu, 13 Jun 2013 06:56:59 -0500
Message-ID: <87vc5iz0j8.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Qemu-devel] [RFC] sanitize memory on system reset
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>, Peter Lieven <pl@kamp.de>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "H. Peter Anvin" <hpa@zytor.com>

Markus Armbruster <armbru@redhat.com> writes:

> Peter Lieven <pl@kamp.de> writes:
>
>> On 13.06.2013 10:40, Stefan Hajnoczi wrote:
>>> On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:
>>>> I was thinking if it would be a good idea to zeroize all memory
>>>> resources on system reset and
>>>> madvise dontneed them afterwards. This would avoid system reset
>>>> attacks in case the attacker
>>>> has only access to the console of a vServer but not on the physical
>>>> host and it would shrink
>>>> RSS size of the vServer siginificantly.
>>> I wonder if you'll hit weird OS installers or PXE clients that rely on
>>> stashing stuff in memory across reset.
>> One point:
>> Wouldn't a memory test which some systems do at startup break these as well?
>
> Systems that distinguish between warm and cold boot (such as PCs)
> generally run POST only on cold boot.
>
> I'm not saying triggering warm reboot and expecting memory contents to
> survive is a good idea, but it has been done.

Doesn't kexec do a warm reboot stashing the new kernel somewhere in
memory?

Regards,

Anthony Liguori