From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45482) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Un34t-0004fP-Sf for qemu-devel@nongnu.org; Thu, 13 Jun 2013 04:40:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Un34s-00032p-MW for qemu-devel@nongnu.org; Thu, 13 Jun 2013 04:40:19 -0400 Received: from mail-wg0-x235.google.com ([2a00:1450:400c:c00::235]:44854) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Un34s-00032c-Gg for qemu-devel@nongnu.org; Thu, 13 Jun 2013 04:40:18 -0400 Received: by mail-wg0-f53.google.com with SMTP id y10so5431779wgg.32 for ; Thu, 13 Jun 2013 01:40:17 -0700 (PDT) Date: Thu, 13 Jun 2013 10:40:15 +0200 From: Stefan Hajnoczi Message-ID: <20130613084015.GF2633@stefanha-thinkpad.redhat.com> References: <51B96205.4010601@kamp.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <51B96205.4010601@kamp.de> Subject: Re: [Qemu-devel] [RFC] sanitize memory on system reset List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Lieven Cc: "qemu-devel@nongnu.org" , "H. Peter Anvin" On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote: > I was thinking if it would be a good idea to zeroize all memory resources on system reset and > madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker > has only access to the console of a vServer but not on the physical host and it would shrink > RSS size of the vServer siginificantly. I wonder if you'll hit weird OS installers or PXE clients that rely on stashing stuff in memory across reset. Stefan