From: Stefan Hajnoczi <stefanha@gmail.com>
To: Peter Lieven <pl@kamp.de>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [Qemu-devel] [RFC] sanitize memory on system reset
Date: Fri, 14 Jun 2013 13:06:16 +0200 [thread overview]
Message-ID: <20130614110616.GD26780@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <51B986EF.9000304@kamp.de>
On Thu, Jun 13, 2013 at 10:46:39AM +0200, Peter Lieven wrote:
> On 13.06.2013 10:40, Stefan Hajnoczi wrote:
> >On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:
> >>I was thinking if it would be a good idea to zeroize all memory resources on system reset and
> >>madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker
> >>has only access to the console of a vServer but not on the physical host and it would shrink
> >>RSS size of the vServer siginificantly.
> >I wonder if you'll hit weird OS installers or PXE clients that rely on
> >stashing stuff in memory across reset.
> Mhh, that indeed would be weird.
>
> What do you think of the idea in general? You concerns could be addresses by adding
> a switch for this which defaults to off.
Any time we deviate from how real hardware behaves we end up in trouble
later on. Something will depend on this behavior.
It is nice to reduce the RSS footprint on reboot in some cases, your
idea makes sense. I think it should be disabled by default for
compatibility.
Stefan
next prev parent reply other threads:[~2013-06-14 11:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 6:09 [Qemu-devel] [RFC] sanitize memory on system reset Peter Lieven
2013-06-13 8:40 ` Stefan Hajnoczi
2013-06-13 8:46 ` Peter Lieven
2013-06-14 11:06 ` Stefan Hajnoczi [this message]
2013-06-13 8:51 ` Peter Lieven
2013-06-13 10:55 ` Markus Armbruster
2013-06-13 11:56 ` Anthony Liguori
2013-06-13 12:30 ` Paolo Bonzini
2013-06-14 6:56 ` Christian Borntraeger
2013-06-14 9:44 ` Alexander Graf
2013-06-14 13:43 ` Paolo Bonzini
2013-06-17 7:18 ` Peter Lieven
2013-06-14 16:14 ` H. Peter Anvin
2013-06-13 14:23 ` Peter Lieven
2013-06-13 15:51 ` Markus Armbruster
2013-06-13 19:20 ` Peter Lieven
2013-06-13 9:22 ` Andreas Färber
2013-06-13 9:33 ` Peter Lieven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130614110616.GD26780@stefanha-thinkpad.redhat.com \
--to=stefanha@gmail.com \
--cc=hpa@zytor.com \
--cc=pl@kamp.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).