qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] sanitize memory on system reset


From: Anthony Liguori
Subject: Re: [Qemu-devel] [RFC] sanitize memory on system reset
Date: Thu, 13 Jun 2013 06:56:59 -0500
User-agent: Notmuch/0.15.2+77~g661dcf8 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-pc-linux-gnu)

Markus Armbruster <address@hidden> writes:

> Peter Lieven <address@hidden> writes:
>
>> On 13.06.2013 10:40, Stefan Hajnoczi wrote:
>>> On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:
>>>> I was thinking if it would be a good idea to zeroize all memory
>>>> resources on system reset and
>>>> madvise dontneed them afterwards. This would avoid system reset
>>>> attacks in case the attacker
>>>> has only access to the console of a vServer but not on the physical
>>>> host and it would shrink
>>>> RSS size of the vServer siginificantly.
>>> I wonder if you'll hit weird OS installers or PXE clients that rely on
>>> stashing stuff in memory across reset.
>> One point:
>> Wouldn't a memory test which some systems do at startup break these as well?
>
> Systems that distinguish between warm and cold boot (such as PCs)
> generally run POST only on cold boot.
>
> I'm not saying triggering warm reboot and expecting memory contents to
> survive is a good idea, but it has been done.

Doesn't kexec do a warm reboot stashing the new kernel somewhere in
memory?

Regards,

Anthony Liguori




reply via email to

[Prev in Thread] Current Thread [Next in Thread]