/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory dedup exploitation resilience #2104

Closed
Rudd-O opened this Issue Jun 21, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@Rudd-O @marmarek
@Rudd-O

Rudd-O commented Jun 21, 2016

Qubes OS version (e.g., R3.1):

Any.

Affected TemplateVMs (e.g., fedora-23, if applicable):

Not pertinent.

There appears to be a way to reliable exploit a combo of Rowhammer and kernel samepage merging / Xen memory dedup: http://www.cs.vu.nl//~kaveh/pubs/pdf/dedup-sp16.pdf -- by the nature of the attack, this might work in a cross-VM fashion.

IF there exist any facilities that would enable such an exploit on Qubes OS, there should be a setting defaulting to off to toggle those facilities.

@marmarek marmarek added the invalid label Jun 21, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 21, 2016

Member

We don't use any memory deduplication (which in Xen is only part of experimental, unsupported, disabled by default "tmem").
Member

marmarek commented Jun 21, 2016

We don't use any memory deduplication (which in Xen is only part of experimental, unsupported, disabled by default "tmem").

@marmarek marmarek closed this Jun 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment