[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] HT Vulnerability CAN-2005-0109

> Sorry if this is a dupe. I quickly checked the lists and the bitkeeper
> changesets but found no reference. If i missed it, ignore this mail.

No, this hasn't been mentioned on the lists yet.

> Just stumbled on /. upon CAN-2005-0109 and wonder if xen is affected:
>   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109>
>   <http://www.daemonology.net/hyperthreading-considered-harmful/>

This vulnerability could (in principle) affect isolation between Xen VMs.  
It's not clear how exploitable it is, though.

> I have _no_clue_ about OS internals, processors or programming, but as i
> understood the abstract this is a bug on some intel pentium/xeon cpus in
> their hyperthreading implementation (i read it "ht threads share cpu
> cache in a way that information leaks from one thread to another"). The
> author states that the OS kernel (here: the xen kernel) could workaround
> that bug.

Yes, it's possible to imagine various strategies to work around this problem.

> Is it possible that two domain kernels running on the same physical core
> but on different ht threads leak information to each other exploiting
> this covert/side channels?

Theoretically possible but not necessarily a problem in practice.

Covert channels will *always* be there.  The problem with this channel is that 
it is potentially rather high bandwidth and that it can be used as a side 
channel to try to capture crypto keys from OpenSSL.

Someone has yet to release code that'll actually exploit these theoretical 
holes, so it's not clear how big a problem is in practice.


> I apologize in advance if all this does not make sense ...
> /nils.
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.