[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] features: declare the Credit2 scheduler as Supported.



>>> On 02.11.16 at 11:22, <dario.faggioli@xxxxxxxxxx> wrote:
> 3) Is there any information leakage?
> 
> The only information which the scheduler exposes to unprivileged
> guests is the timing information.  This may be able to be used for
> side-channel attacks to probabilistically infer things about other
> vcpus running on the same system; but this has not traditionally
> been considered within the security boundary. And, again, this is
> possible with all schedulers.
> 
> The control domain can issue DOMCTL_SCHEDOP and SYSCTL_SCHEDOP
> hypercalls. Auditing such code, nothing that looks like a security
> risk has been found (E.g., there's no risk of leaking content of
> the hypervisor stack, as no buffer/local variables is returned).

There certainly are buffers being returned here. Namely in the
credit2 case there's also a 32-bit padding field in the domctl
interface structure (and uniformly for all schedulers there's one
in the sysctl structure), which provides the fundamental means
to leak stack data. However, none of this is a problem, both
because iirc leaking stack data to Dom0 is not really considered
a security issue, and because of the way the structures get
dealt with. Nevertheless I think the above paragraph should be
re-worded.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.