|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Reserved-memory node handling in XEN ( WAS Re: [ARM] Handling CMA pool device nodes in Dom0)
On 27/07/17 11:36, Andrii Anisov wrote: Dear Julien, On 27.07.17 12:55, Julien Grall wrote:It really depends on the security impact here. If the reserved memory is shared with other device, what would be the impact of a domain using the wrong memory attribute?I'm sorry, I did not get the point. Could you please provide an example of a security impact? Let's rephrase it differently. Is the reserved memory always RAM or could it be other things? Furthermore, using the weakest one would imply cache maintenance when the region is assigned/deassigned to/from a domain to prevent leaking data.Could you please provide an example scenario for data leakage? Well, if your region is cacheable it might be possible to have some data left in the cache after the domain destruction. If you start a domain afterwards, it may be able to read data that belonged to the previous domain. Hence data leak. All region of page allocated by the memory allocator in Xen will be clean and invalidate to prevent such leak. This will not be the case for reserved memory as this will not be managed by the memory allocator. Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |