[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
|
From: |
procmem |
|
Subject: |
Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? |
|
Date: |
Sat, 2 Jun 2018 03:08:54 +0000 |
Michael S. Tsirkin:
> On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote:
>>
>>
>> Stefan Hajnoczi:
>>> On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
>>>> Hi I'm a privacy distro maintainer investigating the implications of the
>>>> newly published nethammer attack [0] on KVM guests particularly the
>>>> virtio-net drivers. The summary of the paper is that rowhammer can be
>>>> remotely triggered by feeding susceptible* network driver crafted
>>>> traffic. This attack can do all kinds of nasty things such as modifying
>>>> SSL certs on the victim system.
>>>>
>>>> * Susceptible drivers are those relying on Intel CAT, uncached memory or
>>>> the clflush instruction.
>>>>
>>>> My question is, do virtio-net drivers do any of these things?
>>> I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
>>>
>>>> ***
>>>>
>>>> [0] https://arxiv.org/abs/1805.04956
>>>>
>>>>
>>>>
>>
>> Thanks :) I thought my message was forgotten
>
>
> I don't think virtio is using either of these.
>
> Linux does support CAT AFAIK but it has nothing to do with virtio.
>
Thanks for confirming. This is good news indeed. I am considering
posting about this to kernel-hardening so it's on the sec team's radar
when considering upstream network drivers. What do you think?