* [Qemu-devel] Virtio-net drivers immune to Nethammer?
@ 2018-05-21 23:24 procmem
2018-06-01 11:34 ` Stefan Hajnoczi
0 siblings, 1 reply; 8+ messages in thread
From: procmem @ 2018-05-21 23:24 UTC (permalink / raw)
To: qemu-devel, whonix-devel
Hi I'm a privacy distro maintainer investigating the implications of the
newly published nethammer attack [0] on KVM guests particularly the
virtio-net drivers. The summary of the paper is that rowhammer can be
remotely triggered by feeding susceptible* network driver crafted
traffic. This attack can do all kinds of nasty things such as modifying
SSL certs on the victim system.
* Susceptible drivers are those relying on Intel CAT, uncached memory or
the clflush instruction.
My question is, do virtio-net drivers do any of these things?
***
[0] https://arxiv.org/abs/1805.04956
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-05-21 23:24 [Qemu-devel] Virtio-net drivers immune to Nethammer? procmem
@ 2018-06-01 11:34 ` Stefan Hajnoczi
2018-06-01 13:15 ` procmem
0 siblings, 1 reply; 8+ messages in thread
From: Stefan Hajnoczi @ 2018-06-01 11:34 UTC (permalink / raw)
To: procmem; +Cc: qemu-devel, whonix-devel, Michael S. Tsirkin, jasowang
[-- Attachment #1: Type: text/plain, Size: 770 bytes --]
On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
> Hi I'm a privacy distro maintainer investigating the implications of the
> newly published nethammer attack [0] on KVM guests particularly the
> virtio-net drivers. The summary of the paper is that rowhammer can be
> remotely triggered by feeding susceptible* network driver crafted
> traffic. This attack can do all kinds of nasty things such as modifying
> SSL certs on the victim system.
>
> * Susceptible drivers are those relying on Intel CAT, uncached memory or
> the clflush instruction.
>
> My question is, do virtio-net drivers do any of these things?
I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
> ***
>
> [0] https://arxiv.org/abs/1805.04956
>
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-06-01 11:34 ` Stefan Hajnoczi
@ 2018-06-01 13:15 ` procmem
2018-06-01 15:58 ` Michael S. Tsirkin
0 siblings, 1 reply; 8+ messages in thread
From: procmem @ 2018-06-01 13:15 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: qemu-devel, whonix-devel, Michael S. Tsirkin, jasowang
Stefan Hajnoczi:
> On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
>> Hi I'm a privacy distro maintainer investigating the implications of the
>> newly published nethammer attack [0] on KVM guests particularly the
>> virtio-net drivers. The summary of the paper is that rowhammer can be
>> remotely triggered by feeding susceptible* network driver crafted
>> traffic. This attack can do all kinds of nasty things such as modifying
>> SSL certs on the victim system.
>>
>> * Susceptible drivers are those relying on Intel CAT, uncached memory or
>> the clflush instruction.
>>
>> My question is, do virtio-net drivers do any of these things?
> I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
>
>> ***
>>
>> [0] https://arxiv.org/abs/1805.04956
>>
>>
>>
Thanks :) I thought my message was forgotten
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-06-01 13:15 ` procmem
@ 2018-06-01 15:58 ` Michael S. Tsirkin
2018-06-01 18:54 ` Dr. David Alan Gilbert
2018-06-02 3:08 ` procmem
0 siblings, 2 replies; 8+ messages in thread
From: Michael S. Tsirkin @ 2018-06-01 15:58 UTC (permalink / raw)
To: procmem; +Cc: Stefan Hajnoczi, qemu-devel, whonix-devel, jasowang
On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote:
>
>
> Stefan Hajnoczi:
> > On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
> >> Hi I'm a privacy distro maintainer investigating the implications of the
> >> newly published nethammer attack [0] on KVM guests particularly the
> >> virtio-net drivers. The summary of the paper is that rowhammer can be
> >> remotely triggered by feeding susceptible* network driver crafted
> >> traffic. This attack can do all kinds of nasty things such as modifying
> >> SSL certs on the victim system.
> >>
> >> * Susceptible drivers are those relying on Intel CAT, uncached memory or
> >> the clflush instruction.
> >>
> >> My question is, do virtio-net drivers do any of these things?
> > I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
> >
> >> ***
> >>
> >> [0] https://arxiv.org/abs/1805.04956
> >>
> >>
> >>
>
> Thanks :) I thought my message was forgotten
I don't think virtio is using either of these.
Linux does support CAT AFAIK but it has nothing to do with virtio.
--
MST
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-06-01 15:58 ` Michael S. Tsirkin
@ 2018-06-01 18:54 ` Dr. David Alan Gilbert
2018-06-02 3:04 ` procmem
2018-06-02 3:08 ` procmem
1 sibling, 1 reply; 8+ messages in thread
From: Dr. David Alan Gilbert @ 2018-06-01 18:54 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: procmem, Stefan Hajnoczi, jasowang, qemu-devel, whonix-devel
* Michael S. Tsirkin (mst@redhat.com) wrote:
> On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote:
> >
> >
> > Stefan Hajnoczi:
> > > On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
> > >> Hi I'm a privacy distro maintainer investigating the implications of the
> > >> newly published nethammer attack [0] on KVM guests particularly the
> > >> virtio-net drivers. The summary of the paper is that rowhammer can be
> > >> remotely triggered by feeding susceptible* network driver crafted
> > >> traffic. This attack can do all kinds of nasty things such as modifying
> > >> SSL certs on the victim system.
> > >>
> > >> * Susceptible drivers are those relying on Intel CAT, uncached memory or
> > >> the clflush instruction.
> > >>
> > >> My question is, do virtio-net drivers do any of these things?
> > > I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
> > >
> > >> ***
> > >>
> > >> [0] https://arxiv.org/abs/1805.04956
> > >>
> > >>
> > >>
> >
> > Thanks :) I thought my message was forgotten
>
>
> I don't think virtio is using either of these.
>
> Linux does support CAT AFAIK but it has nothing to do with virtio.
Isn't the idea to misuse CAT to detect something about access patterns;
so it's not about it actually being related?
Dave
> --
> MST
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-06-01 18:54 ` Dr. David Alan Gilbert
@ 2018-06-02 3:04 ` procmem
0 siblings, 0 replies; 8+ messages in thread
From: procmem @ 2018-06-02 3:04 UTC (permalink / raw)
To: Dr. David Alan Gilbert, Michael S. Tsirkin
Cc: Stefan Hajnoczi, jasowang, qemu-devel, whonix-devel
Dr. David Alan Gilbert:
> Isn't the idea to misuse CAT to detect something about access patterns;
> so it's not about it actually being related?
AFAICT, CAT is directly responsible since the way it interacts with the
cache allows it to introduce predictable bit flips that can wreak all
kinds of havoc.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-06-01 15:58 ` Michael S. Tsirkin
2018-06-01 18:54 ` Dr. David Alan Gilbert
@ 2018-06-02 3:08 ` procmem
2018-06-03 16:10 ` Michael S. Tsirkin
1 sibling, 1 reply; 8+ messages in thread
From: procmem @ 2018-06-02 3:08 UTC (permalink / raw)
To: Michael S. Tsirkin; +Cc: Stefan Hajnoczi, qemu-devel, whonix-devel, jasowang
Michael S. Tsirkin:
> On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote:
>>
>>
>> Stefan Hajnoczi:
>>> On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
>>>> Hi I'm a privacy distro maintainer investigating the implications of the
>>>> newly published nethammer attack [0] on KVM guests particularly the
>>>> virtio-net drivers. The summary of the paper is that rowhammer can be
>>>> remotely triggered by feeding susceptible* network driver crafted
>>>> traffic. This attack can do all kinds of nasty things such as modifying
>>>> SSL certs on the victim system.
>>>>
>>>> * Susceptible drivers are those relying on Intel CAT, uncached memory or
>>>> the clflush instruction.
>>>>
>>>> My question is, do virtio-net drivers do any of these things?
>>> I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
>>>
>>>> ***
>>>>
>>>> [0] https://arxiv.org/abs/1805.04956
>>>>
>>>>
>>>>
>>
>> Thanks :) I thought my message was forgotten
>
>
> I don't think virtio is using either of these.
>
> Linux does support CAT AFAIK but it has nothing to do with virtio.
>
Thanks for confirming. This is good news indeed. I am considering
posting about this to kernel-hardening so it's on the sec team's radar
when considering upstream network drivers. What do you think?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer?
2018-06-02 3:08 ` procmem
@ 2018-06-03 16:10 ` Michael S. Tsirkin
0 siblings, 0 replies; 8+ messages in thread
From: Michael S. Tsirkin @ 2018-06-03 16:10 UTC (permalink / raw)
To: procmem; +Cc: Stefan Hajnoczi, qemu-devel, whonix-devel, jasowang
On Sat, Jun 02, 2018 at 03:08:54AM +0000, procmem wrote:
>
>
> Michael S. Tsirkin:
> > On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote:
> >>
> >>
> >> Stefan Hajnoczi:
> >>> On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote:
> >>>> Hi I'm a privacy distro maintainer investigating the implications of the
> >>>> newly published nethammer attack [0] on KVM guests particularly the
> >>>> virtio-net drivers. The summary of the paper is that rowhammer can be
> >>>> remotely triggered by feeding susceptible* network driver crafted
> >>>> traffic. This attack can do all kinds of nasty things such as modifying
> >>>> SSL certs on the victim system.
> >>>>
> >>>> * Susceptible drivers are those relying on Intel CAT, uncached memory or
> >>>> the clflush instruction.
> >>>>
> >>>> My question is, do virtio-net drivers do any of these things?
> >>> I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers.
> >>>
> >>>> ***
> >>>>
> >>>> [0] https://arxiv.org/abs/1805.04956
> >>>>
> >>>>
> >>>>
> >>
> >> Thanks :) I thought my message was forgotten
> >
> >
> > I don't think virtio is using either of these.
> >
> > Linux does support CAT AFAIK but it has nothing to do with virtio.
> >
>
> Thanks for confirming. This is good news indeed. I am considering
> posting about this to kernel-hardening so it's on the sec team's radar
> when considering upstream network drivers. What do you think?
It's up to you but the usefulness of reposting like that will be limited IMHO,
unless you have something specific to add.
I think everyone saw the nethammer paper by now, and kernel hardening
team doesn't review network driver patches.
--
MST
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-06-03 16:10 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-21 23:24 [Qemu-devel] Virtio-net drivers immune to Nethammer? procmem
2018-06-01 11:34 ` Stefan Hajnoczi
2018-06-01 13:15 ` procmem
2018-06-01 15:58 ` Michael S. Tsirkin
2018-06-01 18:54 ` Dr. David Alan Gilbert
2018-06-02 3:04 ` procmem
2018-06-02 3:08 ` procmem
2018-06-03 16:10 ` Michael S. Tsirkin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.