* [Qemu-devel] Virtio-net drivers immune to Nethammer? @ 2018-05-21 23:24 procmem 2018-06-01 11:34 ` Stefan Hajnoczi 0 siblings, 1 reply; 8+ messages in thread From: procmem @ 2018-05-21 23:24 UTC (permalink / raw) To: qemu-devel, whonix-devel Hi I'm a privacy distro maintainer investigating the implications of the newly published nethammer attack [0] on KVM guests particularly the virtio-net drivers. The summary of the paper is that rowhammer can be remotely triggered by feeding susceptible* network driver crafted traffic. This attack can do all kinds of nasty things such as modifying SSL certs on the victim system. * Susceptible drivers are those relying on Intel CAT, uncached memory or the clflush instruction. My question is, do virtio-net drivers do any of these things? *** [0] https://arxiv.org/abs/1805.04956 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-05-21 23:24 [Qemu-devel] Virtio-net drivers immune to Nethammer? procmem @ 2018-06-01 11:34 ` Stefan Hajnoczi 2018-06-01 13:15 ` procmem 0 siblings, 1 reply; 8+ messages in thread From: Stefan Hajnoczi @ 2018-06-01 11:34 UTC (permalink / raw) To: procmem; +Cc: qemu-devel, whonix-devel, Michael S. Tsirkin, jasowang [-- Attachment #1: Type: text/plain, Size: 770 bytes --] On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote: > Hi I'm a privacy distro maintainer investigating the implications of the > newly published nethammer attack [0] on KVM guests particularly the > virtio-net drivers. The summary of the paper is that rowhammer can be > remotely triggered by feeding susceptible* network driver crafted > traffic. This attack can do all kinds of nasty things such as modifying > SSL certs on the victim system. > > * Susceptible drivers are those relying on Intel CAT, uncached memory or > the clflush instruction. > > My question is, do virtio-net drivers do any of these things? I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers. > *** > > [0] https://arxiv.org/abs/1805.04956 > > > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 455 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-06-01 11:34 ` Stefan Hajnoczi @ 2018-06-01 13:15 ` procmem 2018-06-01 15:58 ` Michael S. Tsirkin 0 siblings, 1 reply; 8+ messages in thread From: procmem @ 2018-06-01 13:15 UTC (permalink / raw) To: Stefan Hajnoczi; +Cc: qemu-devel, whonix-devel, Michael S. Tsirkin, jasowang Stefan Hajnoczi: > On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote: >> Hi I'm a privacy distro maintainer investigating the implications of the >> newly published nethammer attack [0] on KVM guests particularly the >> virtio-net drivers. The summary of the paper is that rowhammer can be >> remotely triggered by feeding susceptible* network driver crafted >> traffic. This attack can do all kinds of nasty things such as modifying >> SSL certs on the victim system. >> >> * Susceptible drivers are those relying on Intel CAT, uncached memory or >> the clflush instruction. >> >> My question is, do virtio-net drivers do any of these things? > I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers. > >> *** >> >> [0] https://arxiv.org/abs/1805.04956 >> >> >> Thanks :) I thought my message was forgotten ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-06-01 13:15 ` procmem @ 2018-06-01 15:58 ` Michael S. Tsirkin 2018-06-01 18:54 ` Dr. David Alan Gilbert 2018-06-02 3:08 ` procmem 0 siblings, 2 replies; 8+ messages in thread From: Michael S. Tsirkin @ 2018-06-01 15:58 UTC (permalink / raw) To: procmem; +Cc: Stefan Hajnoczi, qemu-devel, whonix-devel, jasowang On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote: > > > Stefan Hajnoczi: > > On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote: > >> Hi I'm a privacy distro maintainer investigating the implications of the > >> newly published nethammer attack [0] on KVM guests particularly the > >> virtio-net drivers. The summary of the paper is that rowhammer can be > >> remotely triggered by feeding susceptible* network driver crafted > >> traffic. This attack can do all kinds of nasty things such as modifying > >> SSL certs on the victim system. > >> > >> * Susceptible drivers are those relying on Intel CAT, uncached memory or > >> the clflush instruction. > >> > >> My question is, do virtio-net drivers do any of these things? > > I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers. > > > >> *** > >> > >> [0] https://arxiv.org/abs/1805.04956 > >> > >> > >> > > Thanks :) I thought my message was forgotten I don't think virtio is using either of these. Linux does support CAT AFAIK but it has nothing to do with virtio. -- MST ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-06-01 15:58 ` Michael S. Tsirkin @ 2018-06-01 18:54 ` Dr. David Alan Gilbert 2018-06-02 3:04 ` procmem 2018-06-02 3:08 ` procmem 1 sibling, 1 reply; 8+ messages in thread From: Dr. David Alan Gilbert @ 2018-06-01 18:54 UTC (permalink / raw) To: Michael S. Tsirkin Cc: procmem, Stefan Hajnoczi, jasowang, qemu-devel, whonix-devel * Michael S. Tsirkin (mst@redhat.com) wrote: > On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote: > > > > > > Stefan Hajnoczi: > > > On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote: > > >> Hi I'm a privacy distro maintainer investigating the implications of the > > >> newly published nethammer attack [0] on KVM guests particularly the > > >> virtio-net drivers. The summary of the paper is that rowhammer can be > > >> remotely triggered by feeding susceptible* network driver crafted > > >> traffic. This attack can do all kinds of nasty things such as modifying > > >> SSL certs on the victim system. > > >> > > >> * Susceptible drivers are those relying on Intel CAT, uncached memory or > > >> the clflush instruction. > > >> > > >> My question is, do virtio-net drivers do any of these things? > > > I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers. > > > > > >> *** > > >> > > >> [0] https://arxiv.org/abs/1805.04956 > > >> > > >> > > >> > > > > Thanks :) I thought my message was forgotten > > > I don't think virtio is using either of these. > > Linux does support CAT AFAIK but it has nothing to do with virtio. Isn't the idea to misuse CAT to detect something about access patterns; so it's not about it actually being related? Dave > -- > MST > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-06-01 18:54 ` Dr. David Alan Gilbert @ 2018-06-02 3:04 ` procmem 0 siblings, 0 replies; 8+ messages in thread From: procmem @ 2018-06-02 3:04 UTC (permalink / raw) To: Dr. David Alan Gilbert, Michael S. Tsirkin Cc: Stefan Hajnoczi, jasowang, qemu-devel, whonix-devel Dr. David Alan Gilbert: > Isn't the idea to misuse CAT to detect something about access patterns; > so it's not about it actually being related? AFAICT, CAT is directly responsible since the way it interacts with the cache allows it to introduce predictable bit flips that can wreak all kinds of havoc. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-06-01 15:58 ` Michael S. Tsirkin 2018-06-01 18:54 ` Dr. David Alan Gilbert @ 2018-06-02 3:08 ` procmem 2018-06-03 16:10 ` Michael S. Tsirkin 1 sibling, 1 reply; 8+ messages in thread From: procmem @ 2018-06-02 3:08 UTC (permalink / raw) To: Michael S. Tsirkin; +Cc: Stefan Hajnoczi, qemu-devel, whonix-devel, jasowang Michael S. Tsirkin: > On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote: >> >> >> Stefan Hajnoczi: >>> On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote: >>>> Hi I'm a privacy distro maintainer investigating the implications of the >>>> newly published nethammer attack [0] on KVM guests particularly the >>>> virtio-net drivers. The summary of the paper is that rowhammer can be >>>> remotely triggered by feeding susceptible* network driver crafted >>>> traffic. This attack can do all kinds of nasty things such as modifying >>>> SSL certs on the victim system. >>>> >>>> * Susceptible drivers are those relying on Intel CAT, uncached memory or >>>> the clflush instruction. >>>> >>>> My question is, do virtio-net drivers do any of these things? >>> I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers. >>> >>>> *** >>>> >>>> [0] https://arxiv.org/abs/1805.04956 >>>> >>>> >>>> >> >> Thanks :) I thought my message was forgotten > > > I don't think virtio is using either of these. > > Linux does support CAT AFAIK but it has nothing to do with virtio. > Thanks for confirming. This is good news indeed. I am considering posting about this to kernel-hardening so it's on the sec team's radar when considering upstream network drivers. What do you think? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] Virtio-net drivers immune to Nethammer? 2018-06-02 3:08 ` procmem @ 2018-06-03 16:10 ` Michael S. Tsirkin 0 siblings, 0 replies; 8+ messages in thread From: Michael S. Tsirkin @ 2018-06-03 16:10 UTC (permalink / raw) To: procmem; +Cc: Stefan Hajnoczi, qemu-devel, whonix-devel, jasowang On Sat, Jun 02, 2018 at 03:08:54AM +0000, procmem wrote: > > > Michael S. Tsirkin: > > On Fri, Jun 01, 2018 at 01:15:44PM +0000, procmem wrote: > >> > >> > >> Stefan Hajnoczi: > >>> On Mon, May 21, 2018 at 11:24:43PM +0000, procmem wrote: > >>>> Hi I'm a privacy distro maintainer investigating the implications of the > >>>> newly published nethammer attack [0] on KVM guests particularly the > >>>> virtio-net drivers. The summary of the paper is that rowhammer can be > >>>> remotely triggered by feeding susceptible* network driver crafted > >>>> traffic. This attack can do all kinds of nasty things such as modifying > >>>> SSL certs on the victim system. > >>>> > >>>> * Susceptible drivers are those relying on Intel CAT, uncached memory or > >>>> the clflush instruction. > >>>> > >>>> My question is, do virtio-net drivers do any of these things? > >>> I have CCed Michael Tsirkin and Jason Wang, the virtio maintainers. > >>> > >>>> *** > >>>> > >>>> [0] https://arxiv.org/abs/1805.04956 > >>>> > >>>> > >>>> > >> > >> Thanks :) I thought my message was forgotten > > > > > > I don't think virtio is using either of these. > > > > Linux does support CAT AFAIK but it has nothing to do with virtio. > > > > Thanks for confirming. This is good news indeed. I am considering > posting about this to kernel-hardening so it's on the sec team's radar > when considering upstream network drivers. What do you think? It's up to you but the usefulness of reposting like that will be limited IMHO, unless you have something specific to add. I think everyone saw the nethammer paper by now, and kernel hardening team doesn't review network driver patches. -- MST ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-06-03 16:10 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-05-21 23:24 [Qemu-devel] Virtio-net drivers immune to Nethammer? procmem 2018-06-01 11:34 ` Stefan Hajnoczi 2018-06-01 13:15 ` procmem 2018-06-01 15:58 ` Michael S. Tsirkin 2018-06-01 18:54 ` Dr. David Alan Gilbert 2018-06-02 3:04 ` procmem 2018-06-02 3:08 ` procmem 2018-06-03 16:10 ` Michael S. Tsirkin
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.