On 2016-12-27 03:51, bancfc@xxxxxxxxxxxxxxx wrote:
Hello and Happy Holidays, In the past few years many serious attacks against the memory deduplication (KSM) feature of all hypervisors have been shown. [1] Even allowing attackers to modify/steal APT keys and source lists on the host. [2] Since its not enabled by default the fall out is relatively low and easily mitigated. New side-channel attacks against memory-ballon enabled VMs are beginning to surface. Please consider documenting this and disabling this feature for newly created VMs to have safe defaults. [1] https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf [2] https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf [3] http://ieeexplore.ieee.org/document/7562068/ *Hint: If you can't see the IEEE paper use sci-hub.
Bumping. I realized I post this in holiday season when it was easily missed.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
