Hi, On Sun, 2008-02-10 at 13:32 +0100, Bastian Blank wrote: > You have to show evidence that the Hypervisor crashed if the exploit > runs in a domU. dom0 is special and can always crash the hypervisor. A > stacktrace is usable to do this.
I'm sorry but I cannot provide evidence because it would involve crashing a production machine. Users of said machine are already annoyed that it crashed the first time. However, running the exploit does indeed cause the hypervisor to crash; here's why: The exploit works by altering the memory map (via vmsplice()) to get access into kernel space. Since the memory map is altered in the domU, it is no longer in sync with the global state. Each domU is aware of the state of the other domU's in Xen (at least, this is what the documentation tells me, and this would explain why you can't for example mix NON-PAE and PAE kernels on x86). If one domU gets out of sync, it could cause state corruption in the hypervisor. As a result, Xen should check for this state corruption by maintaining a secondary copy of the memory map and ensuring that it has not been altered. If it has been altered, it should _probably_ kill the VM which did it. William
signature.asc
Description: This is a digitally signed message part
