egards,
Wei Chen
On Wed, Nov 27, 2024 at 5:37 PM David Hildenbrand wrote:
> On 27.11.24 03:00, zhi zhang wrote:
> >
> >
> > On Tue, Nov 26, 2024 at 11:52 PM David Hildenbrand > <mailto:da...@redhat.com>> wrote:
> >
> > On 26.11.24 16:31, Wei Che
Thanks for the information! I will try to come up with V2 that does not
impact virtio-mem's functionality.
Best regards,
Wei Chen
On 2024/11/26 23:14, David Hildenbrand wrote:
On 26.11.24 16:08, David Hildenbrand wrote:
On 26.11.24 15:46, David Hildenbrand wrote:
On 26.11.24 15:20, Wei
able pages, there is no promise that the attacker would
get a sub-block containing a different set of pages next time.
It also depends heavily on the configuration of the virtio-mem device.
If there is not much non-virtio-mem memory for the VM, the attacker
could easily run out of memory.
Bes
awn enough to make sure the
target page is used to store the EPTEs.
A 2MB sub-block can store 2MB/4KB*512=262,144 EPTEs, equating to at
least 1GB of memory. In other words, the attack program exhausts 1GB of
memory just for the possibility that KVM uses the target page to store
EPTEs.
Best reg
A malicious guest can exploit virtio-mem to release memory back to the
hypervisor and attempt Rowhammer attacks. The only case reasonable for
unplugging is when the size > requested_size.
Signed-off-by: Wei Chen
Signed-off-by: Zhi Zhang
---
hw/virtio/virtio-mem.c | 4
1 file changed
