[Whonix-devel] Security of memballooning

bancfc at openmailbox.org bancfc at openmailbox.org
Wed Sep 7 20:50:06 CEST 2016


On 2016-09-07 16:03, Daniel Gruss wrote:
> On 07.09.2016 16:50, bancfc at openmailbox.org wrote:
>> Hi Daniel I was wondering about whether guest VM memory ballooning had
>> any security implications I didn't know about. (basically its a 
>> virtual
>> memory device that takes unused RAM from the VM and gives it back to 
>> the
>> host if its under pressure)
> 
> That sounds very interesting... is it physically adjacent memory or is
> it scattered 4K pages?
> In case of scattered 4K pages a VM could hand a set of extremely
> rowhammer vulnerable pages back to the host system and maybe exploit
> that...
> 
> Cheers,
> Daniel

Good question. I found a dev blog and the linked code describing the 
balloon as a process in the guest so I'm assuming it allocates memory 
the same way as regular processes (scattered). To be safe I'll disable 
it completely.

https://rwmj.wordpress.com/2010/07/17/virtio-balloon/

This is the driver code though I'm not knowledgable enough to read it:

http://lxr.linux.no/linux+v2.6.34.1/drivers/virtio/virtio_balloon.c


Xen has the same feature too so there is a lot of potential for fun in 
the cloud :)


More information about the Whonix-devel mailing list