[Whonix-devel] Security of memballooning

bancfc at openmailbox.org bancfc at openmailbox.org
Wed Sep 7 20:50:06 CEST 2016

On 2016-09-07 16:03, Daniel Gruss wrote:
> On 07.09.2016 16:50, bancfc at openmailbox.org wrote:
>> Hi Daniel I was wondering about whether guest VM memory ballooning had
>> any security implications I didn't know about. (basically its a 
>> virtual
>> memory device that takes unused RAM from the VM and gives it back to 
>> the
>> host if its under pressure)
> That sounds very interesting... is it physically adjacent memory or is
> it scattered 4K pages?
> In case of scattered 4K pages a VM could hand a set of extremely
> rowhammer vulnerable pages back to the host system and maybe exploit
> that...
> Cheers,
> Daniel

Good question. I found a dev blog and the linked code describing the 
balloon as a process in the guest so I'm assuming it allocates memory 
the same way as regular processes (scattered). To be safe I'll disable 
it completely.


This is the driver code though I'm not knowledgable enough to read it:


Xen has the same feature too so there is a lot of potential for fun in 
the cloud :)

More information about the Whonix-devel mailing list