[PVE-User] Should I worry about flip-feng-shui attack
f.gruenbichler at proxmox.com
Fri Aug 19 08:51:31 CEST 2016
On Fri, Aug 19, 2016 at 08:38:48AM +0200, Eneko Lacunza wrote:
> El 19/08/16 a las 05:23, Nguyễn Tấn Vỹ escribió:
> > Regarding flip-feng-shui attack to VM when KSM enable (
> > https://www.vusec.net/projects/flip-feng-shui/). Shoud I worry about
> > flip-feng-shui attack? I am using DDR3 RAM with ECC.
> Only if your RAM has the Rowhammer issue (hardware bug), and you expect to
> host potentially malicius VMs/containers.
a bit more, from the actual page you linked:
*I have DRAM with Error Correcting Code (ECC). Am I safe against FFS
Triggering Rowhammer over DRAM with ECC is harder than normal DRAM.
There are, however, DRAM modules with multiple bit flips per ECC domain
that ECC cannot correct. At this point, it is still unclear whether
these DRAMs can be reliably exploited.
*I am a public cloud provider. How can I protect my customers?*
Disable memory deduplication. It comes under different names: Kernel
Same-page Merging, Transparent Page Sharing, Content-based
you can check whether KSM is active and how many pages are shared by
looking at the files in /sys/kernel/mm/ksm. there you can also
(temporarily) disable KSM with the "run" file, see the kernel docs at
https://www.kernel.org/doc/Documentation/vm/ksm.txt for details.
More information about the pve-user