Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This attack wouldn't work with [current versions] of ESXi since VMs now share pages only if the salt value and contents of the pages are identical (each VM uses a unique salt by default). https://kb.vmware.com/selfservice/microsites/search.do?langu...



How can VMs share a memory page at all with this scheme when the salt is unique to each VM? It sounds more like turning off inter-VM memory sharing...


Each VM has a unique salt by default, but you can still specify two or more VMs to share a salt. See also the comment[1] below by xavierd.

[1] https://news.ycombinator.com/item?id=12411146


Sharing pages seems a big price risk to pay for saving a little memory.

Why not turn it off entirely?


There is still significant sharing that can be achieved inside a VM, plus, a lot of the sharing come from zero pages (full of 0) which is still performed accross VMs.

Another benefit of the salting mechanism is that it allows the administrator to define groups of VMs that are trusted in which sharing will be performed.

disclaimer: I work at VMware and wrote the salting code.


Does the salting address the issue described in the dedup est machina paper? I noticed they did not mention that it worked against VMWare.


I would guess if you're a big VM hosting provider and you have thousands of VMs all running the same version of Windows or Linux distro, that it could add up to some real savings to have them share common pages.


I guess so.

Seems the savings would be somewhat offset by having your whole business destroyed because its easy to crack.


Conceptually, it's safe. UNIX distributions routinely do the equivalent operation within single machines, it's a fundamental part of their operating model.

It's just that in the face of defective hardware, it's not safe. But this is not surprising, because nothing is safe, so it isn't particularly a criticism of page sharing. This specific attack may have used it, but Rowhammer is a powerful tool. This is not the only way it can be used; it is merely an exemplar.


cant you limit sharing to Read/eXecute pages only?


Isn't rowhammer done purely by read operations?


Yep. In DRAM, reads are destructive, so every time you read a row, you have to write that row back.


from what I remember you need control (=ability to write to) over adjacent rows?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: