On Sun, Jun 19, 2016 at 3:05 PM, Andrew David Wong <a...@qubes-os.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-06-18 14:54, IX4 Svs wrote:
> > Qubes R3.1, Fedora 23 template, fully updated.
> >
> > I launch a new disposable Firefox, which creates a new DispVM and
> > displays [disp42] in the Firefox window title. All normal so far.
> >
> > I hit CTRL+t to open a new Firefox tab and - I can't believe my
> > eyes - the "new tab" page is full of thumbnails of web pages I have
> > visited in other DispVMs, which have long been shut down.
> >
> > sudo xl list from dom0 confirms disp42 is the only DispVM currently
> > running.
> >
> > How can such data leakage from one DispVM to another be possible?
> > Yes, I am adamant, 100% certain that I have not visited the web
> > sites showing up in the "new tab" page from the TemplateVM that my
> > DispVM is based upon.
> >
> > Any thoughts?
> >
> > Thanks,
> >
> > Alex
> >
>
> Does it persist even after you regenerate the DVM template?
>
> $ qvm-create-default-dvm --default-template
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -----BEGIN PGP SIGNATURE-----
>
> iQIbBAEBCgAGBQJXZqaPAAoJENtN07w5UDAw1q4P93qCkIHgR9tuHihwKjt7nhIZ
> TbW4kErvpKEIyUKxCIXlb8J2Chv+NoEv4oYGwjqnaWIMcQaa4kODZOtxm75IKJft
> AHNg+SOWgUqSLvQ8f2dd0Z7E/8kz8xo0svdoiK/OOMD1g38DUCw6S0/jofFfiDUo
> I0y9skQW/i/0OBNEyqX9qNl6IjMM+pIlfp5hTV5xqgw7P1Bxli1UlmJC7lxdjxjA
> Bw94PMewThF+pnpteQMpmEGlGNlY5eHTgQTPzDppEq0G2M9k1rJaJ2QaUY/GlqMc
> k3UCk7AHlA9TZFclAfXYxEvNgdZ8mstb1VnA2AXi4M9b0V/23Y9MZ7RyAgXA1VnA
> x6Ca5d4LK+PDN3ElT1g1SX+6NL+CbkbckKMt0pKhfFi8twyiLotbD9BvChQwlFFS
> dz85/1MrLepLpAQ2JuDHGU/KkThnUyX+vKgNZFk6zslBZe7iOBEYBgq7Z2Wpwm3G
> l1qb91FBNiC9nQ0XY7cBRj5+btqM9BvY7VhujpiUqOyBjLZu17mcw28XqzdLjn6Q
> aIQICm0Fi1sUgY45XYNzyp/FSIPj7X2ZaVwm2ZS91UGwvXPQNPglFOz+UjvFJR3X
> C0dqnqqO1o78fU8uH98pfrO/4bvZMxbUMgqM70RhtaSs6heoMpRDQtVSnYggW+fH
> fZbyHqC3wVsV21kfILw=
> =U5LR
> -----END PGP SIGNATURE-----
>
>
I have not tried the nuclear option - I was hoping to find the cause of
such a massive leak now that it's happening so that it can be fixed for all
Qubes users. What logs would I need to look into? Should I start a DispVM
in debug mode from dom0's terminal and look at the console output?
/var/log/xen/console/guest-disp43.log interestingly says:

[   18.935022] xen:grant_table: Grant tables using version 1 layout
[   18.935022] Using NULL legacy PIC
[   18.935022] PM: noirq restore of devices complete after 0.071 msecs
[   18.935022] PM: early restore of devices complete after 0.040 msecs
[   18.962927] PM: restore of devices complete after 24.821 msecs
[   18.962977] Restarting tasks ... done.
[   19.046997] Setting capacity to 20971520
[   19.260713] EXT4-fs error (device dm-0): ext4_mb_generate_buddy:757:
group 49, block bitmap and bg descriptor inconsistent: 2 vs 1 free clusters
[   19.260915] EXT4-fs error (device dm-0): ext4_mb_generate_buddy:757:
group 50, block bitmap and bg descriptor inconsistent: 1611 vs 1612 free
clusters
[   19.261198] JBD2: Spotted dirty metadata buffer (dev = dm-0, blocknr =
0). There's a risk of filesystem corruption in case of system crash.
[   19.648563] EXT4-fs error (device dm-0): ext4_lookup:1588: inode #927:
comm cupsd: deleted inode referenced: 647
[   50.944638] EXT4-fs error (device dm-0): ext4_lookup:1588: inode #927:
comm cupsd: deleted inode referenced: 647
[  308.780561] EXT4-fs error (device dm-0): ext4_lookup:1588: inode
#524291: comm dnf: deleted inode referenced: 524305

..but I can't think of how filesystem corruption would lead to data leaking
between DispVMs.

Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTdrWCrY3ax0UiU6nnhvxGoD096hN3zfx72ORLBkbkJd9g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to