On 8/29/06, Muli Ben-Yehuda <[EMAIL PROTECTED]
> wrote:
On Tue, Aug 29, 2006 at 08:37:13PM +0300, Gil Freund wrote:
> >Yes, but that makes the domU trusted (an attacker with root access ot
> >the domU can easily take down the entire machine - unless you have an
> >isolation capable IOMMU)
>
> Can you elaborate a little more? Does this mean that if the guest/DomU
> has direct access to physical hardware it can compromise the
> host/DomU?
Yes.
> Is this true for any hardware access, or for NICs only?
Any DMA capable hardware. Simply put, the attack vector is programming
the device to DMA to physical memory used by the hypervisor. Without
an isolation capable IOMMU, any device can DMA anywhere in physical
memory.
We presented a paper at OLS '06 on our work to add isolation-capable
IOMMU support to Linux and Xen that goes into this in more depth. You
can find the slides at
http://www.mulix.org/lectures/using-iommus-for-virtualization/OLS-jdmason.pdf
and a reprint of the paper at
https://ols2006.108.redhat.com/reprints/ben-yehuda-reprint.pdf
Cheers,
Muli
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
