On Tue, Aug 29, 2006 at 08:37:13PM +0300, Gil Freund wrote: > >Yes, but that makes the domU trusted (an attacker with root access ot > >the domU can easily take down the entire machine - unless you have an > >isolation capable IOMMU) > > Can you elaborate a little more? Does this mean that if the guest/DomU > has direct access to physical hardware it can compromise the > host/DomU?
Yes. > Is this true for any hardware access, or for NICs only? Any DMA capable hardware. Simply put, the attack vector is programming the device to DMA to physical memory used by the hypervisor. Without an isolation capable IOMMU, any device can DMA anywhere in physical memory. We presented a paper at OLS '06 on our work to add isolation-capable IOMMU support to Linux and Xen that goes into this in more depth. You can find the slides at http://www.mulix.org/lectures/using-iommus-for-virtualization/OLS-jdmason.pdf and a reprint of the paper at https://ols2006.108.redhat.com/reprints/ben-yehuda-reprint.pdf Cheers, Muli ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
