On Fri, Oct 19, 2018 at 04:25:01PM -0500, Wenwen Wang wrote: > Hi Mika, Hi,
> Thanks for your response. The current version of the code assumes that > the Thunderbolt controller behaves as expected, e.g., the host > controller should not touch the data after it is marked ready. > However, it is not impossible that the controller is exploited by an > attacker through a security vulnerability, even though it is soldered > on the motherboard. In that case, the controller may behave in an > unexpected way and this bug will offer more opportunities for the > attacker. That would require the attacker to dissassemble the laptop case or similar in case of desktop system. That's already something we cannot protect against. Furthermore this would apply to all DMA capable devices such as the xHCI controller typically part of the Thunderbolt host router or every single network card but I have not seen fixes like this on network side (probably because there is really no need). If the attacker could somehow say, replace the firmware on the Thunderbolt host router then I suppose they could just go and overwrite the extra protection you did in this patch (or probably do something worse since they can access all the system memory). So all in all I don't think this is something we would need to deal with. Situation is totally different if you manage to connecte external devices that can do DMA (which is pretty much what Thunderbolt for example allows) but for those we already have security of some sort implemented. Thanks!