| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
NDISwrapper dodges another bullet
NDISwrapper dodges another bullet
Posted Mar 6, 2008 6:23 UTC (Thu) by hamjudo (subscriber, #363)Parent article: NDISwrapper dodges another bullet
Do any PCI interfaces include a mechanism for limiting memory access for a device?
I'd accept a significant performance hit, if I could run the evil drivers in user mode under an emulator like QEMU, with a kernel driver that provided controlled access to the PCI slot, and appropriate memory buffers, but blocked access to any other device, or memory. But that is not enough, unless the network device itself is also prevented from accessing the wrong memory, or other devices.
Most DMA controllers are configured by the driver. If a DMA controller is loaded with a bad address, the device will scribble on the wrong memory. That produces bugs that are incredibly hard to track down and massive security holes. So the hardware has to be limited too, before you can really claim that the interface removes the need for tainting.
(Log in to post comments)
NDISwrapper dodges another bullet
Posted Mar 6, 2008 13:05 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]
There are some recent PCI extensions for IO virtualisation (IOV) that provide for (among other things) mapping of DMA addresses by the chipset. This could perhaps be used to constrain user-space drivers.
NDISwrapper dodges another bullet
Posted Mar 6, 2008 14:41 UTC (Thu) by mcmanus (subscriber, #4569) [Link]
If your board has an IOMMU it can do this for you - and they are becoming more common.