|
|
Log in / Subscribe / Register

Safe device assignment with VFIO

Safe device assignment with VFIO

Posted Jan 6, 2012 17:55 UTC (Fri) by drag (guest, #31333)
Parent article: Safe device assignment with VFIO

Please keep in mind with this stuff that unless you have support for "DMA Remapping" a malicious software with access to IOMMU (like a compromised Virtual Machine) has the potential for using interrupts and other hardware features for compromising the host system.

Unless you are using a new version of Intel's VT-d you can be vulnerable.

to post comments

Safe device assignment with VFIO

Posted Jan 6, 2012 20:05 UTC (Fri) by drag (guest, #31333) [Link]

Here documents the vulnerabilities inherent in non-Interrupt Remapping (IR, DMAR or whatever):

http://invisiblethingslab.com/resources/2011/Software%20A...

Safe device assignment with VFIO

Posted Jan 9, 2012 12:26 UTC (Mon) by dwmw2 (subscriber, #2063) [Link]

To be specific: You want interrupt remapping and X2APIC. And beware that there are some crappy BIOSes which explicitly disable X2APIC for reasons I won't go into here because it makes me too grumpy.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds