[Gllug] performance of xen dom0 vs native linux

Nix nix at esperi.org.uk
Tue May 12 19:38:54 UTC 2009


On 10 May 2009, Richard Jones verbalised:

> On Sun, May 10, 2009 at 08:32:48PM +0100, Nix wrote:
>> On 9 May 2009, Richard Jones said:
>> > Have they solved the terrible security problems with VT-d yet?
>> 
>> ?
>
> The security issues with handing out devices to guests that you don't
> trust are legion.

Oh yes, obviously untrusted guests should be denied use of vt-d. One
presumes that you *do* trust the VMM so can tell it 'not this one'.
(I wish there was some sort of isolation like with other IOMMUs, but
I guess having one at all is radical for Intel.)

I thought something more serious had been uncovered (i.e. a way in
which a guest which had been denied access to vt-d could nonetheless
use it to escape isolation).

>                The three main ones are: the guest can set PCI bus
> parameters to values which lock up the bus, effectively crashing the
> whole PC.  The guest can do things which lock up the hardware (usually
> because of bugs in the hardware that we try hard to hide when writing
> normal device drivers).  The big one is that guests can flash any BIOS
> extension EPROMs on the peripheral.

Bah, guests can often command bus-mastered DMA transfers to anywhere in
RAM. Forget *rebooting*, we can root you on the fly!
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list