[Gllug] performance of xen dom0 vs native linux
Nix
nix at esperi.org.uk
Tue May 12 19:38:54 UTC 2009
On 10 May 2009, Richard Jones verbalised:
> On Sun, May 10, 2009 at 08:32:48PM +0100, Nix wrote:
>> On 9 May 2009, Richard Jones said:
>> > Have they solved the terrible security problems with VT-d yet?
>>
>> ?
>
> The security issues with handing out devices to guests that you don't
> trust are legion.
Oh yes, obviously untrusted guests should be denied use of vt-d. One
presumes that you *do* trust the VMM so can tell it 'not this one'.
(I wish there was some sort of isolation like with other IOMMUs, but
I guess having one at all is radical for Intel.)
I thought something more serious had been uncovered (i.e. a way in
which a guest which had been denied access to vt-d could nonetheless
use it to escape isolation).
> The three main ones are: the guest can set PCI bus
> parameters to values which lock up the bus, effectively crashing the
> whole PC. The guest can do things which lock up the hardware (usually
> because of bugs in the hardware that we try hard to hide when writing
> normal device drivers). The big one is that guests can flash any BIOS
> extension EPROMs on the peripheral.
Bah, guests can often command bus-mastered DMA transfers to anywhere in
RAM. Forget *rebooting*, we can root you on the fly!
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list