Fwd: Can a USB gadget device initiate DMA transfer at the host?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

---------- Forwarded message ----------
From: Aniruddha Marathe <marathe.aniruddha@xxxxxxxxx>
Date: Fri, Feb 6, 2009 at 8:29 PM
Subject: Re: Can a USB gadget device initiate DMA transfer at the host?
To: Greg KH <greg@xxxxxxxxx>


I am sorry, I should have said "using a part of the existing file
backed storage gadget driver".. The existing driver has everything I
need!

I came across a .ppt by David Maynor that talks about carrying out DMA
transfer through a USB device so as to be able to insert a malicious
shellcode (here a program that just pops up window) into appropriate
place in the memory and run it:

http://cansecwest.com/core05/DMA.ppt

I was quite sure that such thing might not be possible through a USB
device by directly carrying a DMA transfer. The author might have
taken advantage of a bug in the OHCI driver and carried out such
attack (carried out in the year 2006). It wasn't exactly clear from
the presentation how he did it. So I was trying to imitate this attack
using an emulated mass storage device.

Just wanted to double check my understanding.

Thanks & Regards,
Aniruddha

On Fri, Feb 6, 2009 at 7:57 PM, Greg KH <greg@xxxxxxxxx> wrote:
> On Fri, Feb 06, 2009 at 06:54:11PM -0500, Aniruddha Marathe wrote:
>> Hi,
>>
>> I am writing a USB mass storage device gadget driver similar to the
>> one already available (file backed storage). I am using PCI based
>> Net2280 USB device controller.
>
> What is lacking in the in-kernel driver that is causing you to want to
> write your own?  Wouldn't it be better to work on the existing one to
> add whatever you feel is lacking than to fork your own version?
>
>> I need to know if there is any way my device can initiate a DMA
>> transfer. If yes, (I know am being optimistic here) can it dictate the
>> address at which the DMA r/w is to be performed? I would like to know
>> the experts' comments on this.
>
> usb gadgets have no control of DMA transfers on the host side, it's an
> impossiblity.
>
> sorry,
>
> greg k-h
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux