On 31-07-08 08:33, Sukanto Ghosh wrote:
On Thu, Jul 31, 2008 at 5:51 AM, Greg KH <greg@xxxxxxxxx> wrote:
On Wed, Jul 30, 2008 at 10:13:28PM +0530, Sukanto Ghosh wrote:
In PCI DMA operation, a device (consider it to be bus-master) can
directly transfer data to a memory location (some bus address, which
is 1:1 mapped to physical address, in case of x86).
Consider that a device driver asks the device to copy n bytes from its
buffer to the kernel buffer at bus address X. But due to some fault in
the device it starts writing to memory location Y, which is actually
the kernel-buffer of some other device driver. Isn't this a potential
security threat to the entire system ? How is it handled ?
That's a fault of the hardware, nothing the os can do about that, sorry.
Go complain to the vendor of the broken PCI device :)
What about those days when there was a DMA controller ? Didn't the DMA
controller control the addresses and the device sent only data ?
Yes (and still used for LPC devices such as ECP parport). But if the DMA
controller would be broken, there's still nothing you can do.
Calling it a "security" threat in particular is rather besides the
point. It's a broken hardware threat.
Rene.
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
