James Harper
2005-May-22 07:56 UTC
RE: [Xen-devel] asterisk, ztdummy, and usb (and HZ = 100 under xen ???)
> Assuming you have restricted the domain to just accessing registersand> IRQs belonging to the device it controls, I think the only way wouldbe> by programming the device to wreak havoc on its behalf (by DMAing > arbitrary memory).Is there a way to protect against rogue DMA writes (without knowing the details of every particular piece of hardware) or is it just the price to be paid for direct hardware access? James _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2005-May-22 08:08 UTC
Re: [Xen-devel] asterisk, ztdummy, and usb (and HZ = 100 under xen ???)
On 22 May 2005, at 08:56, James Harper wrote:>> Assuming you have restricted the domain to just accessing registers > and >> IRQs belonging to the device it controls, I think the only way would > be >> by programming the device to wreak havoc on its behalf (by DMAing >> arbitrary memory). > > Is there a way to protect against rogue DMA writes (without knowing the > details of every particular piece of hardware) or is it just the price > to be paid for direct hardware access?You need an IOMMU. Then the ''bus addresses'' you program into the device are checked and translated by the IOMMU when it attempts to access memory. Chipset extensions to support protection from rogue devices is likely to appear for commodity x86 systems in the next couple of years, I think. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel