Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One port to rule em all


Considering the DMA vulnerabilities of thunderbolt, that's not too far off.

At least until we have some sort of IOMMU-based hotplug device firewalls in our operating systems.


Isn't that already the case? Current-gen Intel and AMD platforms have IOMMUs; Linux supports them. Linux and Windows support disabling DMA without disabling the rest of e.g. Firewire.


That's for a specific firewire protocol.

Thunderbolt exposes PCIe-lanes, so you can pretty much attach any pcie-device that has drivers. If there are any drivers that do not use the IOMMU properly (just pass through everything?) then we're back to square one. And I don't think all drivers are iommu-aware.

The system should only hotplug devices/drivers with user approval.


USB 3.0 has DMA too.


But is that remote DMA? Controller/driver-managed DMA transfers in the fashion of "shovel the next X incoming kilobytes to this memory range" is not the same as arbitrary writes to host memory initiated by a device.


Ah, maybe it isn't, fair point.


On USB only Host is allowed to be a bus master. Thunderbold does PCI/PCIe and by extension allows any plugged gizmo to take over whole computer.


One port to find them


One port to bring them all and in the darkness bind them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: