Thunderclap TL;DR: someone finally tried on PCs (over Thunderbolt) what we did on the PS4 (over PCIe) years ago. As I said at the time, IOMMUs are useless if the drivers are not written assuming the device is evil. *Nobody* writes PCIe drivers assuming the device is evil.
-
-
IOMMUs are a cute mitigation that changes the attack approach from "just read/write all physical memory" to "just change a pointer in some driver DMA data structure to let you read/write all physical memory". Yes, it's slightly harder. Only slightly.
Show this thread -
I'm going to go ahead and say that GPU drivers will never get this right. Those things are such massive hairballs that if you enable eGPU support over an external interface, you have to assume you're immediately pwnable.
Show this thread -
So whitelist Thunderbolt devices to... well, zero devices, to start with. Then start auditing and rewriting drivers and *only* whitelist for TB access those where all of the aforementioned concerns have been considered, possibly in a complete rewrite. It won't be easy.
Show this thread -
You'll still have bugs, but, like, the current state of things is that nobody has even *considered* any of this. Right now it's not bugs, evil-device security is literally outside the scope of basically every PCIe driver right now.
Show this thread
End of conversation
New conversation -
-
-
You *must not* trust ring buffer indices in shared memory
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Couldn't the kernel enforce most of this in the driver architecture?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.