On Fri, Oct 05, 2007 at 12:51:56PM -0400, der Mouse wrote:
> 
> > If your network card can access memory (and it _must_ be able to, or
> > it would be mostly useless), then it _is_ potentially dangerous.  It
> > could probably fairly easily dump anything in RAM over the network to
> > some other machine.
> 
> Only if the DMA mapping is set up to allow it access to that RAM - or
> if your machine is so stupidly designed that a DMA bus master can
> access memory it hasn't specifically been set up with access to.  While
> there are undoubtedly such systems, I would hope that nothing using a
> wpi would be quite that low-end.

To really prevent this, you need an MMU between the expansion bus and
the main memory.  While some systems have been built that way for a long
time (e.g. sparc64) others have not: this feature only really began to
appear on i386 systems as the AGP GART, which isn't really flexible
enough to offer the protection needed in this case, and has only really
been present on any common i386 or amd64 system within the past couple
of years -- and AMD and Intel do it differently, and we don't support
either; nor do most other operating systems.

In sum, PCI DMA on most systems with PCI is direct to host memory addresses
and there's no protection mechanism in between.  A malicious device can write
whatever part of host memory it cares to.