Re: [Qemu-devel] fw_cfg DMA security

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] fw_cfg DMA security

From:	Marc Marí
Subject:	Re: [Qemu-devel] fw_cfg DMA security
Date:	Fri, 23 Oct 2015 11:49:49 +0200

On Fri, 23 Oct 2015 08:56:26 +0200
Gerd Hoffmann <address@hidden> wrote:

>   Hi,
> 
> > One complication I thought of was that it might be tricky to deal
> > with the implications of allowing this DMA to specify any old
> > address to fill with fw_cfg data.
> > 
> > So, for example, since Red Hat is working on SMM. Would a DMA to
> > SMRAM be protected?
> > 
> > I haven't watched the fw_cfg DMA discussion too closely, but has
> > this been thought about?
> 
> Yes.  That problem isn't new and it isn't specific to fw_cfg.  You
> also don't want grant dma access to smram/tseg to your ide/sata/scsi
> controller or NIC.
> 
> > One idea I had was that near the end of the firmware boot, the
> > firmware could trigger fw_cfg in QEMU to stop supporting DMA until a
> > reset.
> 
> Should not be needed.  We have address spaces in qemu, and the
> smram/tseg regions are explicitly excluded (when enabled) from
> dma-able memory.
> 
> mark: when writing a fw_cfg_dma tests it is a good idea to add a
> testcase for this, so make sure this works as intended and to avoid
> security-sensitive regressions.

Noted, thanks

Marc

> cheers,
>   Gerd
> 
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] fw_cfg DMA security, Jordan Justen, 2015/10/23
- Re: [Qemu-devel] fw_cfg DMA security, Gerd Hoffmann, 2015/10/23
  - Re: [Qemu-devel] fw_cfg DMA security, Paolo Bonzini, 2015/10/23
  - Re: [Qemu-devel] fw_cfg DMA security, Marc Marí <=

Prev by Date: [Qemu-devel] [PULL 05/21] spapr_iommu: Rename vfio_accel parameter
Next by Date: Re: [Qemu-devel] [PATCH] gdb command: qemu aios, qemu aiohandlers
Previous by thread: Re: [Qemu-devel] fw_cfg DMA security
Next by thread: [Qemu-devel] Qemu.git Build Failed
Index(es):
- Date
- Thread