Re: [Qemu-devel] fw_cfg DMA security

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] fw_cfg DMA security

From:	Paolo Bonzini
Subject:	Re: [Qemu-devel] fw_cfg DMA security
Date:	Fri, 23 Oct 2015 09:29:54 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0


On 23/10/2015 08:56, Gerd Hoffmann wrote:
>> > 
>> > So, for example, since Red Hat is working on SMM. Would a DMA to SMRAM
>> > be protected?
>> > 
>> > I haven't watched the fw_cfg DMA discussion too closely, but has this
>> > been thought about?
> Yes.  That problem isn't new and it isn't specific to fw_cfg.  You also
> don't want grant dma access to smram/tseg to your ide/sata/scsi
> controller or NIC.
> 
> > One idea I had was that near the end of the firmware boot, the
> > firmware could trigger fw_cfg in QEMU to stop supporting DMA until a
> > reset.
> 
> Should not be needed.  We have address spaces in qemu, and the
> smram/tseg regions are explicitly excluded (when enabled) from dma-able
> memory.

Exactly.  SMRAM/TSEG is only added to CPU address spaces: for TCG, it's
enabled specifically when the processor enters SMM and disabled upon
RSM; for KVM, it's added to hypervisor address space 1, which is only
looked up for processors that are in SMM.

Paolo

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] fw_cfg DMA security, Jordan Justen, 2015/10/23
- Re: [Qemu-devel] fw_cfg DMA security, Gerd Hoffmann, 2015/10/23
  - Re: [Qemu-devel] fw_cfg DMA security, Paolo Bonzini <=
  - Re: [Qemu-devel] fw_cfg DMA security, Marc Marí, 2015/10/23

Prev by Date: Re: [Qemu-devel] [RFH PATCH 0/4] record/replay fixups and doubts
Next by Date: Re: [Qemu-devel] [Qemu-ppc] [PATCH 1/3] prep: do not use CPU_LOG_IOPORT, convert to tracepoints
Previous by thread: Re: [Qemu-devel] fw_cfg DMA security
Next by thread: Re: [Qemu-devel] fw_cfg DMA security
Index(es):
- Date
- Thread