[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] fw_cfg DMA security
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] fw_cfg DMA security |
Date: |
Fri, 23 Oct 2015 08:56:26 +0200 |
Hi,
> One complication I thought of was that it might be tricky to deal with
> the implications of allowing this DMA to specify any old address to
> fill with fw_cfg data.
>
> So, for example, since Red Hat is working on SMM. Would a DMA to SMRAM
> be protected?
>
> I haven't watched the fw_cfg DMA discussion too closely, but has this
> been thought about?
Yes. That problem isn't new and it isn't specific to fw_cfg. You also
don't want grant dma access to smram/tseg to your ide/sata/scsi
controller or NIC.
> One idea I had was that near the end of the firmware boot, the
> firmware could trigger fw_cfg in QEMU to stop supporting DMA until a
> reset.
Should not be needed. We have address spaces in qemu, and the
smram/tseg regions are explicitly excluded (when enabled) from dma-able
memory.
mark: when writing a fw_cfg_dma tests it is a good idea to add a
testcase for this, so make sure this works as intended and to avoid
security-sensitive regressions.
cheers,
Gerd