[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] fw_cfg DMA security
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] fw_cfg DMA security |
Date: |
Fri, 23 Oct 2015 09:29:54 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 23/10/2015 08:56, Gerd Hoffmann wrote:
>> >
>> > So, for example, since Red Hat is working on SMM. Would a DMA to SMRAM
>> > be protected?
>> >
>> > I haven't watched the fw_cfg DMA discussion too closely, but has this
>> > been thought about?
> Yes. That problem isn't new and it isn't specific to fw_cfg. You also
> don't want grant dma access to smram/tseg to your ide/sata/scsi
> controller or NIC.
>
> > One idea I had was that near the end of the firmware boot, the
> > firmware could trigger fw_cfg in QEMU to stop supporting DMA until a
> > reset.
>
> Should not be needed. We have address spaces in qemu, and the
> smram/tseg regions are explicitly excluded (when enabled) from dma-able
> memory.
Exactly. SMRAM/TSEG is only added to CPU address spaces: for TCG, it's
enabled specifically when the processor enters SMM and disabled upon
RSM; for KVM, it's added to hypervisor address space 1, which is only
looked up for processors that are in SMM.
Paolo