[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] fw_cfg DMA security
From: |
Marc Marí |
Subject: |
Re: [Qemu-devel] fw_cfg DMA security |
Date: |
Fri, 23 Oct 2015 11:49:49 +0200 |
On Fri, 23 Oct 2015 08:56:26 +0200
Gerd Hoffmann <address@hidden> wrote:
> Hi,
>
> > One complication I thought of was that it might be tricky to deal
> > with the implications of allowing this DMA to specify any old
> > address to fill with fw_cfg data.
> >
> > So, for example, since Red Hat is working on SMM. Would a DMA to
> > SMRAM be protected?
> >
> > I haven't watched the fw_cfg DMA discussion too closely, but has
> > this been thought about?
>
> Yes. That problem isn't new and it isn't specific to fw_cfg. You
> also don't want grant dma access to smram/tseg to your ide/sata/scsi
> controller or NIC.
>
> > One idea I had was that near the end of the firmware boot, the
> > firmware could trigger fw_cfg in QEMU to stop supporting DMA until a
> > reset.
>
> Should not be needed. We have address spaces in qemu, and the
> smram/tseg regions are explicitly excluded (when enabled) from
> dma-able memory.
>
> mark: when writing a fw_cfg_dma tests it is a good idea to add a
> testcase for this, so make sure this works as intended and to avoid
> security-sensitive regressions.
Noted, thanks
Marc
> cheers,
> Gerd
>
>