On 23/10/2015 08:56, Gerd Hoffmann wrote: >> > >> > So, for example, since Red Hat is working on SMM. Would a DMA to SMRAM >> > be protected? >> > >> > I haven't watched the fw_cfg DMA discussion too closely, but has this >> > been thought about? > Yes. That problem isn't new and it isn't specific to fw_cfg. You also > don't want grant dma access to smram/tseg to your ide/sata/scsi > controller or NIC. > > > One idea I had was that near the end of the firmware boot, the > > firmware could trigger fw_cfg in QEMU to stop supporting DMA until a > > reset. > > Should not be needed. We have address spaces in qemu, and the > smram/tseg regions are explicitly excluded (when enabled) from dma-able > memory.
Exactly. SMRAM/TSEG is only added to CPU address spaces: for TCG, it's enabled specifically when the processor enters SMM and disabled upon RSM; for KVM, it's added to hypervisor address space 1, which is only looked up for processors that are in SMM. Paolo
