Now that the DMA API allow passing MemTxAttrs argument and returning MemTxResult (with MEMTX_BUS_ERROR in particular), we can restrict the NVMe controller to memories (prohibitting accesses by the DMA engine to devices) and block yet another DMA re-entrancy attack.
I'll will try to get a reproducer (and authorization to commit it as qtest) from the reporter. Based-on: <20211216123558.799425-1-phi...@redhat.com> "hw: Have DMA API take MemTxAttrs arg & propagate MemTxResult (part 2)" https://lore.kernel.org/qemu-devel/20211216123558.799425-1-phi...@redhat.com/ Philippe Mathieu-Daudé (2): hw/nvme/ctrl: Do not ignore DMA access errors hw/nvme/ctrl: Prohibit DMA accesses to devices (CVE-2021-3929) hw/nvme/ctrl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) -- 2.33.1
