On Dec 16 20:13, Klaus Jensen wrote: > On Dec 16 18:55, Philippe Mathieu-Daudé wrote: > > Now that the DMA API allow passing MemTxAttrs argument and > > returning MemTxResult (with MEMTX_BUS_ERROR in particular), > > we can restrict the NVMe controller to memories (prohibitting > > accesses by the DMA engine to devices) and block yet another > > DMA re-entrancy attack. > > > > I'll will try to get a reproducer (and authorization to commit > > it as qtest) from the reporter. > > > > Based-on: <20211216123558.799425-1-phi...@redhat.com> > > "hw: Have DMA API take MemTxAttrs arg & propagate MemTxResult (part 2)" > > https://lore.kernel.org/qemu-devel/20211216123558.799425-1-phi...@redhat.com/ > > > > Philippe Mathieu-Daudé (2): > > hw/nvme/ctrl: Do not ignore DMA access errors > > hw/nvme/ctrl: Prohibit DMA accesses to devices (CVE-2021-3929) > > > > hw/nvme/ctrl.c | 9 +++++---- > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > LGTM. > > Reviewed-by: Klaus Jensen <k.jen...@samsung.com>
Ugh. Jumped the gun here. This all looked fine, but since this prohibits DMA to other devices it breaks DMA'ing to a controller memory buffer on another device, which is a used feature of some setups. I think we need to fix this like e1000 did?
signature.asc
Description: PGP signature
