[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions
From: |
Laszlo Ersek |
Subject: |
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions |
Date: |
Thu, 3 Sep 2020 15:37:06 +0200 |
Hi Phil,
On 09/03/20 13:08, Philippe Mathieu-Daudé wrote:
> Hi,
>
> I'm not suppose to work on this but I couldn't sleep so kept
> wondering about this problem the whole night and eventually
> woke up to write this quickly, so comments are scarce, sorry.
>
> The first part is obvious anyway, simply pass MemTxAttrs argument.
>
> The main patch is:
> "exec/memattrs: Introduce MemTxAttrs::direct_access field".
> This way we can restrict accesses to ROM/RAM by setting the
> 'direct_access' field. Illegal accesses return MEMTX_BUS_ERROR.
>
> Next patch restrict PCI DMA accesses by setting the direct_access
> field.
>
> Finally we add an assertion for any DMA write access to indirect
> memory to kill a class of bug recently found by Alexander while
> fuzzing.
I've briefly checked LP#1886362 and LP#1888606, and as much as I
understand them, they seem tricky. It's not clear how we can recognize
long chains of DMA-to-MMIO transfers, and interrupt them.
Peter mentions an approach at the end of
<https://bugs.launchpad.net/qemu/+bug/1886362/comments/5> that I believe
to understand, but -- according to him -- it seems too much work. And,
I'm not too familiar with the qemu memory model, so I don't have
comments on your solution.
Maybe we can have some kind of "depth counter" for such
recursive DMA-to-MMIO calls (even across multiple device models), and
put an artificial limit on them, such as 5 or 10. This could be
controlled on the QEMU command line perhaps?
I don't think such chains work unto arbitrary depths on physical
hardware either.
Sorry that I don't have any sensible comments here. I hope I didn't
misunderstand the problem at least.
Laszlo
- [PATCH 07/12] dma: Let dma_memory_map() take MemTxAttrs argument, (continued)
- [PATCH 07/12] dma: Let dma_memory_map() take MemTxAttrs argument, Philippe Mathieu-Daudé, 2020/09/03
- [PATCH 08/12] docs/devel/loads-stores: Add regexp for DMA functions, Philippe Mathieu-Daudé, 2020/09/03
- [PATCH 09/12] dma: Let load/store DMA functions take MemTxAttrs argument, Philippe Mathieu-Daudé, 2020/09/03
- [RFC PATCH 10/12] exec/memattrs: Introduce MemTxAttrs::direct_access field, Philippe Mathieu-Daudé, 2020/09/03
- [RFC PATCH 11/12] hw/pci: Only allow PCI slave devices to write to direct memory, Philippe Mathieu-Daudé, 2020/09/03
- [RFC PATCH 12/12] dma: Assert when device writes to indirect memory (such MMIO regions), Philippe Mathieu-Daudé, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions,
Laszlo Ersek <=
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Peter Maydell, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Edgar E. Iglesias, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Paolo Bonzini, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Edgar E. Iglesias, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Paolo Bonzini, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Edgar E. Iglesias, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Jason Wang, 2020/09/03
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Li Qiang, 2020/09/04
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Stefan Hajnoczi, 2020/09/09