All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jordan Justen <jordan.l.justen@intel.com>
To: markmb@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] fw_cfg DMA security
Date: Thu, 22 Oct 2015 23:27:00 -0700	[thread overview]
Message-ID: <20151023062700.30810.47746@jljusten-ivb> (raw)

Back when I was looking at fw_cfg support for -kernel in OVMF, I noted
that it took a while to read the kernel. We improved the perf
substantially by using a 'rep insb' instruction, which I think kvm
special cases to minimize VM traps.

Nevertheless, I thought that it would be good to implement a DMA
interface to fw_cfg. It's great to see that Marc made that happen.

One complication I thought of was that it might be tricky to deal with
the implications of allowing this DMA to specify any old address to
fill with fw_cfg data.

So, for example, since Red Hat is working on SMM. Would a DMA to SMRAM
be protected?

I haven't watched the fw_cfg DMA discussion too closely, but has this
been thought about?

One idea I had was that near the end of the firmware boot, the
firmware could trigger fw_cfg in QEMU to stop supporting DMA until a
reset.

-Jordan

             reply	other threads:[~2015-10-23  6:27 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-23  6:27 Jordan Justen [this message]
2015-10-23  6:56 ` [Qemu-devel] fw_cfg DMA security Gerd Hoffmann
2015-10-23  7:29   ` Paolo Bonzini
2015-10-23  9:49   ` Marc Marí

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151023062700.30810.47746@jljusten-ivb \
    --to=jordan.l.justen@intel.com \
    --cc=markmb@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.