[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation)
From: |
Philippe Mathieu-Daudé |
Subject: |
[PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation) |
Date: |
Thu, 16 Dec 2021 18:55:08 +0100 |
Now that the DMA API allow passing MemTxAttrs argument and
returning MemTxResult (with MEMTX_BUS_ERROR in particular),
we can restrict the NVMe controller to memories (prohibitting
accesses by the DMA engine to devices) and block yet another
DMA re-entrancy attack.
I'll will try to get a reproducer (and authorization to commit
it as qtest) from the reporter.
Based-on: <20211216123558.799425-1-philmd@redhat.com>
"hw: Have DMA API take MemTxAttrs arg & propagate MemTxResult (part 2)"
20211216123558.799425-1-philmd@redhat.com/">https://lore.kernel.org/qemu-devel/20211216123558.799425-1-philmd@redhat.com/
Philippe Mathieu-Daudé (2):
hw/nvme/ctrl: Do not ignore DMA access errors
hw/nvme/ctrl: Prohibit DMA accesses to devices (CVE-2021-3929)
hw/nvme/ctrl.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--
2.33.1
- [PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation),
Philippe Mathieu-Daudé <=