qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation)


From: Philippe Mathieu-Daudé
Subject: [PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation)
Date: Thu, 16 Dec 2021 18:55:08 +0100

Now that the DMA API allow passing MemTxAttrs argument and
returning MemTxResult (with MEMTX_BUS_ERROR in particular),
we can restrict the NVMe controller to memories (prohibitting
accesses by the DMA engine to devices) and block yet another
DMA re-entrancy attack.

I'll will try to get a reproducer (and authorization to commit
it as qtest) from the reporter.

Based-on: <20211216123558.799425-1-philmd@redhat.com>
"hw: Have DMA API take MemTxAttrs arg & propagate MemTxResult (part 2)"
20211216123558.799425-1-philmd@redhat.com/">https://lore.kernel.org/qemu-devel/20211216123558.799425-1-philmd@redhat.com/

Philippe Mathieu-Daudé (2):
  hw/nvme/ctrl: Do not ignore DMA access errors
  hw/nvme/ctrl: Prohibit DMA accesses to devices (CVE-2021-3929)

 hw/nvme/ctrl.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

-- 
2.33.1





reply via email to

[Prev in Thread] Current Thread [Next in Thread]