Re: ENQCMD

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ENQCMD

From:	Stefan Hajnoczi
Subject:	Re: ENQCMD
Date:	Fri, 30 Oct 2020 12:06:35 +0000

On Fri, Oct 30, 2020 at 08:04:54AM +0000, Tian, Kevin wrote:
> > From: Stefan Hajnoczi <stefanha@redhat.com>
> > Sent: Friday, October 30, 2020 3:51 PM
> > 
> > Hi,
> > The "Scalable Work Submission in Device Virtualization" talk at KVM
> > Forum 2020 was interesting and I have some beginner questions about
> > ENQCMD:
> > https://static.sched.com/hosted_files/kvmforum2020/22/Scalable_Work_Su
> > bmission_In_Device_Virtualization.pdf
> > 
> > Security
> > --------
> > If the ENQCMD instruction is allowed for userspace applications, how can
> > they be prevented from writing to the MMIO address directly (without the
> > ENQCMD instruction) and faking the 64-byte enqueue register data format?
> > For example, they could set the PRIV bit or an arbitrary PASID.
> 
> ENQCMD payload is transmitted through DMWr transactions (slide 10), which
> cannot be triggered through other memory instructions. The device portal
> only handles DMWr transactions.

Thanks, that explains it! I was wondering the a regular write
transaction could fool the device :).

Stefan

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

ENQCMD, Stefan Hajnoczi, 2020/10/30
- RE: ENQCMD, Tian, Kevin, 2020/10/30
  - Re: ENQCMD, Stefan Hajnoczi <=

Prev by Date: Re: [PATCH 2/2] tests/9pfs: fix coverity error in create_local_test_dir()
Next by Date: Re: Out-of-Process Device Emulation session at KVM Forum 2020
Previous by thread: RE: ENQCMD
Next by thread: [PATCH] target/s390x: fix execution with icount
Index(es):
- Date
- Thread