[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions
From: |
Edgar E. Iglesias |
Subject: |
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions |
Date: |
Thu, 3 Sep 2020 21:46:29 +0200 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Thu, Sep 03, 2020 at 07:53:33PM +0200, Paolo Bonzini wrote:
> On 03/09/20 17:50, Edgar E. Iglesias wrote:
> >>> Hmm, I guess it would make sense to have a configurable option in KVM
> >>> to isolate passthrough devices so they only can DMA to guest RAM...
> >>
> >> Passthrough devices are always protected by the IOMMU, anything else
> >> would be obviously insane^H^H^Hecure. :)
> >
> > Really? To always do that blindly seems wrong.
> >
> > I'm refering to the passthrough device not being able to reach registers
> > of other passthrough devices within the same guest.
>
> Ah okay; sorry, I misunderstood. That makes more sense now!
>
> Multiple devices are put in the same IOMMU "container" (page table
> basically), and that takes care of reaching registers of other
> passthrough devices.
Thanks, yes, that's a sane default. What I was trying to say before is that
it may make sense to allow the user to "harden" the setup by selectivly
putting certain passthrough devs on a separate group that can *only*
DMA access guest RAM (not other device regs).
Some devs need access to other device's regs but many passthrough devs don't
need DMA access to anything else but RAM (e.g an Ethernet MAC).
That could mitigate the damage caused by wild DMA pointers...
Cheers,
Edgar
- Re: [RFC PATCH 11/12] hw/pci: Only allow PCI slave devices to write to direct memory, (continued)
[RFC PATCH 12/12] dma: Assert when device writes to indirect memory (such MMIO regions), Philippe Mathieu-Daudé, 2020/09/03
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Laszlo Ersek, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Peter Maydell, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Edgar E. Iglesias, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Paolo Bonzini, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Edgar E. Iglesias, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Paolo Bonzini, 2020/09/03
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions,
Edgar E. Iglesias <=
- Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Jason Wang, 2020/09/03
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Li Qiang, 2020/09/04
Re: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions, Stefan Hajnoczi, 2020/09/09