hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation)

[PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation)

Philippe Mathieu-Daudé posted 2 patches 2 years, 4 months ago

Download series mbox

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20211216175510.884749-1-philmd@redhat.com

hw/nvme/ctrl.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)

Expand all Fold all

[PATCH 0/2] hw/nvme: Fix CVE-2021-3929 (DMA re-entrancy exploitation)

Posted by Philippe Mathieu-Daudé 2 years, 4 months ago

Now that the DMA API allow passing MemTxAttrs argument and
returning MemTxResult (with MEMTX_BUS_ERROR in particular),
we can restrict the NVMe controller to memories (prohibitting
accesses by the DMA engine to devices) and block yet another
DMA re-entrancy attack.

I'll will try to get a reproducer (and authorization to commit
it as qtest) from the reporter.

Based-on: <20211216123558.799425-1-philmd@redhat.com>
"hw: Have DMA API take MemTxAttrs arg & propagate MemTxResult (part 2)"
https://lore.kernel.org/qemu-devel/20211216123558.799425-1-philmd@redhat.com/

Philippe Mathieu-Daudé (2):
  hw/nvme/ctrl: Do not ignore DMA access errors
  hw/nvme/ctrl: Prohibit DMA accesses to devices (CVE-2021-3929)

 hw/nvme/ctrl.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

-- 
2.33.1