Now that the DMA API allow passing MemTxAttrs argument and
returning MemTxResult (with MEMTX_BUS_ERROR in particular),
we can restrict the NVMe controller to memories (prohibitting
accesses by the DMA engine to devices) and block yet another
DMA re-entrancy attack.
I'll will try to get a reproducer (and authorization to commit
it as qtest) from the reporter.
Based-on: <20211216123558.799425-1-philmd@redhat.com>
"hw: Have DMA API take MemTxAttrs arg & propagate MemTxResult (part 2)"
https://lore.kernel.org/qemu-devel/20211216123558.799425-1-philmd@redhat.com/
Philippe Mathieu-Daudé (2):
hw/nvme/ctrl: Do not ignore DMA access errors
hw/nvme/ctrl: Prohibit DMA accesses to devices (CVE-2021-3929)
hw/nvme/ctrl.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--
2.33.1