CPU hotplug using SMM with QEMU+OVMF
Alex Williamson <alex.williamson@...>
On Fri, 16 Aug 2019 22:15:15 +0200
Laszlo Ersek <email@example.com> wrote:
+Alex (direct question at the bottom)It depends. For starters, the vfio mapping API does not allow
unmapping arbitrary sub-ranges of previous mappings. So the hole you
want to punch would need to be independently mapped. From there you
get into the issue of whether this range is a potential DMA target. If
it is, then this is the path to data corruption. We cannot interfere
with the operation of the device and we have little to no visibility of
active DMA targets.
If we're talking about RAM that is never a DMA target, perhaps e820
reserved memory, then we can make sure certainly MemoryRegions are
skipped when mapped by QEMU and would expect the guest to never map
them through a vIOMMU as well. Maybe then it's a question of where
we're trying to provide security (it might be more difficult if QEMU
needs to sanitize vIOMMU mappings to actively prevent mapping
Is there anything unique about the VM case here? Bare metal SMM needs
to be concerned about protecting itself from I/O devices that operate
outside of the realm of SMM mode as well, right? Is something "simple"
like an AddressSpace switch necessary here, such that an I/O device
always has a mapping to a safe guest RAM page while the vCPU
AddressSpace can switch to some protected page? The IOMMU and vCPU
mappings don't need to be the same. The vCPU is more under our control
than the assigned device.
FWIW, RMRRs are a VT-d specific mechanism to define an address range as
persistently, identity mapped for one or more devices. IOW, the device
would always map that range. I don't think that's what you're after
here. RMRRs are also an abomination that I hope we never find a
requirement for in a VM. Thanks,
Paolo Bonzini <pbonzini@...>
On 17/08/19 02:20, Yao, Jiewen wrote:
[Jiewen] That is OK. Then we MUST add the third adversary.Correct. The 0x30000...0x3ffff area is the only problematic one;
Igor's idea (or a variant, for example optionally remapping
0xa0000..0xaffff SMRAM to 0x30000) is becoming more and more attractive.
Paolo Bonzini <pbonzini@...>
On 19/08/19 01:00, Yao, Jiewen wrote:
in real world, we deprecate AB-seg usage because they are vulnerableIndeed the SMRR would not cover the A-seg on real hardware. However, if
the chipset allowed aliasing A-seg SMRAM to 0x30000, it would only be
used for SMBASE relocation of hotplugged CPU. The firmware would still
keep low SMRAM disabled, *except around SMBASE relocation of hotplugged
CPUs*. To avoid cache poisoning attacks, you only have to issue a
WBINVD before enabling low SMRAM and before disabling it. Hotplug SMI
is not a performance-sensitive path, so it's not a big deal.
So I guess you agree that PCI DMA attacks are a potential vector also on
real hardware. As Alex pointed out, VT-d is not a solution because
there could be legitimate DMA happening during CPU hotplug. For OVMF
we'll probably go with Igor's idea, it would be nice if Intel chipsets
supported it too. :)
On 08/19/19 16:10, Paolo Bonzini wrote:
On 19/08/19 01:00, Yao, Jiewen wrote:Alex, thank you for the help! Please let us know if we should remove youin real world, we deprecate AB-seg usage because they are vulnerableIndeed the SMRR would not cover the A-seg on real hardware. However, if
from the CC list, in order not to clutter your inbox. (I've kept your
address for now, for saying thanks. Feel free to stop reading here. Thanks!)
For OVMFSo what is Igor's idea? Please do spoon-feed it to me. I've seen the POC
patch but the memory region manipulation isn't obvious to me.
Regarding TSEG, QEMU doesn't implement it differently from normal RAM.
Instead, if memory serves, there is an extra "black hole" region that is
overlaid, which hides the RAM contents when TSEG is supposed to be
closed (and the guest is not running in SMM).
But this time we're doing something else, right? Is the idea to overlay
the RAM range at 0x30000 with a window (alias) into the "compatible"
SMRAM at 0xA0000-0xBFFFF?
I don't know how the "compatible" SMRAM is implemented in QEMU. Does the
compatible SMRAM behave in sync with TSEG? OVMF doesn't configure or
touch compatible SMRAM at all, at the moment.