Re: [edk2-devel] CPU hotplug using SMM with QEMU+OVMF


Paolo Bonzini <pbonzini@...>
 

On 19/08/19 01:00, Yao, Jiewen wrote:
in real world, we deprecate AB-seg usage because they are vulnerable
to smm cache poison attack. I assume cache poison is out of scope in
the virtual world, or there is a way to prevent ABseg cache poison.
Indeed the SMRR would not cover the A-seg on real hardware. However, if
the chipset allowed aliasing A-seg SMRAM to 0x30000, it would only be
used for SMBASE relocation of hotplugged CPU. The firmware would still
keep low SMRAM disabled, *except around SMBASE relocation of hotplugged
CPUs*. To avoid cache poisoning attacks, you only have to issue a
WBINVD before enabling low SMRAM and before disabling it. Hotplug SMI
is not a performance-sensitive path, so it's not a big deal.

So I guess you agree that PCI DMA attacks are a potential vector also on
real hardware. As Alex pointed out, VT-d is not a solution because
there could be legitimate DMA happening during CPU hotplug. For OVMF
we'll probably go with Igor's idea, it would be nice if Intel chipsets
supported it too. :)

Paolo

Join rfc@edk2.groups.io to automatically receive all group messages.