From: Andrew Fish <afish@apple.com>
To: "Tomas Pilar (tpilar)" <tpilar@solarflare.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: Hiding physical memory from OS and VT-d/IOMMU
Date: Fri, 03 Mar 2017 09:06:52 -0800 [thread overview]
Message-ID: <8239214C-DAB8-4CED-A683-90DB1AA0DE47@apple.com> (raw)
In-Reply-To: <08cbd2c5-5d7e-bdc7-cf74-e5c48edf86c0@solarflare.com>
> On Mar 3, 2017, at 8:32 AM, Tomas Pilar (tpilar) <tpilar@solarflare.com> wrote:
>
> Hi,
>
>
> I am trying to implement a message-box communication protocol between
> PCIe devices in the same host without the assistance of the OS. For
> irreducible reasons, I can't use PCIe endpoint-to-endpoint communication
> so I thought I could create a DMA based message-box protocol where in
> UEFI driver probe (during DXE) I blot out some physical memory (by
> leaking a page of memory allocated as EfiRuntimeServicesData) that the
> devices will then use to communicate even when the OS loads.
>
>
> This runs into a problem when VT-d/IOMMU is involved because it still
> stops the device from DMA into that page, even though the OS shouldn't
> touch the page as it's been allocated using EfiRuntimeServicesData.
>
>
> So my query is: Can I achieve this by allocating the box as a different
> memory type (such as EfiUnusableMemory or EfiReservedMemoryType) and if
> not, what would be a better way of doing this?
>
No VT-d is designed to stop attacks like yours. By default VT-d blocks all DMA, and only allows DMA when it is properly requested by an OS driver that is trusted.
You need an OS driver to map the DMA region for use by the PCI devices prior to using it on a system with VT-d enabled. If there was a way around this that would be a security bug in the IOMMU that an attacker could exploit.
Thanks,
Andrew Fish
>
> Cheers,
>
> Tom
>
> The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error, please notify the sender immediately and delete the message. Unless you are an addressee (or authorized to receive for an addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. The unauthorized use, disclosure, copying or alteration of this message is strictly prohibited.
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
next prev parent reply other threads:[~2017-03-03 17:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-03 16:32 Hiding physical memory from OS and VT-d/IOMMU Tomas Pilar (tpilar)
2017-03-03 17:06 ` Andrew Fish [this message]
2017-03-03 18:03 ` Tomas Pilar (tpilar)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8239214C-DAB8-4CED-A683-90DB1AA0DE47@apple.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox