qemu/softmmu
Alexander Bulekov a2e1753b80 memory: prevent dma-reentracy issues
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
This flag is set/checked prior to calling a device's MemoryRegion
handlers, and set when device code initiates DMA.  The purpose of this
flag is to prevent two types of DMA-based reentrancy issues:

1.) mmio -> dma -> mmio case
2.) bh -> dma write -> mmio case

These issues have led to problems such as stack-exhaustion and
use-after-frees.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
Resolves: CVE-2023-0330

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
[thuth: Replace warn_report() with warn_report_once()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-28 11:20:01 +02:00
..
arch_init.c softmmu: Add qemu_init_arch_modules() 2022-03-06 13:15:42 +01:00
balloon.c qapi: Restrict balloon-related commands to machine code 2020-09-29 15:41:35 +02:00
bootdevice.c machine: use QAPI struct for boot configuration 2022-05-12 12:29:43 +02:00
cpu-throttle.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
cpu-timers.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
cpus.c include/block: Untangle inclusion loops 2023-01-20 07:24:28 +01:00
datadir.c meson: Prefix each element of firmware path 2022-07-13 16:58:57 +02:00
device_tree.c device-tree: add re-randomization helper function 2022-10-27 11:34:31 +01:00
dirtylimit.c softmmu: Move dirtylimit.c into the target independent source set 2023-04-20 11:25:32 +02:00
dma-helpers.c dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race 2023-02-23 19:49:35 +01:00
globals.c hw/xen: Add xenstore operations to allow redirection to internal emulation 2023-03-07 17:04:30 +00:00
icount.c replay: rewrite async event handling 2022-06-06 09:26:53 +02:00
ioport.c softmmu: Add missing trace-events file 2020-09-09 17:15:18 +01:00
main.c ui/cocoa: Run qemu_init in the main thread 2022-09-23 14:36:33 +02:00
memory_mapping.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
memory.c memory: prevent dma-reentracy issues 2023-04-28 11:20:01 +02:00
meson.build softmmu: Move dirtylimit.c into the target independent source set 2023-04-20 11:25:32 +02:00
physmem.c accel/tcg: Pass last not end to tb_invalidate_phys_range 2023-03-28 15:23:10 -07:00
qdev-monitor.c qdev: Move HMP command completion from monitor to softmmu/ 2023-02-04 07:56:54 +01:00
qemu-seccomp.c seccomp: Get actual errno value from failed seccomp functions 2022-10-26 13:32:58 +01:00
qtest.c softmmu: Make qtest.c target independent 2023-04-20 11:25:32 +02:00
rtc.c replay: Simplify setting replay blockers 2023-02-23 14:10:17 +01:00
runstate-action.c runstate: cleanup reboot and panic actions 2021-01-21 13:00:41 +01:00
runstate-hmp-cmds.c runstate: Move HMP commands from monitor/ to softmmu/ 2023-02-04 07:56:54 +01:00
runstate.c gdbstub: move syscall handling to new file 2023-03-07 20:44:08 +00:00
timers-state.h qemu/atomic: Add aligned_{int64,uint64}_t types 2021-07-21 07:45:38 -10:00
tpm-hmp-cmds.c tpm: Move HMP commands from monitor/ to softmmu/ 2023-02-04 07:56:54 +01:00
tpm.c qapi: More complex uses of QAPI_LIST_APPEND 2021-01-28 08:08:45 +01:00
trace-events softmmu/dirtylimit: Implement virtual CPU throttle 2022-07-20 12:15:08 +01:00
trace.h softmmu: Add missing trace-events file 2020-09-09 17:15:18 +01:00
vl.c vl.c: Create late backends before migration object 2023-04-24 11:29:01 +02:00
watchpoint.c softmmu: Restore use of CPU watchpoint for all accelerators 2023-03-28 15:24:06 -07:00