mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9c86c97f12
qemu/include/hw
History
Alexander Bulekov a2e1753b80 memory: prevent dma-reentracy issues 
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
This flag is set/checked prior to calling a device's MemoryRegion
handlers, and set when device code initiates DMA.  The purpose of this
flag is to prevent two types of DMA-based reentrancy issues:

1.) mmio -> dma -> mmio case
2.) bh -> dma write -> mmio case

These issues have led to problems such as stack-exhaustion and
use-after-frees.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
Resolves: CVE-2023-0330

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
[thuth: Replace warn_report() with warn_report_once()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-04-28 11:20:01 +02:00
..
acpi tpm: Extend common APIs to support TPM TIS I2C 2023-04-20 08:17:15 -04:00
adc hw/arm/npcm7xx: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
arm fsl-imx7: Add fec[12]-phy-connected properties 2023-04-20 10:46:35 +01:00
audio introduce -audio as a replacement for -soundhw 2022-05-14 12:33:44 +02:00
block hw/block: replace TABs with space 2023-03-24 11:45:46 +01:00
char hw/char/cmsdk-apb-uart: Open-code cmsdk_apb_uart_create() 2023-02-27 13:27:05 +00:00
core softmmu: Restore use of CPU watchpoint for all accelerators 2023-03-28 15:24:06 -07:00
cpu
cris include: Include headers where needed 2023-01-08 01:54:22 -05:00
cxl hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
display include: Include headers where needed 2023-01-08 01:54:22 -05:00
dma include: Include headers where needed 2023-01-08 01:54:22 -05:00
firmware hw/smbios: add core_count2 to smbios table type 4 2022-11-07 14:08:17 -05:00
gpio hw/gpio: replace HWADDR_PRIx with PRIx64 2022-05-25 10:31:33 +02:00
hyperv hw/hyperv/vmbus: Remove unused vmbus_load/save_req() 2022-05-30 19:49:42 +02:00
i2c qtest: Add functions for accessing devices on Aspeed I2C controller 2023-04-20 08:17:15 -04:00
i386 hw/acpi: limit warning on acpi table size to pc machines older than version 2.3 2023-04-24 22:56:55 -04:00
ide hw/ide: replace TABs with space 2023-03-24 11:45:33 +01:00
input hw/input: Clean up includes 2023-02-08 07:16:23 +01:00
intc hw/mips: Declare all length properties as unsigned 2023-03-08 00:37:48 +01:00
ipack
ipmi
isa hw/audio/via-ac97: Basic implementation of audio playback 2023-03-08 00:37:48 +01:00
kvm
loongarch hw/loongarch/virt: add system_powerdown hmp command support 2023-03-03 09:37:30 +08:00
m68k
mem acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug() 2022-07-26 10:37:46 -04:00
mips hw/mips/bootloader: Handle buffers as opaque arrays 2023-01-13 09:32:32 +01:00
misc lasi: fix RTC migration 2023-04-20 11:17:35 +02:00
net hw/net/imx_fec: Support two Ethernet interfaces connected to single MDIO bus 2023-04-20 10:25:43 +01:00
nubus Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-02 03:10:46 -05:00
openrisc hw/openrisc: Split re-usable boot time apis out to boot.c 2022-09-04 07:02:56 +01:00
pci hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
pci-bridge pci/pci_expander_bridge: For CXL HB delay the HB register memory region setup. 2022-06-09 19:32:49 -04:00
pci-host ppc patch queue for 2023-03-03: 2023-03-04 14:01:34 +00:00
ppc pnv_phb4_pec: Simplify/align code to parent user-created PHBs 2023-03-03 16:50:17 -03:00
rdma
remote include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
riscv hw/riscv/virt: Enable basic ACPI infrastructure 2023-03-06 11:35:04 -08:00
rtc hw/rtc: Rename rtc_[get|set]_memory -> mc146818rtc_[get|set]_cmos_data 2023-02-27 22:29:02 +01:00
rx Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
s390x s390x/pv: Add support for asynchronous teardown for reboot 2023-02-27 09:15:39 +01:00
scsi replace TABs with spaces 2023-03-20 12:43:50 +01:00
sd replace TABs with spaces 2023-03-20 12:43:50 +01:00
sensor hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators 2022-07-14 16:24:38 +02:00
sh4
southbridge hw: Move ich9.h to southbridge/ 2023-02-27 22:29:01 +01:00
sparc
ssi Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
timer hw: Replace isa_get_irq() by isa_bus_get_irq() when ISABus is available 2023-02-27 22:29:02 +01:00
tricore Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
usb include: Include headers where needed 2023-01-08 01:54:22 -05:00
vfio vfio/migration: Rename entry points 2023-03-07 11:19:07 -07:00
virtio virtio: refresh vring region cache after updating a virtqueue size 2023-04-21 03:08:21 -04:00
watchdog hw/watchdog: Allwinner WDT emulation for system reset 2023-04-20 10:21:13 +01:00
xen hw/xen: Rename xen_common.h to xen_native.h 2023-03-07 17:04:30 +00:00
xtensa
boards.h hw: Add compat machines for 8.1 2023-04-21 04:25:52 -04:00
clock.h
elf_ops.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
fw-path-provider.h
hotplug.h pci: fix 'hotplugglable' property behavior 2023-03-07 12:38:59 -05:00
hw.h compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
ide.h hw/ide: Declare ide_get_[geometry/bios_chs_trans] in 'hw/ide/internal.h' 2023-02-27 22:29:02 +01:00
irq.h hw/core/irq: remove unused 'qemu_irq_split' function 2022-04-21 11:37:04 +01:00
loader-fit.h
loader.h hw: arm: Support direct boot for Linux/arm64 EFI zboot images 2023-03-06 14:08:12 +00:00
nmi.h
or-irq.h hw: Replace qemu_or_irq typedef by OrIRQState 2023-02-27 13:27:05 +00:00
pcmcia.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
platform-bus.h
ptimer.h ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
qdev-clock.h
qdev-core.h memory: prevent dma-reentracy issues 2023-04-28 11:20:01 +02:00
qdev-dma.h
qdev-properties-system.h
qdev-properties.h qdev-properties: Add a new macro with bitmask check for uint64_t property 2022-05-14 12:32:41 +02:00
register.h
registerfields.h hw/registerfields: Add shared fields macros 2022-06-22 09:49:34 +02:00
resettable.h
stream.h
sysbus.h
usb.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vmstate-if.h