mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c40ca2301c
qemu/include/hw
History
Alexander Bulekov c40ca2301c memory: prevent dma-reentracy issues 
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
This flag is set/checked prior to calling a device's MemoryRegion
handlers, and set when device code initiates DMA.  The purpose of this
flag is to prevent two types of DMA-based reentrancy issues:

1.) mmio -> dma -> mmio case
2.) bh -> dma write -> mmio case

These issues have led to problems such as stack-exhaustion and
use-after-frees.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
Resolves: CVE-2023-0330

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
[thuth: Replace warn_report() with warn_report_once()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a2e1753b80)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-09-11 10:53:50 +03:00
..
acpi acpi: add get_dev_aml_func() helper 2022-11-07 14:08:17 -05:00
adc hw/adc/zynq-xadc: Use qemu_irq typedef 2022-05-19 16:19:02 +01:00
arm hw/arm/boot: Make write_bootloader() public as arm_write_bootloader() 2023-05-18 21:09:59 +03:00
audio introduce -audio as a replacement for -soundhw 2022-05-14 12:33:44 +02:00
block block: add missed block_acct_setup with new block device init procedure 2022-09-30 18:42:34 +02:00
char hw/riscv: spike: Allow using binary firmware as bios 2022-01-21 15:52:56 +10:00
core accel/qtest: Support qtest accelerator for Windows 2022-10-28 11:17:12 +02:00
cpu
cris
cxl hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE 2022-11-07 13:12:19 -05:00
display xlnx_dp: Introduce a vblank signal 2022-06-08 19:38:47 +01:00
dma hw/dma/xlnx_csu_dma: Support starting a read transfer through a class method 2022-01-28 14:29:46 +00:00
firmware hw/smbios: add core_count2 to smbios table type 4 2022-11-07 14:08:17 -05:00
gpio hw/gpio: replace HWADDR_PRIx with PRIx64 2022-05-25 10:31:33 +02:00
hyperv hw/hyperv/vmbus: Remove unused vmbus_load/save_req() 2022-05-30 19:49:42 +02:00
i2c hw/i2c/aspeed: Fix old reg slave receive 2022-10-24 11:20:15 +02:00
i386 include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts 2023-08-04 08:27:03 +03:00
ide hw/ide/piix: Introduce TYPE_ macros for PIIX IDE controllers 2022-10-31 11:32:07 +01:00
input pckbd: remove legacy i8042_mm_init() function 2022-07-18 19:28:46 +01:00
intc hw/intc: Move mtimer/mtimecmp to aclint 2022-09-07 09:19:10 +02:00
ipack
ipmi
isa hw/isa/vt82c686: Instantiate PM function in host device 2022-10-31 11:32:07 +01:00
kvm
loongarch Revert "hw/loongarch/virt: Add cfi01 pflash device" 2022-12-05 11:24:35 -05:00
m68k hw/m68k/mcf: Add missing 'exec/hwaddr.h' header 2022-02-21 10:35:13 +01:00
mem acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug() 2022-07-26 10:37:46 -04:00
mips hw/mips/bootloader: Allow bl_gen_jump_kernel to optionally set register 2022-10-31 11:32:45 +01:00
misc hw/ppc/mac.h: Rename to include/hw/nvram/mac_nvram.h 2022-10-31 18:48:23 +00:00
net Clean up decorations and whitespace around header guards 2022-05-11 16:50:32 +02:00
nubus Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-29 10:20:04 +03:00
openrisc hw/openrisc: Split re-usable boot time apis out to boot.c 2022-09-04 07:02:56 +01:00
pci intel-iommu: PASID support 2022-11-07 14:08:17 -05:00
pci-bridge pci/pci_expander_bridge: For CXL HB delay the HB register memory region setup. 2022-06-09 19:32:49 -04:00
pci-host hw/loongarch: Improve fdt for LoongArch virt machine 2022-11-04 17:07:40 +08:00
ppc ppc4xx_sdram: Move ppc4xx_sdram_banks() to ppc4xx_sdram.c 2022-10-28 13:15:23 -03:00
rdma qapi: introduce x-query-rdma QMP command 2021-11-02 15:55:14 +00:00
remote vfio-user: handle device interrupts 2022-06-15 16:43:42 +01:00
riscv hw/riscv: virt: Enable booting S-mode firmware from pflash 2022-10-14 14:29:50 +10:00
rtc goldfish_rtc: Add big-endian property 2022-09-04 07:02:56 +01:00
rx Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
s390x Revert "s390x/s390-virtio-ccw: add zpcii-disable machine property" 2022-11-08 10:10:57 +01:00
scsi include/hw/scsi/scsi.h: Remove unused scsi_legacy_handle_cmdline() prototype 2022-10-22 23:21:16 +02:00
sd hw/sd: Fix sun4i allwinner-sdhost for U-Boot 2022-11-21 11:45:12 +00:00
sensor hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators 2022-07-14 16:24:38 +02:00
sh4 hw/intc/sh_intc: Inline and drop sh_intc_source() function 2021-10-30 18:39:37 +02:00
southbridge hw/isa/piix3: Inline and remove piix3_create() 2022-06-11 11:44:50 +02:00
sparc
ssi aspeed/smc: Cache AspeedSMCClass 2022-10-24 11:20:15 +02:00
timer hw/intc: Move mtimer/mtimecmp to aclint 2022-09-07 09:19:10 +02:00
tricore Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
usb hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vfio vfio/common: Rename VFIOGuestIOMMU::iommu into ::iommu_mr 2022-05-06 09:06:51 -06:00
virtio vhost: register and change IOMMU flag depending on Device-TLB state 2023-07-31 09:12:06 +03:00
watchdog Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
xen hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it 2022-06-29 00:24:59 +02:00
xtensa
boards.h reset: allow registering handlers that aren't called by snapshot loading 2022-10-27 11:34:31 +01:00
clock.h host-utils: add 128-bit quotient support to divu128/divs128 2021-10-27 17:10:00 -07:00
elf_ops.h treewide: Remove the unnecessary space before semicolon 2022-10-24 13:41:10 +02:00
fw-path-provider.h
hotplug.h
hw.h compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
ide.h include/hw/ide: Unexport pci_piix3_xen_ide_unplug() 2022-06-09 14:47:42 +01:00
irq.h hw/core/irq: remove unused 'qemu_irq_split' function 2022-04-21 11:37:04 +01:00
loader-fit.h
loader.h hw/core/loader: return image sizes as ssize_t 2022-06-10 09:31:42 +10:00
nmi.h
or-irq.h
pcmcia.h
platform-bus.h
ptimer.h ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
qdev-clock.h
qdev-core.h memory: prevent dma-reentracy issues 2023-09-11 10:53:50 +03:00
qdev-dma.h
qdev-properties-system.h
qdev-properties.h qdev-properties: Add a new macro with bitmask check for uint64_t property 2022-05-14 12:32:41 +02:00
register.h
registerfields.h hw/registerfields: Add shared fields macros 2022-06-22 09:49:34 +02:00
resettable.h
stream.h
sysbus.h
usb.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vmstate-if.h