mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f88ebe0c7d
qemu/include/hw
History
Alexander Bulekov c40ca2301c memory: prevent dma-reentracy issues 
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
This flag is set/checked prior to calling a device's MemoryRegion
handlers, and set when device code initiates DMA.  The purpose of this
flag is to prevent two types of DMA-based reentrancy issues:

1.) mmio -> dma -> mmio case
2.) bh -> dma write -> mmio case

These issues have led to problems such as stack-exhaustion and
use-after-frees.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
Resolves: CVE-2023-0330

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
[thuth: Replace warn_report() with warn_report_once()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a2e1753b80)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-09-11 10:53:50 +03:00
..
acpi acpi: add get_dev_aml_func() helper 2022-11-07 14:08:17 -05:00
adc
arm hw/arm/boot: Make write_bootloader() public as arm_write_bootloader() 2023-05-18 21:09:59 +03:00
audio
block block: add missed block_acct_setup with new block device init procedure 2022-09-30 18:42:34 +02:00
char
core accel/qtest: Support qtest accelerator for Windows 2022-10-28 11:17:12 +02:00
cpu
cris
cxl hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE 2022-11-07 13:12:19 -05:00
display
dma
firmware hw/smbios: add core_count2 to smbios table type 4 2022-11-07 14:08:17 -05:00
gpio
hyperv
i2c hw/i2c/aspeed: Fix old reg slave receive 2022-10-24 11:20:15 +02:00
i386 include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts 2023-08-04 08:27:03 +03:00
ide hw/ide/piix: Introduce TYPE_ macros for PIIX IDE controllers 2022-10-31 11:32:07 +01:00
input pckbd: remove legacy i8042_mm_init() function 2022-07-18 19:28:46 +01:00
intc hw/intc: Move mtimer/mtimecmp to aclint 2022-09-07 09:19:10 +02:00
ipack
ipmi
isa hw/isa/vt82c686: Instantiate PM function in host device 2022-10-31 11:32:07 +01:00
kvm
loongarch Revert "hw/loongarch/virt: Add cfi01 pflash device" 2022-12-05 11:24:35 -05:00
m68k
mem acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug() 2022-07-26 10:37:46 -04:00
mips hw/mips/bootloader: Allow bl_gen_jump_kernel to optionally set register 2022-10-31 11:32:45 +01:00
misc hw/ppc/mac.h: Rename to include/hw/nvram/mac_nvram.h 2022-10-31 18:48:23 +00:00
net
nubus
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-29 10:20:04 +03:00
openrisc hw/openrisc: Split re-usable boot time apis out to boot.c 2022-09-04 07:02:56 +01:00
pci intel-iommu: PASID support 2022-11-07 14:08:17 -05:00
pci-bridge
pci-host hw/loongarch: Improve fdt for LoongArch virt machine 2022-11-04 17:07:40 +08:00
ppc ppc4xx_sdram: Move ppc4xx_sdram_banks() to ppc4xx_sdram.c 2022-10-28 13:15:23 -03:00
rdma
remote
riscv hw/riscv: virt: Enable booting S-mode firmware from pflash 2022-10-14 14:29:50 +10:00
rtc goldfish_rtc: Add big-endian property 2022-09-04 07:02:56 +01:00
rx
s390x Revert "s390x/s390-virtio-ccw: add zpcii-disable machine property" 2022-11-08 10:10:57 +01:00
scsi include/hw/scsi/scsi.h: Remove unused scsi_legacy_handle_cmdline() prototype 2022-10-22 23:21:16 +02:00
sd hw/sd: Fix sun4i allwinner-sdhost for U-Boot 2022-11-21 11:45:12 +00:00
sensor hw/sensor: Add IC_DEVICE_ID to ISL voltage regulators 2022-07-14 16:24:38 +02:00
sh4
southbridge
sparc
ssi aspeed/smc: Cache AspeedSMCClass 2022-10-24 11:20:15 +02:00
timer hw/intc: Move mtimer/mtimecmp to aclint 2022-09-07 09:19:10 +02:00
tricore
usb hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vfio
virtio vhost: register and change IOMMU flag depending on Device-TLB state 2023-07-31 09:12:06 +03:00
watchdog
xen
xtensa
boards.h reset: allow registering handlers that aren't called by snapshot loading 2022-10-27 11:34:31 +01:00
clock.h
elf_ops.h treewide: Remove the unnecessary space before semicolon 2022-10-24 13:41:10 +02:00
fw-path-provider.h
hotplug.h
hw.h
ide.h
irq.h
loader-fit.h
loader.h
nmi.h
or-irq.h
pcmcia.h
platform-bus.h
ptimer.h
qdev-clock.h
qdev-core.h memory: prevent dma-reentracy issues 2023-09-11 10:53:50 +03:00
qdev-dma.h
qdev-properties-system.h
qdev-properties.h
register.h
registerfields.h
resettable.h
stream.h
sysbus.h
usb.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vmstate-if.h