vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror_qemu/hw/net
History
Zheyu Ma 36a894aeb6 net: tulip: Restrict DMA engine to memories 
The DMA engine is started by I/O access and then itself accesses the
I/O registers, triggering a reentrancy bug.

The following log can reveal it:
==5637==ERROR: AddressSanitizer: stack-overflow
    #0 0x5595435f6078 in tulip_xmit_list_update qemu/hw/net/tulip.c:673
    #1 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13
    #2 0x559544637f86 in memory_region_write_accessor qemu/softmmu/memory.c:492:5
    #3 0x5595446379fa in access_with_adjusted_size qemu/softmmu/memory.c:554:18
    #4 0x5595446372fa in memory_region_dispatch_write qemu/softmmu/memory.c
    #5 0x55954468b74c in flatview_write_continue qemu/softmmu/physmem.c:2825:23
    #6 0x559544683662 in flatview_write qemu/softmmu/physmem.c:2867:12
    #7 0x5595446833f3 in address_space_write qemu/softmmu/physmem.c:2963:18
    #8 0x5595435fb082 in dma_memory_rw_relaxed qemu/include/sysemu/dma.h:87:12
    #9 0x5595435fb082 in dma_memory_rw qemu/include/sysemu/dma.h:130:12
    #10 0x5595435fb082 in dma_memory_write qemu/include/sysemu/dma.h:171:12
    #11 0x5595435fb082 in stl_le_dma qemu/include/sysemu/dma.h:272:1
    #12 0x5595435fb082 in stl_le_pci_dma qemu/include/hw/pci/pci.h:910:1
    #13 0x5595435fb082 in tulip_desc_write qemu/hw/net/tulip.c:101:9
    #14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9
    #15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13

Fix this bug by restricting the DMA engine to memories regions.

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
 		2022-09-02 10:22:39 +08:00
..
can ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
fsl_etsec hw/net/fsl_etsec/etsec: Remove obsolete and unused etsec_create() 2022-06-11 11:44:50 +02:00
rocker hw/net/rocker: Avoid undefined shifts with more than 31 ports 2022-08-09 17:02:18 +08:00
Kconfig hw/net/can: Correct Kconfig dependencies 2020-09-30 19:11:37 +02:00
allwinner-sun8i-emac.c dma: Let dma_memory_read/write() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
allwinner_emac.c hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
cadence_gem.c cadence_gem: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
dp8393x.c dp8393x: don't force 32-bit register access 2021-07-11 22:29:54 +02:00
e1000.c e1000: set RX descriptor status in a separate operation 2022-07-06 11:39:09 +08:00
e1000_regs.h e1000: Rename the SEC symbol to SEQEC 2017-09-08 08:17:37 +08:00
e1000e.c hw/net: e1000e: Correct the initial value of VET register 2021-08-02 12:19:18 +08:00
e1000e_core.c e1000e: Fix possible interrupt loss when using MSI 2022-07-26 16:23:54 +08:00
e1000e_core.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000x_common.c e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000x_common.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
eepro100.c pci: Let ld*_pci_dma() propagate MemTxResult 2021-12-31 01:05:27 +01:00
etraxfs_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ftgmac100.c dma: Let dma_memory_read/write() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
i82596.h hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
imx_fec.c Trivial: 3 char repeat typos 2022-06-28 11:06:02 +02:00
lan9118.c ptimer: Rename PTIMER_POLICY_DEFAULT to PTIMER_POLICY_LEGACY 2022-05-19 16:19:03 +01:00
lance.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
lasi_i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
mcf_fec.c mcf_fec: Move mcf_fec_state typedef to header 2020-08-27 14:04:54 -04:00
meson.build meson: use have_vhost_* variables to pick sources 2022-05-07 07:46:58 +02:00
mipsnet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
msf2-emac.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
mv88w8618_eth.c hw/net: Move MV88W8618 network device out of hw/arm/ directory 2022-01-20 11:47:52 +00:00
ne2000-isa.c hw/isa: Inline and remove one-line isa_init_irq() 2022-03-08 19:38:17 +01:00
ne2000-pci.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
ne2000.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
ne2000.h Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
net_rx_pkt.c NetRxPkt: fix hash calculation of IPV6 TCP 2020-03-03 18:04:47 +08:00
net_rx_pkt.h NetRxPkt: Introduce support for additional hash types 2020-03-03 18:04:47 +08:00
net_tx_pkt.c hw/net/net_tx_pkt: Fix crash detected by fuzzer 2021-07-19 09:33:39 +02:00
net_tx_pkt.h hw/net: Added plen fix for IPv6 2020-07-21 21:30:39 +08:00
npcm7xx_emc.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
opencores_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pcnet-pci.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
pcnet.c pcnet: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
pcnet.h lance: replace PROP_PTR with PROP_LINK 2020-01-07 17:24:29 +04:00
rtl8139.c Replace GCC_FMT_ATTR with G_GNUC_PRINTF 2022-03-22 14:40:51 +04:00
smc91c111.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
spapr_llan.c Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
stellaris_enet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
sungem.c sungem: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
sunhme.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
trace-events hw/net: e1000e: Clear ICR on read when using non MSI-X interrupts 2022-02-14 11:50:44 +08:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
tulip.c net: tulip: Restrict DMA engine to memories 2022-09-02 10:22:39 +08:00
tulip.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
vhost_net-stub.c Revert "virtio-net: add support for configure interrupt" 2022-01-10 16:00:54 -05:00
vhost_net.c vhost_net: add NetClientState->load() callback 2022-09-02 10:22:39 +08:00
virtio-net.c virtio-net: Expose ctrl virtqueue logic 2022-07-20 16:58:08 +08:00
vmware_utils.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet3.c hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR 2022-02-14 11:50:44 +08:00
vmxnet3.h Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
vmxnet3_defs.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vmxnet_debug.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
xen_nic.c Revert "net: Move NetClientState.info_str to dynamic allocations" 2021-04-08 17:33:59 +08:00
xgmac.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xilinx_axienet.c hw/net/xilinx_axienet: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
xilinx_ethlite.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00