vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror_qemu/include/exec
History
Alexander Bulekov c40ca2301c memory: prevent dma-reentracy issues 
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
This flag is set/checked prior to calling a device's MemoryRegion
handlers, and set when device code initiates DMA.  The purpose of this
flag is to prevent two types of DMA-based reentrancy issues:

1.) mmio -> dma -> mmio case
2.) bh -> dma write -> mmio case

These issues have led to problems such as stack-exhaustion and
use-after-frees.

Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
Resolves: CVE-2023-0330

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
[thuth: Replace warn_report() with warn_report_once()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a2e1753b80)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 		2023-09-11 10:53:50 +03:00
..
user nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
address-spaces.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
confidential-guest-support.h confidential guest support: Introduce cgs "ready" flag 2021-02-08 16:57:38 +11:00
cpu-all.h accel/tcg: Simplify page_get/alloc_target_data 2022-10-26 11:11:28 +10:00
cpu-common.h exec/cpu-common: add qemu_ram_get_fd() 2022-10-26 14:56:42 -04:00
cpu-defs.h accel/tcg: Introduce TARGET_TB_PCREL 2022-10-04 12:13:16 -07:00
cpu_ldst.h Replace TARGET_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
cputlb.h overall/alpha tcg cpus|hppa: Fix Lesser GPL version number 2020-11-15 16:43:54 +01:00
exec-all.h accel/tcg: Remove will_exit argument from cpu_restore_state 2022-11-01 08:31:41 +11:00
gdbstub.h gdbstub: Adjust gdb_syscall_complete_cb declaration 2022-06-28 04:35:52 +05:30
gen-icount.h accel/tcg: introduce CF_NOIRQ 2021-11-29 15:12:37 +00:00
helper-gen.h tracing: excise the tcg related from tracetool 2022-02-09 12:08:42 +00:00
helper-head.h compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
helper-proto.h tracing: remove the trace-tcg includes from the build 2022-02-09 12:08:42 +00:00
helper-tcg.h tracing: remove the trace-tcg includes from the build 2022-02-09 12:08:42 +00:00
hwaddr.h move MemMapEntry 2020-09-30 11:29:56 +02:00
ioport.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
log.h include/exec/log: Do not reference QemuLogFile directly 2022-04-20 10:51:11 -07:00
memattrs.h softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR 2022-03-21 10:10:58 +01:00
memop.h Replace TARGET_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
memopidx.h Normalize header guard symbol definition 2022-05-11 16:50:26 +02:00
memory-internal.h cputlb: Merge and move memory_notdirty_write_{prepare,complete} 2019-09-25 10:44:29 -07:00
memory.h memory: prevent dma-reentracy issues 2023-09-11 10:53:50 +03:00
memory_ldst.h.inc exec/memory_ldst: Use correct type sizes 2021-05-26 08:35:51 -07:00
memory_ldst_cached.h.inc exec/memory_ldst_cached: Use correct type size 2021-05-26 08:35:51 -07:00
memory_ldst_phys.h.inc exec/memory_ldst_phys: Use correct type sizes 2021-05-26 08:35:51 -07:00
page-vary.h include: move target page bits declaration to page-vary.h 2022-04-06 14:31:43 +02:00
plugin-gen.h accel/tcg: Use DisasContextBase in plugin_gen_tb_start 2022-10-03 20:53:31 -07:00
poison.h disas: Remove libvixl disassembler 2022-07-05 10:15:49 +02:00
ram_addr.h migration: Use non-atomic ops for clear log bitmap 2022-11-21 11:58:10 +01:00
ramblock.h migration: Use non-atomic ops for clear log bitmap 2022-11-21 11:58:10 +01:00
ramlist.h qapi: introduce x-query-ramblock QMP command 2021-11-02 15:55:14 +00:00
target_page.h migration: Make savevm.c target independent 2017-05-18 19:21:00 +02:00
translate-all.h accel/tcg: Rename tb_invalidate_phys_page_range and drop end parameter 2022-10-26 11:11:28 +10:00
translator.h target/s390x: fake instruction loading when handling 'ex' 2022-10-31 20:37:59 +00:00