This series aim to kill a recent class of bug, the infamous
"DMA reentrancy" issues found by Alexander while fuzzing.
Introduce the 'bus_perm' field in MemTxAttrs, defining 3 bits:
- MEMTXPERM_UNSPECIFIED (current default, unchanged behavior)
- MEMTXPERM_UNRESTRICTED (allow list approach)
- MEMTXPERM_RAM_DEVICE (example of deny list approach)
If a transaction permission is not allowed (for example access
to non-RAM device), we return the specific MEMTX_BUS_ERROR.
Permissions are checked in after the flatview is resolved, and
before the access is done, in a new function: flatview_access_allowed().
I'll post another series on top as example, fixing the SD card
bugs.
Since v1 ("hw: Forbid DMA write accesses to MMIO regions") [1]:
- rewrite based on Peter / Stefan feedbacks
Based on "hw: Let the DMA API take a MemTxAttrs argument" [2].
Supersedes: <20200903110831.353476-1-phi...@redhat.com>
Based-on: <20210702092439.989969-1-phi...@redhat.com>
[1] https://www.mail-archive.com/qemu-block@nongnu.org/msg72924.html
[2] https://www.mail-archive.com/qemu-devel@nongnu.org/msg820359.html
Philippe Mathieu-Daudé (5):
softmmu/physmem: Simplify flatview_write and
address_space_access_valid
hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR
exec/memattrs: Introduce MemTxAttrs::bus_perm field
softmmu/physmem: Introduce flatview_access_allowed() to check bus
perms
softmmu/physmem: Have flaview API check MemTxAttrs::bus_perm field
include/exec/memattrs.h | 21 +++++++++++++
hw/intc/arm_gicv3_dist.c | 4 +--
hw/intc/arm_gicv3_redist.c | 4 +--
softmmu/physmem.c | 61 ++++++++++++++++++++++++++++++++------
4 files changed, 77 insertions(+), 13 deletions(-)
--
2.31.1
