On 210823 1650, Peter Xu wrote: > On Mon, Aug 23, 2021 at 08:10:50PM +0100, Peter Maydell wrote: > > On Mon, 23 Aug 2021 at 17:42, Philippe Mathieu-Daudé <phi...@redhat.com> > > wrote: > > > > > > This series aim to kill a recent class of bug, the infamous > > > "DMA reentrancy" issues found by Alexander while fuzzing. > > > > > > Introduce the 'bus_perm' field in MemTxAttrs, defining 3 bits: > > > > > > - MEMTXPERM_UNSPECIFIED (current default, unchanged behavior) > > > - MEMTXPERM_UNRESTRICTED (allow list approach) > > > - MEMTXPERM_RAM_DEVICE (example of deny list approach) > > > > > > If a transaction permission is not allowed (for example access > > > to non-RAM device), we return the specific MEMTX_BUS_ERROR. > > > > > > Permissions are checked in after the flatview is resolved, and > > > before the access is done, in a new function: flatview_access_allowed(). > > > > So I'm not going to say 'no' to this, because we have a real > > recursive-device-handling problem and I don't have a better > > idea to hand, but the thing about this is that we end up with > > behaviour which is not what the real hardware does. I'm not > > aware of any DMA device which has this kind of "can only DMA > > to/from RAM, and aborts on access to a device" behaviour... > > Sorry for not being familiar with the context - is there more info regarding > the problem to fix? I'm looking at the links mentioned in the old series: > > https://lore.kernel.org/qemu-devel/20200903110831.353476-12-phi...@redhat.com/ > https://bugs.launchpad.net/qemu/+bug/1886362 > https://bugs.launchpad.net/qemu/+bug/1888606 > > They seem all marked as fixed now.
Here are some that should still reproduce: https://gitlab.com/qemu-project/qemu/-/issues/542 https://gitlab.com/qemu-project/qemu/-/issues/540 https://gitlab.com/qemu-project/qemu/-/issues/541 https://gitlab.com/qemu-project/qemu/-/issues/62 https://lore.kernel.org/qemu-devel/20210218140629.373646-1-ppan...@redhat.com/ (CVE-2021-20255) There's also this one, that I don't think I ever created a bug report for (working on it now): https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33247 -Alex > > Thanks, > > -- > Peter Xu >
