On Fri, 27 May 2022 at 17:19, Alexander Bulekov <alx...@bu.edu> wrote: > > Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA. > This flag should be set/checked prior to calling a device's MemoryRegion > handlers, and set when device code initiates DMA. The purpose of this > flag is to prevent DMA reentrancy issues. E.g.: > sdhci pio -> dma write -> sdhci mmio > nvme bh -> dma write -> nvme mmio > > These issues have led to problems such as stack-exhaustion and > use-after-frees. > > Assumptions: > * Devices do not interact with their own PIO/MMIO memory-regions using > DMA.
If you're trying to protect against malicious guest-controlled DMA operations, you can't assume that. The guest can program a DMA controller to DMA to its own MMIO register bank if it likes. > * There is now way for there to be multiple simultaneous accesses to a > device's PIO/MMIO memory-regions, or for multiple threads to perform > DMA accesses simultaneously on behalf of a single device. This one is generally true because device code runs with the iothread lock held. -- PMM
