mirror of
https://github.com/Motorhead1991/qemu.git
synced 2026-01-05 22:17:40 -07:00
c40ca2301c
Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
This flag is set/checked prior to calling a device's MemoryRegion
handlers, and set when device code initiates DMA. The purpose of this
flag is to prevent two types of DMA-based reentrancy issues:
1.) mmio -> dma -> mmio case
2.) bh -> dma write -> mmio case
These issues have led to problems such as stack-exhaustion and
use-after-frees.
Summary of the problem from Peter Maydell:
https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
Resolves: CVE-2023-0330
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
[thuth: Replace warn_report() with warn_report_once()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| arch_init.c | ||
| balloon.c | ||
| bootdevice.c | ||
| cpu-throttle.c | ||
| cpu-timers.c | ||
| cpus.c | ||
| datadir.c | ||
| device_tree.c | ||
| dirtylimit.c | ||
| dma-helpers.c | ||
| globals.c | ||
| icount.c | ||
| ioport.c | ||
| main.c | ||
| memory.c | ||
| memory_mapping.c | ||
| meson.build | ||
| physmem.c | ||
| qdev-monitor.c | ||
| qemu-seccomp.c | ||
| qtest.c | ||
| rtc.c | ||
| runstate-action.c | ||
| runstate.c | ||
| timers-state.h | ||
| tpm.c | ||
| trace-events | ||
| trace.h | ||
| vl.c | ||