mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-07-27 12:23:53 -06:00

Right now, we only allow for writing to memory regions that allow direct access using memcpy etc; all other writes are simply ignored. This implies that debugging guests will not work as expected when writing to MMIO device regions. Let's extend cpu_memory_rw_debug() to write to more memory regions, including MMIO device regions. Reshuffle the condition in memory_access_is_direct() to make it easier to read and add a comment. While this change implies that debug access can now also write to MMIO devices, we now are also permit ELF image loads and similar users of cpu_memory_rw_debug() to write to MMIO devices; currently we ignore these writes. Peter assumes [1] that there's probably a class of guest images, which will start writing junk (likely zeroes) into device model registers; we previously would silently ignore any such bogus ELF sections. Likely these images are of questionable correctness and this can be ignored. If ever a problem, we could make these cases use address_space_write_rom() instead, which is left unchanged for now. This patch is based on previous work by Stefan Zabka. [1] https://lore.kernel.org/all/CAFEAcA_2CEJKFyjvbwmpt=on=GgMVamQ5hiiVt+zUr6AY3X=Xg@mail.gmail.com/ Resolves: https://gitlab.com/qemu-project/qemu/-/issues/213 Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com> Link: https://lore.kernel.org/r/20250210084648.33798-8-david@redhat.com Signed-off-by: Peter Xu <peterx@redhat.com>
90 lines
3 KiB
C
90 lines
3 KiB
C
/*
|
|
* Memory transaction attributes
|
|
*
|
|
* Copyright (c) 2015 Linaro Limited.
|
|
*
|
|
* Authors:
|
|
* Peter Maydell <peter.maydell@linaro.org>
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
* See the COPYING file in the top-level directory.
|
|
*
|
|
*/
|
|
|
|
#ifndef MEMATTRS_H
|
|
#define MEMATTRS_H
|
|
|
|
/* Every memory transaction has associated with it a set of
|
|
* attributes. Some of these are generic (such as the ID of
|
|
* the bus master); some are specific to a particular kind of
|
|
* bus (such as the ARM Secure/NonSecure bit). We define them
|
|
* all as non-overlapping bitfields in a single struct to avoid
|
|
* confusion if different parts of QEMU used the same bit for
|
|
* different semantics.
|
|
*/
|
|
typedef struct MemTxAttrs {
|
|
/*
|
|
* ARM/AMBA: TrustZone Secure access
|
|
* x86: System Management Mode access
|
|
*/
|
|
unsigned int secure:1;
|
|
/*
|
|
* ARM: ArmSecuritySpace. This partially overlaps secure, but it is
|
|
* easier to have both fields to assist code that does not understand
|
|
* ARMv9 RME, or no specific knowledge of ARM at all (e.g. pflash).
|
|
*/
|
|
unsigned int space:2;
|
|
/* Memory access is usermode (unprivileged) */
|
|
unsigned int user:1;
|
|
/*
|
|
* Bus interconnect and peripherals can access anything (memories,
|
|
* devices) by default. By setting the 'memory' bit, bus transaction
|
|
* are restricted to "normal" memories (per the AMBA documentation)
|
|
* versus devices. Access to devices will be logged and rejected
|
|
* (see MEMTX_ACCESS_ERROR).
|
|
*/
|
|
unsigned int memory:1;
|
|
/* Debug access that can even write to ROM. */
|
|
unsigned int debug:1;
|
|
/* Requester ID (for MSI for example) */
|
|
unsigned int requester_id:16;
|
|
|
|
/*
|
|
* PID (PCI PASID) support: Limited to 8 bits process identifier.
|
|
*/
|
|
unsigned int pid:8;
|
|
|
|
/*
|
|
* Bus masters which don't specify any attributes will get this
|
|
* (via the MEMTXATTRS_UNSPECIFIED constant), so that we can
|
|
* distinguish "all attributes deliberately clear" from
|
|
* "didn't specify" if necessary. "debug" can be set alongside
|
|
* "unspecified".
|
|
*/
|
|
bool unspecified;
|
|
|
|
uint8_t _reserved1;
|
|
uint16_t _reserved2;
|
|
} MemTxAttrs;
|
|
|
|
QEMU_BUILD_BUG_ON(sizeof(MemTxAttrs) > 8);
|
|
|
|
/* Bus masters which don't specify any attributes will get this,
|
|
* which has all attribute bits clear except the topmost one
|
|
* (so that we can distinguish "all attributes deliberately clear"
|
|
* from "didn't specify" if necessary).
|
|
*/
|
|
#define MEMTXATTRS_UNSPECIFIED ((MemTxAttrs) { .unspecified = true })
|
|
|
|
/* New-style MMIO accessors can indicate that the transaction failed.
|
|
* A zero (MEMTX_OK) response means success; anything else is a failure
|
|
* of some kind. The memory subsystem will bitwise-OR together results
|
|
* if it is synthesizing an operation from multiple smaller accesses.
|
|
*/
|
|
#define MEMTX_OK 0
|
|
#define MEMTX_ERROR (1U << 0) /* device returned an error */
|
|
#define MEMTX_DECODE_ERROR (1U << 1) /* nothing at that address */
|
|
#define MEMTX_ACCESS_ERROR (1U << 2) /* access denied */
|
|
typedef uint32_t MemTxResult;
|
|
|
|
#endif
|