[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC 0/4] Add a 'in_mmio' device flag to avoid the DMA to MMIO
From: |
Li Qiang |
Subject: |
Re: [RFC 0/4] Add a 'in_mmio' device flag to avoid the DMA to MMIO |
Date: |
Mon, 21 Sep 2020 12:39:39 +0800 |
Paolo Bonzini <pbonzini@redhat.com> 于2020年9月20日周日 下午3:56写道:
>
> On 08/09/20 18:41, Li Qiang wrote:
> > Currently the qemu device fuzzer find some DMA to MMIO issue. If the
> > device handling MMIO currently trigger a DMA which the address is MMIO,
> > this will reenter the device MMIO handler. As some of the device doesn't
> > consider this it will sometimes crash the qemu.
> >
> > This patch tries to solve this by adding a per-device flag 'in_mmio'.
> > When the memory core dispatch MMIO it will check/set this flag and when
> > it leaves it will clean this flag.
> >
> >
> > Li Qiang (4):
> > memory: add memory_region_init_io_with_dev interface
> > memory: avoid reenter the device's MMIO handler while processing MMIO
> > e1000e: use the new memory_region_init_io_with_dev interface
> > hcd-xhci: use the new memory_region_init_io_with_dev interface
> >
> > hw/net/e1000e.c | 8 ++++----
> > hw/usb/hcd-xhci.c | 25 ++++++++++++++---------
> > include/exec/memory.h | 9 +++++++++
> > include/hw/qdev-core.h | 1 +
> > softmmu/memory.c | 46 +++++++++++++++++++++++++++++++++++++++---
> > 5 files changed, 72 insertions(+), 17 deletions(-)
> >
>
> I don't think this is a good solution. These are device bugs and they
> need to be fixed.
I agree with this the device should finally handle their cases. But we
can do something in a pattern if the device hasn't
do that.
I have posted a patchset:
-->https://lists.gnu.org/archive/html/qemu-devel/2020-09/msg00906.html
This is add flags in the Device State. And check/record the flag when
doing reentrancy code.
Once the device has fixed the reentrancy issue, they can remove this flag.
Thanks,
Li QIang
>
> Paolo
>
- Re: [RFC 1/4] memory: add memory_region_init_io_with_dev interface, (continued)
Re: [RFC 1/4] memory: add memory_region_init_io_with_dev interface, Paolo Bonzini, 2020/09/20
[RFC 2/4] memory: avoid reenter the device's MMIO handler while processing MMIO, Li Qiang, 2020/09/08
[RFC 4/4] hcd-xhci: use the new memory_region_init_io_with_dev interface, Li Qiang, 2020/09/08
Re: [RFC 0/4] Add a 'in_mmio' device flag to avoid the DMA to MMIO, Jason Wang, 2020/09/08
Re: [RFC 0/4] Add a 'in_mmio' device flag to avoid the DMA to MMIO, Paolo Bonzini, 2020/09/20