[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/3] memory: Track whether a Device is engaged in IO
|
From: |
Peter Maydell |
|
Subject: |
Re: [PATCH v2 1/3] memory: Track whether a Device is engaged in IO |
|
Date: |
Mon, 30 May 2022 12:19:25 +0100 |
On Fri, 27 May 2022 at 17:19, Alexander Bulekov <alxndr@bu.edu> wrote:
>
> Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
> This flag should be set/checked prior to calling a device's MemoryRegion
> handlers, and set when device code initiates DMA. The purpose of this
> flag is to prevent DMA reentrancy issues. E.g.:
> sdhci pio -> dma write -> sdhci mmio
> nvme bh -> dma write -> nvme mmio
>
> These issues have led to problems such as stack-exhaustion and
> use-after-frees.
>
> Assumptions:
> * Devices do not interact with their own PIO/MMIO memory-regions using
> DMA.
If you're trying to protect against malicious guest-controlled
DMA operations, you can't assume that. The guest can program
a DMA controller to DMA to its own MMIO register bank if it likes.
> * There is now way for there to be multiple simultaneous accesses to a
> device's PIO/MMIO memory-regions, or for multiple threads to perform
> DMA accesses simultaneously on behalf of a single device.
This one is generally true because device code runs with
the iothread lock held.
-- PMM
Re: [PATCH v2 1/3] memory: Track whether a Device is engaged in IO, David Hildenbrand, 2022/05/30
[PATCH v2 2/3] memory: fix PIO/MMIO-initiated dma-reentracy issues, Alexander Bulekov, 2022/05/27