All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Jason Wang" <jasowang@redhat.com>,
	"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
	"Peter Xu" <peterx@redhat.com>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Edgar E. Iglesias" <edgar.iglesias@gmail.com>,
	"Eduardo Habkost" <ehabkost@redhat.com>,
	"Edgar E . Iglesias" <edgar.iglesias@xilinx.com>,
	qemu-block@nongnu.org, "Li Qiang" <liq3ea@163.com>,
	"Emilio G . Cota" <cota@braap.org>,
	"Peter Chubb" <peter.chubb@nicta.com.au>,
	"Joel Stanley" <joel@jms.id.au>,
	"Richard Henderson" <rth@twiddle.net>,
	"Laszlo Ersek" <lersek@redhat.com>,
	"Robert Foley" <robert.foley@linaro.org>,
	"Alistair Francis" <alistair@alistair23.me>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Beniamino Galvani" <b.galvani@gmail.com>,
	"Eric Auger" <eric.auger@redhat.com>,
	qemu-arm@nongnu.org, "Jan Kiszka" <jan.kiszka@web.de>,
	"Cédric Le Goater" <clg@kaod.org>,
	"Stefan Hajnoczi" <stefanha@redhat.com>,
	"John Snow" <jsnow@redhat.com>,
	"David Gibson" <david@gibson.dropbear.id.au>,
	"Tony Nguyen" <tony.nguyen@bt.com>,
	"Prasad J Pandit" <pjp@fedoraproject.org>,
	"Alexander Bulekov" <alxndr@bu.edu>,
	"Andrew Jeffery" <andrew@aj.id.au>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>,
	"Emanuele Giuseppe Esposito" <e.emanuelegiuseppe@gmail.com>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"Andrew Baumann" <Andrew.Baumann@microsoft.com>,
	qemu-ppc@nongnu.org, "Klaus Jensen" <k.jensen@samsung.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>
Subject: [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions
Date: Thu,  3 Sep 2020 13:08:19 +0200	[thread overview]
Message-ID: <20200903110831.353476-1-philmd@redhat.com> (raw)

Hi,

I'm not suppose to work on this but I couldn't sleep so kept
wondering about this problem the whole night and eventually
woke up to write this quickly, so comments are scarce, sorry.

The first part is obvious anyway, simply pass MemTxAttrs argument.

The main patch is:
"exec/memattrs: Introduce MemTxAttrs::direct_access field".
This way we can restrict accesses to ROM/RAM by setting the
'direct_access' field. Illegal accesses return MEMTX_BUS_ERROR.

Next patch restrict PCI DMA accesses by setting the direct_access
field.

Finally we add an assertion for any DMA write access to indirect
memory to kill a class of bug recently found by Alexander while
fuzzing.

Regards,

Phil.

Klaus Jensen (1):
  pci: pass along the return value of dma_memory_rw

Philippe Mathieu-Daudé (11):
  dma: Let dma_memory_valid() take MemTxAttrs argument
  dma: Let dma_memory_set() take MemTxAttrs argument
  dma: Let dma_memory_rw_relaxed() take MemTxAttrs argument
  dma: Let dma_memory_rw() take MemTxAttrs argument
  dma: Let dma_memory_read/write() take MemTxAttrs argument
  dma: Let dma_memory_map() take MemTxAttrs argument
  docs/devel/loads-stores: Add regexp for DMA functions
  dma: Let load/store DMA functions take MemTxAttrs argument
  exec/memattrs: Introduce MemTxAttrs::direct_access field
  hw/pci: Only allow PCI slave devices to write to direct memory
  dma: Assert when device writes to indirect memory (such MMIO regions)

 docs/devel/loads-stores.rst   |  2 ++
 include/exec/memattrs.h       |  3 ++
 include/hw/pci/pci.h          | 21 ++++++++++---
 include/hw/ppc/spapr_vio.h    | 26 +++++++++------
 include/sysemu/dma.h          | 59 +++++++++++++++++++++--------------
 dma-helpers.c                 | 12 ++++---
 exec.c                        |  8 +++++
 hw/arm/musicpal.c             | 13 ++++----
 hw/arm/smmu-common.c          |  3 +-
 hw/arm/smmuv3.c               | 14 ++++++---
 hw/core/generic-loader.c      |  3 +-
 hw/display/virtio-gpu.c       |  8 +++--
 hw/dma/pl330.c                | 12 ++++---
 hw/dma/sparc32_dma.c          | 16 ++++++----
 hw/dma/xlnx-zynq-devcfg.c     |  6 ++--
 hw/dma/xlnx_dpdma.c           | 10 +++---
 hw/hyperv/vmbus.c             |  8 +++--
 hw/i386/amd_iommu.c           | 16 +++++-----
 hw/i386/intel_iommu.c         | 28 ++++++++++-------
 hw/ide/ahci.c                 |  9 ++++--
 hw/ide/macio.c                |  2 +-
 hw/intc/pnv_xive.c            |  7 +++--
 hw/intc/spapr_xive.c          |  3 +-
 hw/intc/xive.c                |  7 +++--
 hw/misc/bcm2835_property.c    |  3 +-
 hw/misc/macio/mac_dbdma.c     | 10 +++---
 hw/net/allwinner-sun8i-emac.c | 21 ++++++++-----
 hw/net/ftgmac100.c            | 25 +++++++++------
 hw/net/imx_fec.c              | 32 ++++++++++++-------
 hw/nvram/fw_cfg.c             | 16 ++++++----
 hw/pci-host/pnv_phb3.c        |  5 +--
 hw/pci-host/pnv_phb3_msi.c    |  9 ++++--
 hw/pci-host/pnv_phb4.c        |  7 +++--
 hw/sd/allwinner-sdhost.c      | 14 +++++----
 hw/sd/sdhci.c                 | 35 +++++++++++++--------
 hw/usb/hcd-dwc2.c             |  8 ++---
 hw/usb/hcd-ehci.c             |  6 ++--
 hw/usb/hcd-ohci.c             | 28 ++++++++++-------
 hw/usb/libhw.c                |  3 +-
 hw/virtio/virtio.c            |  6 ++--
 trace-events                  |  1 +
 41 files changed, 334 insertions(+), 191 deletions(-)

-- 
2.26.2



             reply	other threads:[~2020-09-03 11:09 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-03 11:08 Philippe Mathieu-Daudé [this message]
2020-09-03 11:08 ` [PATCH 01/12] pci: pass along the return value of dma_memory_rw Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 02/12] dma: Let dma_memory_valid() take MemTxAttrs argument Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 03/12] dma: Let dma_memory_set() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 04/12] dma: Let dma_memory_rw_relaxed() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 05/12] dma: Let dma_memory_rw() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 06/12] dma: Let dma_memory_read/write() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 07/12] dma: Let dma_memory_map() " Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 08/12] docs/devel/loads-stores: Add regexp for DMA functions Philippe Mathieu-Daudé
2020-09-03 11:08 ` [PATCH 09/12] dma: Let load/store DMA functions take MemTxAttrs argument Philippe Mathieu-Daudé
2020-09-03 11:08 ` [RFC PATCH 10/12] exec/memattrs: Introduce MemTxAttrs::direct_access field Philippe Mathieu-Daudé
2020-09-03 11:08 ` [RFC PATCH 11/12] hw/pci: Only allow PCI slave devices to write to direct memory Philippe Mathieu-Daudé
2020-09-03 12:26   ` Paolo Bonzini
2020-09-03 13:18     ` Philippe Mathieu-Daudé
2020-09-03 21:43       ` Paolo Bonzini
2020-09-03 11:08 ` [RFC PATCH 12/12] dma: Assert when device writes to indirect memory (such MMIO regions) Philippe Mathieu-Daudé
2020-09-03 13:51   ` Edgar E. Iglesias
2020-09-03 13:37 ` [RFC PATCH 00/12] hw: Forbid DMA write accesses to MMIO regions Laszlo Ersek
2020-09-03 13:58   ` Peter Maydell
2020-09-03 14:24     ` Edgar E. Iglesias
2020-09-03 15:46       ` Paolo Bonzini
2020-09-03 15:50         ` Edgar E. Iglesias
2020-09-03 17:53           ` Paolo Bonzini
2020-09-03 19:46             ` Edgar E. Iglesias
2020-09-04  2:50               ` Jason Wang
2020-09-05  2:27 ` Li Qiang
2020-09-08 14:37 ` Stefan Hajnoczi
2020-09-09 13:23   ` Peter Maydell
2020-09-09 13:41     ` Stefan Hajnoczi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200903110831.353476-1-philmd@redhat.com \
    --to=philmd@redhat.com \
    --cc=Andrew.Baumann@microsoft.com \
    --cc=alistair@alistair23.me \
    --cc=alxndr@bu.edu \
    --cc=andrew@aj.id.au \
    --cc=b.galvani@gmail.com \
    --cc=clg@kaod.org \
    --cc=cota@braap.org \
    --cc=david@gibson.dropbear.id.au \
    --cc=e.emanuelegiuseppe@gmail.com \
    --cc=edgar.iglesias@gmail.com \
    --cc=edgar.iglesias@xilinx.com \
    --cc=ehabkost@redhat.com \
    --cc=eric.auger@redhat.com \
    --cc=f4bug@amsat.org \
    --cc=jan.kiszka@web.de \
    --cc=jasowang@redhat.com \
    --cc=joel@jms.id.au \
    --cc=jsnow@redhat.com \
    --cc=k.jensen@samsung.com \
    --cc=kraxel@redhat.com \
    --cc=lersek@redhat.com \
    --cc=liq3ea@163.com \
    --cc=mark.cave-ayland@ilande.co.uk \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.chubb@nicta.com.au \
    --cc=peter.maydell@linaro.org \
    --cc=peterx@redhat.com \
    --cc=pjp@fedoraproject.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=robert.foley@linaro.org \
    --cc=rth@twiddle.net \
    --cc=stefanha@redhat.com \
    --cc=tony.nguyen@bt.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.