From: Stefan Hajnoczi <stefanha@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
David Hildenbrand <david@redhat.com>,
Jason Wang <jasowang@redhat.com>, Li Qiang <liq3ea@gmail.com>,
qemu-devel@nongnu.org, Peter Xu <peterx@redhat.com>,
Qiuhao Li <Qiuhao.Li@outlook.com>,
Alexander Bulekov <alxndr@bu.edu>,
qemu-arm@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"Edgar E . Iglesias" <edgar.iglesias@gmail.com>
Subject: Re: [RFC PATCH v2 4/5] softmmu/physmem: Introduce flatview_access_allowed() to check bus perms
Date: Tue, 24 Aug 2021 14:13:54 +0100 [thread overview]
Message-ID: <YSTwkvOJj1lqXhpH@stefanha-x1.localdomain> (raw)
In-Reply-To: <20210823164157.751807-5-philmd@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 4061 bytes --]
On Mon, Aug 23, 2021 at 06:41:56PM +0200, Philippe Mathieu-Daudé wrote:
> Introduce flatview_access_allowed() to check bus permission
> before running any bus transaction. For now this is a simple
> stub.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> softmmu/physmem.c | 37 +++++++++++++++++++++++++++++++++++--
> 1 file changed, 35 insertions(+), 2 deletions(-)
>
> diff --git a/softmmu/physmem.c b/softmmu/physmem.c
> index e534dc69918..0d31a2f4199 100644
> --- a/softmmu/physmem.c
> +++ b/softmmu/physmem.c
> @@ -2754,6 +2754,27 @@ static bool prepare_mmio_access(MemoryRegion *mr)
> return release_lock;
> }
>
> +/**
> + * flatview_access_allowed
> + * @mr: #MemoryRegion to be accessed
> + * @attrs: memory transaction attributes
> + * @addr: address within that memory region
> + * @len: the number of bytes to access
> + * @result: optional pointer to a MemTxResult or NULL
> + *
> + * Check if a memory transaction is allowed. If an error occurs this
> + * method will return false to indicate denial, as well as setting
> + * @result to contain corresponding #MemTxResult.
> + *
> + * Returns: true if transaction is allowed, false if denied.
> + */
> +static inline bool flatview_access_allowed(MemoryRegion *mr, MemTxAttrs attrs,
> + hwaddr addr, hwaddr len,
> + MemTxResult *result)
> +{
> + return true;
> +}
The callers below don't benefit from the result pointer argument. The
code would be clearer if they did:
if (!flatview_access_allowed(...)) {
return MEMTX_BUS_ERROR;
}
> +
> /* Called within RCU critical section. */
> static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
> MemTxAttrs attrs,
> @@ -2768,7 +2789,9 @@ static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
> const uint8_t *buf = ptr;
>
> for (;;) {
> - if (!memory_access_is_direct(mr, true)) {
> + if (!flatview_access_allowed(mr, attrs, addr1, l, &result)) {
> + /* 'result' contains the error, keep going. */
> + } else if (!memory_access_is_direct(mr, true)) {
> release_lock |= prepare_mmio_access(mr);
> l = memory_access_size(mr, l, addr1);
> /* XXX: could force current_cpu to NULL to avoid
> @@ -2810,9 +2833,13 @@ static MemTxResult flatview_write(FlatView *fv, hwaddr addr, MemTxAttrs attrs,
> hwaddr l;
> hwaddr addr1;
> MemoryRegion *mr;
> + MemTxResult result = MEMTX_OK;
>
> l = len;
> mr = flatview_translate(fv, addr, &addr1, &l, true, attrs);
> + if (!flatview_access_allowed(mr, attrs, addr, len, &result)) {
> + return result;
> + }
> return flatview_write_continue(fv, addr, attrs, buf, len,
> addr1, l, mr);
> }
> @@ -2831,7 +2858,9 @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
>
> fuzz_dma_read_cb(addr, len, mr);
> for (;;) {
> - if (!memory_access_is_direct(mr, false)) {
> + if (!flatview_access_allowed(mr, attrs, addr1, l, &result)) {
> + /* 'result' contains the error, keep going. */
> + } else if (!memory_access_is_direct(mr, false)) {
> /* I/O case */
> release_lock |= prepare_mmio_access(mr);
> l = memory_access_size(mr, l, addr1);
> @@ -2871,9 +2900,13 @@ static MemTxResult flatview_read(FlatView *fv, hwaddr addr,
> hwaddr l;
> hwaddr addr1;
> MemoryRegion *mr;
> + MemTxResult result = MEMTX_OK;
>
> l = len;
> mr = flatview_translate(fv, addr, &addr1, &l, false, attrs);
> + if (!flatview_access_allowed(mr, attrs, addr, len, &result)) {
> + return result;
> + }
> return flatview_read_continue(fv, addr, attrs, buf, len,
> addr1, l, mr);
> }
> --
> 2.31.1
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2021-08-24 13:15 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-23 16:41 [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument Philippe Mathieu-Daudé
2021-08-23 16:41 ` [RFC PATCH v2 1/5] softmmu/physmem: Simplify flatview_write and address_space_access_valid Philippe Mathieu-Daudé
2021-08-23 18:45 ` Peter Xu
2021-08-23 18:59 ` David Hildenbrand
2021-08-24 9:03 ` Alexander Bulekov
2021-08-24 13:04 ` Stefan Hajnoczi
2021-08-23 16:41 ` [RFC PATCH v2 2/5] hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR Philippe Mathieu-Daudé
2021-08-23 18:46 ` Peter Xu
2021-08-23 19:01 ` David Hildenbrand
2021-08-23 19:07 ` Peter Maydell
2021-08-24 13:04 ` Stefan Hajnoczi
2021-08-23 16:41 ` [RFC PATCH v2 3/5] exec/memattrs: Introduce MemTxAttrs::bus_perm field Philippe Mathieu-Daudé
2021-08-23 18:41 ` Peter Xu
2021-08-23 19:04 ` David Hildenbrand
2021-12-15 17:14 ` Philippe Mathieu-Daudé
2021-08-24 13:08 ` Stefan Hajnoczi
2021-12-15 17:11 ` Philippe Mathieu-Daudé
2021-08-23 16:41 ` [RFC PATCH v2 4/5] softmmu/physmem: Introduce flatview_access_allowed() to check bus perms Philippe Mathieu-Daudé
2021-08-23 18:43 ` Peter Xu
2021-08-23 19:03 ` David Hildenbrand
2021-08-24 13:13 ` Stefan Hajnoczi [this message]
2021-08-23 16:41 ` [RFC PATCH v2 5/5] softmmu/physmem: Have flaview API check MemTxAttrs::bus_perm field Philippe Mathieu-Daudé
2021-08-23 18:45 ` Peter Xu
2021-08-23 19:10 ` David Hildenbrand
2021-08-24 13:15 ` Stefan Hajnoczi
2021-08-24 13:50 ` Philippe Mathieu-Daudé
2021-08-24 14:21 ` Peter Maydell
2021-11-18 21:04 ` Philippe Mathieu-Daudé
2021-08-23 19:10 ` [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument Peter Maydell
2021-08-23 20:50 ` Peter Xu
2021-08-23 22:26 ` Alexander Bulekov
2021-08-24 7:24 ` Philippe Mathieu-Daudé
2021-08-24 9:49 ` Peter Maydell
2021-08-24 12:01 ` Gerd Hoffmann
2021-08-24 12:12 ` Li Qiang
2021-08-24 19:34 ` Peter Xu
2021-08-24 9:25 ` Edgar E. Iglesias
2021-08-24 13:26 ` Stefan Hajnoczi
2021-08-24 8:58 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YSTwkvOJj1lqXhpH@stefanha-x1.localdomain \
--to=stefanha@redhat.com \
--cc=Qiuhao.Li@outlook.com \
--cc=alxndr@bu.edu \
--cc=david@redhat.com \
--cc=edgar.iglesias@gmail.com \
--cc=jasowang@redhat.com \
--cc=kraxel@redhat.com \
--cc=liq3ea@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.