From nobody Mon Feb 9 07:56:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=philmd@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1599131393; cv=none; d=zohomail.com; s=zohoarc; b=IDX8g08npEigLTtZ7acEL2ajfM1RGUiFYoS7t346zoRC8fZ+y23UQdzXH+nuKVvUZ+bJ6gNFudHKoyBTmOhdH/SZEXk10Viu154LIH1QsD5s8ghTxjl8nI9IrEVH/WqZSDHgNkSKFxjWl3JAvthKnr/J1FNvVj0tQFFa5dd8ysI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599131393; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=9GnpNx8hKziNiqdzN01AImO2FtSdDZqIBcQzFpkVYA0=; b=mC2OfJNNpuuxRD5EWhVAwDKaBQFXQl2ckK24PF/EoEDOH1TZdrKtYSXIUvxKoQ1J+0TEYaMRURy6NXLfUTRAGiE6jZYAwB4EyZyhuH8MpFkKZair6FNt3rc1UTUY8womkSKYX/ilIWUcUR2KKgMJi92LK8wTiJAvClA8CYtp0NY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1599131393254231.41246106876213; Thu, 3 Sep 2020 04:09:53 -0700 (PDT) Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-578-Wp2p8UbFO3WCIdTZmC4vZg-1; Thu, 03 Sep 2020 07:09:51 -0400 Received: by mail-wm1-f69.google.com with SMTP id x6so844026wmb.6 for ; Thu, 03 Sep 2020 04:09:51 -0700 (PDT) Return-Path: Return-Path: Received: from localhost.localdomain (50.red-83-52-54.dynamicip.rima-tde.net. [83.52.54.50]) by smtp.gmail.com with ESMTPSA id q3sm3709070wmq.12.2020.09.03.04.09.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Sep 2020 04:09:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599131392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9GnpNx8hKziNiqdzN01AImO2FtSdDZqIBcQzFpkVYA0=; b=TNDxlO23SAmoDT630w6aRuh6TlsXR98/5QJ3P+aKnR9lhpeN5EoG8l0mG3Pq4wgyUhfnR3 50eWbqWOnOmRz1+Z/K71NwlaBw09aen6LO5iIYC1AEoqOeEx9NHf9KrA7QolMY3CMCbpSa sxFrMA95FE5lq+KuYN09texMvOwz8xQ= X-MC-Unique: Wp2p8UbFO3WCIdTZmC4vZg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9GnpNx8hKziNiqdzN01AImO2FtSdDZqIBcQzFpkVYA0=; b=gojWH40dw0SNjTDhGzTAYBnGFnt4J2dYi25l7ZrA97gARqaFmqNz1s6mp1S47wlXa1 INVif/NqHVIFWNempYqOq7s2z2MO44x4LTTu+Y1hIlJ6rydfy8qRbdGcPuHGXExEymWR iroQpnN9jAIANGu8Jqozwqn+o3YUyoMXVMNsuMWbOghdBMb+VksZMPXBIGF2K7A3fF/S 3Zpbiv3b10UaIXOlnisETZhk4rSZXmk0uEu2aO0KIxIqHa2zX24YXr3F7HridM6i9tUP eyYPB8rfG4GVswFIKLRIPOMDZnkAmN44kZKlVoe/ZPtUpwGWxpKiwsUxN+Q9McvEFzid 5GOQ== X-Gm-Message-State: AOAM533ZEcbsuqJiGWS6LXOWI+k23JlvtzLlZCsONZumXgWwAmvVEgAC KxeQ7/H96dFIPMnFwOqeJcKIk9+ZDDsm8B9SJYFDTJj9BL7BT11GXbg+OHT1HgftnkPJ2kBgJMN 7r7MDIeT8W5/qWQ== X-Received: by 2002:a1c:f003:: with SMTP id a3mr1951201wmb.170.1599131388976; Thu, 03 Sep 2020 04:09:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMrJssg5m9tGdHjZnb9WOYc9LGcKTl/RYUTl+cJMTDL99r9rkDu5mWJzLx75Laz0g6Ll7jVQ== X-Received: by 2002:a1c:f003:: with SMTP id a3mr1951153wmb.170.1599131388703; Thu, 03 Sep 2020 04:09:48 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: John Snow , Gerd Hoffmann , Li Qiang , "Michael S. Tsirkin" , "Edgar E. Iglesias" , Eduardo Habkost , Richard Henderson , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jan Kiszka , Emanuele Giuseppe Esposito , Eric Auger , Peter Chubb , Beniamino Galvani , Robert Foley , Paolo Bonzini , "Emilio G . Cota" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jason Wang , Andrew Baumann , Laszlo Ersek , Klaus Jensen , Stefan Hajnoczi , Tony Nguyen , Peter Xu , qemu-arm@nongnu.org, Prasad J Pandit , qemu-block@nongnu.org, Alistair Francis , Andrew Jeffery , Alexander Bulekov , Marcel Apfelbaum , "Edgar E . Iglesias" , Joel Stanley , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Peter Maydell , qemu-ppc@nongnu.org, Mark Cave-Ayland , David Gibson , Richard Henderson Subject: [RFC PATCH 12/12] dma: Assert when device writes to indirect memory (such MMIO regions) Date: Thu, 3 Sep 2020 13:08:31 +0200 Message-Id: <20200903110831.353476-13-philmd@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200903110831.353476-1-philmd@redhat.com> References: <20200903110831.353476-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8"; text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Assert DMA accesses are done on direct memory (in particular to catch invalid accesses to MMIO regions). Example with the reproducer from LP#1886362 (see previous commit): qemu-system-i386: include/sysemu/dma.h:111: int dma_memory_rw(AddressSpac= e *, dma_addr_t, void *, dma_addr_t, DMADirection, MemTxAttrs): Assertion `= dir =3D=3D DMA_DIRECTION_TO_DEVICE || attrs.direct_access' failed. (gdb) bt #0 0x00007ffff51d69e5 in raise () at /lib64/libc.so.6 #1 0x00007ffff51bf895 in abort () at /lib64/libc.so.6 #2 0x00007ffff51bf769 in _nl_load_domain.cold () at /lib64/libc.so.6 #3 0x00007ffff51cee76 in annobin_assert.c_end () at /lib64/libc.so.6 #4 0x0000555557b48a94 in dma_memory_rw (as=3D0x7fffddd3ca28, addr=3D4064= , buf=3D0x7fffffff7780, len=3D16, dir=3DDMA_DIRECTION_FROM_DEVICE, attrs=3D= ...) at /home/phil/source/qemu/include/sysemu/dma.h:111 #5 0x0000555557b487e0 in pci_dma_rw (dev=3D0x7fffddd3c800, addr=3D4064, = buf=3D0x7fffffff7780, len=3D16, dir=3DDMA_DIRECTION_FROM_DEVICE) at /home/p= hil/source/qemu/include/hw/pci/pci.h:791 #6 0x0000555557b47373 in pci_dma_write (dev=3D0x7fffddd3c800, addr=3D406= 4, buf=3D0x7fffffff7780, len=3D16) at /home/phil/source/qemu/include/hw/pci= /pci.h:804 #7 0x0000555557b340b4 in e1000e_write_packet_to_guest (core=3D0x7fffddd3= f4e0, pkt=3D0x61100006c740, rxr=3D0x7fffffff7cf0, rss_info=3D0x7fffffff7d10= ) at hw/net/e1000e_core.c:1609 #8 0x0000555557b30739 in e1000e_receive_iov (core=3D0x7fffddd3f4e0, iov= =3D0x619000060e80, iovcnt=3D4) at hw/net/e1000e_core.c:1709 #9 0x00005555576e2069 in e1000e_nc_receive_iov (nc=3D0x61400000a060, iov= =3D0x619000060e80, iovcnt=3D4) at hw/net/e1000e.c:213 #10 0x00005555572a3c34 in net_tx_pkt_sendv (pkt=3D0x631000028800, nc=3D0x= 61400000a060, iov=3D0x619000060e80, iov_cnt=3D4) at hw/net/net_tx_pkt.c:556 #11 0x00005555572a23e2 in net_tx_pkt_send (pkt=3D0x631000028800, nc=3D0x6= 1400000a060) at hw/net/net_tx_pkt.c:633 #12 0x00005555572a4c67 in net_tx_pkt_send_loopback (pkt=3D0x631000028800,= nc=3D0x61400000a060) at hw/net/net_tx_pkt.c:646 #13 0x0000555557b70b05 in e1000e_tx_pkt_send (core=3D0x7fffddd3f4e0, tx= =3D0x7fffddd5f748, queue_index=3D0) at hw/net/e1000e_core.c:664 #14 0x0000555557b6eab8 in e1000e_process_tx_desc (core=3D0x7fffddd3f4e0, = tx=3D0x7fffddd5f748, dp=3D0x7fffffff8680, queue_index=3D0) at hw/net/e1000e= _core.c:743 #15 0x0000555557b6d65d in e1000e_start_xmit (core=3D0x7fffddd3f4e0, txr= =3D0x7fffffff88a0) at hw/net/e1000e_core.c:934 #16 0x0000555557b5ea38 in e1000e_set_tctl (core=3D0x7fffddd3f4e0, index= =3D256, val=3D255) at hw/net/e1000e_core.c:2431 #17 0x0000555557b369ef in e1000e_core_write (core=3D0x7fffddd3f4e0, addr= =3D1027, val=3D255, size=3D4) at hw/net/e1000e_core.c:3265 #18 0x00005555576de3be in e1000e_mmio_write (opaque=3D0x7fffddd3c800, add= r=3D1027, val=3D255, size=3D4) at hw/net/e1000e.c:109 #19 0x0000555558e6b789 in memory_region_write_accessor (mr=3D0x7fffddd3f1= 10, addr=3D1027, value=3D0x7fffffff8eb0, size=3D4, shift=3D0, mask=3D429496= 7295, attrs=3D...) at softmmu/memory.c:483 #20 0x0000555558e6b05b in access_with_adjusted_size (addr=3D1027, value= =3D0x7fffffff8eb0, size=3D1, access_size_min=3D4, access_size_max=3D4, acce= ss_fn=3D 0x555558e6b120 , mr=3D0x7fffddd3f110= , attrs=3D...) at softmmu/memory.c:544 #21 0x0000555558e69776 in memory_region_dispatch_write (mr=3D0x7fffddd3f1= 10, addr=3D1027, data=3D255, op=3DMO_8, attrs=3D...) at softmmu/memory.c:14= 65 #22 0x0000555558f60462 in flatview_write_continue (fv=3D0x60600003f9e0, a= ddr=3D3775005699, attrs=3D..., ptr=3D0x6020000e3710, len=3D1, addr1=3D1027,= l=3D1, mr=3D0x7fffddd3f110) at exec.c:3176 #23 0x0000555558f4e38b in flatview_write (fv=3D0x60600003f9e0, addr=3D377= 5005699, attrs=3D..., buf=3D0x6020000e3710, len=3D1) at exec.c:3220 #24 0x0000555558f4dd4f in address_space_write (as=3D0x60800000baa0, addr= =3D3775005699, attrs=3D..., buf=3D0x6020000e3710, len=3D1) at exec.c:3315 #25 0x000055555916b3e0 in qtest_process_command (chr=3D0x55555c03f300 , words=3D0x604000058150) at softmmu/qtest.c:567 #26 0x000055555915f7f2 in qtest_process_inbuf (chr=3D0x55555c03f300 , inbuf=3D0x6190000200e0) at softmmu/qtest.c:710 Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- include/sysemu/dma.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h index 8a7dbf0b0f3..a4ba9438a56 100644 --- a/include/sysemu/dma.h +++ b/include/sysemu/dma.h @@ -108,6 +108,8 @@ static inline int dma_memory_rw(AddressSpace *as, dma_a= ddr_t addr, void *buf, dma_addr_t len, DMADirection dir, MemTxAttrs attrs) { + assert(dir =3D=3D DMA_DIRECTION_TO_DEVICE || attrs.direct_access); + dma_barrier(as, dir); =20 return dma_memory_rw_relaxed(as, addr, buf, len, dir, attrs); --=20 2.26.2