[v7] memory: prevent dma-reentracy issues

[PATCH v7 6/6] lsi53c895a: disable reentrancy detection for script RAM

Alexander Bulekov posted 6 patches 2 years, 6 months ago

Diff against v2 v3 v4 v4 v4 v5 v5 v6 v8 v9 v10
Download mbox

Maintainers: Stefano Stabellini <sstabellini@kernel.org>, Anthony Perard <anthony.perard@citrix.com>, Paul Durrant <paul@xen.org>, Stefan Hajnoczi <stefanha@redhat.com>, Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>, Laurent Vivier <lvivier@redhat.com>, Amit Shah <amit@kernel.org>, "Michael S. Tsirkin" <mst@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>, John Snow <jsnow@redhat.com>, Peter Maydell <peter.maydell@linaro.org>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, Jason Wang <jasowang@redhat.com>, Keith Busch <kbusch@kernel.org>, Klaus Jensen <its@irrelevant.dk>, Fam Zheng <fam@euphon.net>, Dmitry Fleytman <dmitry.fleytman@gmail.com>, David Hildenbrand <david@redhat.com>, "Gonglei (Arei)" <arei.gonglei@huawei.com>, Peter Xu <peterx@redhat.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, "Daniel P. Berrangé" <berrange@redhat.com>, Eduardo Habkost <eduardo@habkost.net>

There is a newer version of this series

Expand all Fold all

[PATCH v7 6/6] lsi53c895a: disable reentrancy detection for script RAM

Posted by Alexander Bulekov 2 years, 6 months ago

As the code is designed to use the memory APIs to access the script ram,
disable reentrancy checks for the pseudo-RAM ram_io MemoryRegion.

In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.

Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---
 hw/scsi/lsi53c895a.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index af93557a9a..db27872963 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -2302,6 +2302,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
     memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
                           "lsi-io", 256);
 
+    /*
+     * Since we use the address-space API to interact with ram_io, disable the
+     * re-entrancy guard.
+     */
+    s->ram_io.disable_reentrancy_guard = true;
+
     address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
     qdev_init_gpio_out(d, &s->ext_irq, 1);
 
-- 
2.39.0

Re: [PATCH v7 6/6] lsi53c895a: disable reentrancy detection for script RAM

Posted by Michael Tokarev 2 years, 5 months ago

13.03.2023 11:24, Alexander Bulekov пишет:
> As the code is designed to use the memory APIs to access the script ram,
> disable reentrancy checks for the pseudo-RAM ram_io MemoryRegion.
> 
> In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.

Ping?  Maybe it's worth to re-send this one, after it got 2 R-by's.

Does it close CVE-2023-0330 ?

Thanks,

/mjt

Re: [PATCH v7 6/6] lsi53c895a: disable reentrancy detection for script RAM

Posted by Darren Kenny 2 years, 6 months ago

On Monday, 2023-03-13 at 04:24:17 -04, Alexander Bulekov wrote:
> As the code is designed to use the memory APIs to access the script ram,
> disable reentrancy checks for the pseudo-RAM ram_io MemoryRegion.
>
> In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.
>
> Reported-by: Fiona Ebner <f.ebner@proxmox.com>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

> ---
>  hw/scsi/lsi53c895a.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index af93557a9a..db27872963 100644
> --- a/hw/scsi/lsi53c895a.c
> +++ b/hw/scsi/lsi53c895a.c
> @@ -2302,6 +2302,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
>      memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
>                            "lsi-io", 256);
>  
> +    /*
> +     * Since we use the address-space API to interact with ram_io, disable the
> +     * re-entrancy guard.
> +     */
> +    s->ram_io.disable_reentrancy_guard = true;
> +
>      address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
>      qdev_init_gpio_out(d, &s->ext_irq, 1);
>  
> -- 
> 2.39.0

Re: [PATCH v7 6/6] lsi53c895a: disable reentrancy detection for script RAM

Posted by Thomas Huth 2 years, 6 months ago

On 13/03/2023 09.24, Alexander Bulekov wrote:
> As the code is designed to use the memory APIs to access the script ram,
> disable reentrancy checks for the pseudo-RAM ram_io MemoryRegion.
> 
> In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.
> 
> Reported-by: Fiona Ebner <f.ebner@proxmox.com>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
>   hw/scsi/lsi53c895a.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index af93557a9a..db27872963 100644
> --- a/hw/scsi/lsi53c895a.c
> +++ b/hw/scsi/lsi53c895a.c
> @@ -2302,6 +2302,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
>       memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
>                             "lsi-io", 256);
>   
> +    /*
> +     * Since we use the address-space API to interact with ram_io, disable the
> +     * re-entrancy guard.
> +     */
> +    s->ram_io.disable_reentrancy_guard = true;
> +
>       address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
>       qdev_init_gpio_out(d, &s->ext_irq, 1);
>   

Reviewed-by: Thomas Huth <thuth@redhat.com>

[PATCH v7 1/6] memory: prevent dma-reentracy issues
[PATCH v7 2/6] async: Add an optional reentrancy guard to the BH API
[PATCH v7 3/6] checkpatch: add qemu_bh_new/aio_bh_new checks
[PATCH v7 4/6] hw: replace most qemu_bh_new calls with qemu_bh_new_guarded
[PATCH v7 5/6] memory: Allow disabling re-entrancy checking per-MR
[PATCH v7 6/6] lsi53c895a: disable reentrancy detection for script RAM