[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission fr
|
From: |
Alexander Bulekov |
|
Subject: |
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument |
|
Date: |
Mon, 23 Aug 2021 18:26:54 -0400 |
On 210823 1650, Peter Xu wrote:
> On Mon, Aug 23, 2021 at 08:10:50PM +0100, Peter Maydell wrote:
> > On Mon, 23 Aug 2021 at 17:42, Philippe Mathieu-Daudé <philmd@redhat.com>
> > wrote:
> > >
> > > This series aim to kill a recent class of bug, the infamous
> > > "DMA reentrancy" issues found by Alexander while fuzzing.
> > >
> > > Introduce the 'bus_perm' field in MemTxAttrs, defining 3 bits:
> > >
> > > - MEMTXPERM_UNSPECIFIED (current default, unchanged behavior)
> > > - MEMTXPERM_UNRESTRICTED (allow list approach)
> > > - MEMTXPERM_RAM_DEVICE (example of deny list approach)
> > >
> > > If a transaction permission is not allowed (for example access
> > > to non-RAM device), we return the specific MEMTX_BUS_ERROR.
> > >
> > > Permissions are checked in after the flatview is resolved, and
> > > before the access is done, in a new function: flatview_access_allowed().
> >
> > So I'm not going to say 'no' to this, because we have a real
> > recursive-device-handling problem and I don't have a better
> > idea to hand, but the thing about this is that we end up with
> > behaviour which is not what the real hardware does. I'm not
> > aware of any DMA device which has this kind of "can only DMA
> > to/from RAM, and aborts on access to a device" behaviour...
>
> Sorry for not being familiar with the context - is there more info regarding
> the problem to fix? I'm looking at the links mentioned in the old series:
>
> https://lore.kernel.org/qemu-devel/20200903110831.353476-12-philmd@redhat.com/
> https://bugs.launchpad.net/qemu/+bug/1886362
> https://bugs.launchpad.net/qemu/+bug/1888606
>
> They seem all marked as fixed now.
Here are some that should still reproduce:
https://gitlab.com/qemu-project/qemu/-/issues/542
https://gitlab.com/qemu-project/qemu/-/issues/540
https://gitlab.com/qemu-project/qemu/-/issues/541
https://gitlab.com/qemu-project/qemu/-/issues/62
https://lore.kernel.org/qemu-devel/20210218140629.373646-1-ppandit@redhat.com/
(CVE-2021-20255)
There's also this one, that I don't think I ever created a bug report
for (working on it now):
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33247
-Alex
>
> Thanks,
>
> --
> Peter Xu
>
- Re: [RFC PATCH v2 4/5] softmmu/physmem: Introduce flatview_access_allowed() to check bus perms, (continued)
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Maydell, 2021/08/23
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Edgar E. Iglesias, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Xu, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Maydell, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Gerd Hoffmann, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Li Qiang, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Xu, 2021/08/24
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Stefan Hajnoczi, 2021/08/24
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Stefan Hajnoczi, 2021/08/24