[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission fr
|
From: |
Edgar E. Iglesias |
|
Subject: |
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument |
|
Date: |
Tue, 24 Aug 2021 11:25:49 +0200 |
On Mon, Aug 23, 2021 at 08:10:50PM +0100, Peter Maydell wrote:
> On Mon, 23 Aug 2021 at 17:42, Philippe Mathieu-Daudé <philmd@redhat.com>
> wrote:
> >
> > This series aim to kill a recent class of bug, the infamous
> > "DMA reentrancy" issues found by Alexander while fuzzing.
> >
> > Introduce the 'bus_perm' field in MemTxAttrs, defining 3 bits:
> >
> > - MEMTXPERM_UNSPECIFIED (current default, unchanged behavior)
> > - MEMTXPERM_UNRESTRICTED (allow list approach)
> > - MEMTXPERM_RAM_DEVICE (example of deny list approach)
> >
> > If a transaction permission is not allowed (for example access
> > to non-RAM device), we return the specific MEMTX_BUS_ERROR.
> >
> > Permissions are checked in after the flatview is resolved, and
> > before the access is done, in a new function: flatview_access_allowed().
>
> So I'm not going to say 'no' to this, because we have a real
> recursive-device-handling problem and I don't have a better
> idea to hand, but the thing about this is that we end up with
> behaviour which is not what the real hardware does. I'm not
> aware of any DMA device which has this kind of "can only DMA
> to/from RAM, and aborts on access to a device" behaviour...
>
Yes, I agree.
Having said that, There are DMA devices that do indicate to the
interconnect and peripherals if they are targeting "normal" memory
or device (together with cacheability, buffering and ordering
attributes). Accessing registers of a device with "normal" memory
and cache attributes is not a good idea and may lead to all kinds
of weirdness on real HW.
IMO, it would be better to model something like those attributes
rather than permissions. And it's probably a good idea to not
call it MEMTXPERM_RAM_DEVICE since in the AMBA documentation
it's Normal Memory vs Device (calling it RAM_DEVICE is confusing
to me at least).
Adding a "memory" attribute to MemTxAttrs may be enough?
If it's set, the access would only target memories. If targeting a device
it could perhaps be logged and dropped rather than aborted?
If not set (the default), accesses would target anything...
Cheers,
Edgar
- Re: [RFC PATCH v2 4/5] softmmu/physmem: Introduce flatview_access_allowed() to check bus perms, (continued)
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Maydell, 2021/08/23
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument,
Edgar E. Iglesias <=
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Xu, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Maydell, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Gerd Hoffmann, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Li Qiang, 2021/08/24
- Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Peter Xu, 2021/08/24
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Stefan Hajnoczi, 2021/08/24
Re: [RFC PATCH v2 0/5] physmem: Have flaview API check bus permission from MemTxAttrs argument, Stefan Hajnoczi, 2021/08/24