From patchwork Thu Apr 4 19:13:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 785823 Delivered-To: patch@linaro.org Received: by 2002:adf:f001:0:b0:33e:7753:30bd with SMTP id j1csp995099wro; Thu, 4 Apr 2024 12:14:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVY5hjcg/l4J0VpnJvZtNIzSKHPGFBjZyYezlceHT7nMuoJkWRcAb11Y0ZjZvzriWbVTojCcT9uhbmrbTYNiCNU X-Google-Smtp-Source: AGHT+IFz66rOdVATpizH/Km8amBn4t6ohFt95NcrCfQfRfUhp0zcuhgvzbrISUb8YoZCVhAYHu8b X-Received: by 2002:ac8:7d48:0:b0:432:ec80:728a with SMTP id h8-20020ac87d48000000b00432ec80728amr3657627qtb.48.1712258076563; Thu, 04 Apr 2024 12:14:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712258076; cv=none; d=google.com; s=arc-20160816; b=0pFSK6ZCquHL+GXi/rTmTQyqjGVr7kMYNzw4BOJDQz/D7uLJS2+vuUKh7S/WGk/aWd 7fKNCCVn/T3hNzZXjvrSyYgp/5r1wobviv+3ek+/fLzUIcKsCpykeRmxPnPIlyyv0ONj ZxeZ2dePz5Q87LscqL3le5FDd4wDNyGNNhPGzJ9K3V3yWH/auugt3HX93A6a4GOyhkXl GaoLqZaQQs7ZzKO1uvzc637ShVymr0S6TVi3cDWQIflRAHpbr6hDimEsscb6pPBNdYL8 d5QS48dtYEMRRh5Q2NZSzQboxml19bPC3DvxNMDI7GxhemAoURikItON/YcrEqijvLEo H+eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bvdlQf7pHfui8YenaIyIB+vGNyHogH/cKFxc4FINeZE=; fh=IgWjBQE846jA7jrnvhZ0hLzTyLYirmOOtnItXRlZ4Ow=; b=N5IUP46R98GMUzoChF9rg3YXG1ML65jqbK+WbOr6AuKXiwKZI4uEnlvFdw3sY9x9ZH FVI4DoHAD6ULQYq66Kj55rilIyhsPqzBWb7Q83tYAY1eBFk7ZTs+8A/6h2nHqfoEmL6X HqGQceTXe5/nzdsyCOhpY1nRe7HZRI9vCcIPc4XdwjXGM+2eO7hmJzrx3QPtMa2OIzp9 bUmXyHnrmPn83S4OxmazfgOY0a4LZVQt729HChUudFiQyuKc19WZ9T/7tqt8amUTTed+ eNXfSaljCOjC/Whpol/dhvrGrmfu5SLxbbrEM+I6GzVdhRBUwXBRdVMRvJh4GuGfanhj v4tg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M0cAWhJT; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id x19-20020ac85f13000000b00432d57f5307si12375906qta.346.2024.04.04.12.14.36 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 04 Apr 2024 12:14:36 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=M0cAWhJT; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsSX9-00063Z-Lm; Thu, 04 Apr 2024 15:13:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsSX8-00063Q-8z for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:13:58 -0400 Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsSX0-0005Vd-BC for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:13:56 -0400 Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-a4e60a64abcso432933266b.1 for ; Thu, 04 Apr 2024 12:13:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712258028; x=1712862828; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bvdlQf7pHfui8YenaIyIB+vGNyHogH/cKFxc4FINeZE=; b=M0cAWhJTFpiVlffZ/nFFvGuzM/ygkEABDYooHYY0Jum7VIJ9TlF/TE8e+HuM9eG3F9 8q0YjPI1iQfFOHBum8MB/H5X066Jems9A/XGoCsOj9DGWHIYKB65scHuvV32hlxzEaBH mlc3amRoFprS3XB+mxmS3Hrcv7E3gLHL7/Usw7SGg/QwAE8Z3iKRRGL+egc4quEeIEdE iqNUxPZ1TUjoQ4cziIPUd43mEhQytP2nI33z4VtgWhE+oNxCjY5L7g+C0nSEtrT4OiFB AYCL0wByeql+1kU1CuXLHgOdwqZLnVQx1+vVko5PxjduF2N7SsOzx/RYjsdQf1qsigTL uHug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712258028; x=1712862828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bvdlQf7pHfui8YenaIyIB+vGNyHogH/cKFxc4FINeZE=; b=FW5cUj4X8Qc7VuJgC9iOJCE6Jgr6CMdSs0ihk5CRg1flrj73OR/Y2eC1/3NevI0udc DiTZHJ0SAmgJSPVV83QKCJTPgQ1UGdXJ1yV24nA4bolk8pLzmKxKpxmZ7LUB04VeMuQI 0k16DssEfgeio7KDmFyV0+NM0P8iG+Dna1+/4PqCjZG/rfZVdIihtchEF0pu6Ntmzhpu gDD2TMyp3aGO4vX+YhtmTa4ZgktAva0AHEt5XMVhOGZQWVKDkr34hWFq06OKqToSGo34 6s5AhLO35fmAR+yOGWbinvW96FQq6Dc6R9zjBsnBEnvytouX24SYhu0YuziGayENQLls XMdg== X-Gm-Message-State: AOJu0YyGJ5ZKaci4zZT2H1Ah2Ks3GRy/F8KLwOy0PwdPqJO2MsJa/F3g Q57ZC/teWNGEiLocc/qxI/+9EWkFQqvJpSLP8+mTB+EtKV2rl52La+DcskQCnfOchs0AIJP5UFl P X-Received: by 2002:a17:906:ae8e:b0:a51:931a:f82c with SMTP id md14-20020a170906ae8e00b00a51931af82cmr292258ejb.32.1712258028223; Thu, 04 Apr 2024 12:13:48 -0700 (PDT) Received: from m1x-phil.lan ([176.187.216.111]) by smtp.gmail.com with ESMTPSA id bu8-20020a170907930800b00a4e451724ffsm7302786ejc.166.2024.04.04.12.13.46 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 04 Apr 2024 12:13:47 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , Amit Shah , "Michael S. Tsirkin" , Alexander Bulekov , "Gonglei (Arei)" , =?utf-8?q?Marc-Andr=C3=A9_Lurea?= =?utf-8?q?u?= , Laurent Vivier , Mauro Matteo Cascella , Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [PATCH-for-9.0 1/4] hw/virtio: Introduce virtio_bh_new_guarded() helper Date: Thu, 4 Apr 2024 21:13:36 +0200 Message-ID: <20240404191339.5688-2-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240404191339.5688-1-philmd@linaro.org> References: <20240404191339.5688-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::635; envelope-from=philmd@linaro.org; helo=mail-ej1-x635.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded() but using the transport memory guard, instead of the device one (there can only be one virtio device per virtio bus). Inspired-by: Gerd Hoffmann Signed-off-by: Philippe Mathieu-Daudé --- include/hw/virtio/virtio.h | 7 +++++++ hw/virtio/virtio.c | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index b3c74a1bca..12419d6355 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -22,6 +22,7 @@ #include "standard-headers/linux/virtio_config.h" #include "standard-headers/linux/virtio_ring.h" #include "qom/object.h" +#include "block/aio.h" /* * A guest should never accept this. It implies negotiation is broken @@ -527,4 +528,10 @@ static inline bool virtio_device_disabled(VirtIODevice *vdev) bool virtio_legacy_allowed(VirtIODevice *vdev); bool virtio_legacy_check_disabled(VirtIODevice *vdev); +QEMUBH *virtio_bh_new_guarded_full(VirtIODevice *vdev, + QEMUBHFunc *cb, void *opaque, + const char *name); +#define virtio_bh_new_guarded(vdev, cb, opaque) \ + virtio_bh_new_guarded_full((vdev), (cb), (opaque), (stringify(cb))) + #endif diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index fb6b4ccd83..e1735cf7fd 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -4176,3 +4176,13 @@ static void virtio_register_types(void) } type_init(virtio_register_types) + +QEMUBH *virtio_bh_new_guarded_full(VirtIODevice *vdev, + QEMUBHFunc *cb, void *opaque, + const char *name) +{ + BusState *virtio_bus = qdev_get_parent_bus(DEVICE(vdev)); + DeviceState *transport = virtio_bus->parent; + + return qemu_bh_new_full(cb, opaque, name, &transport->mem_reentrancy_guard); +} From patchwork Thu Apr 4 19:13:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 785825 Delivered-To: patch@linaro.org Received: by 2002:adf:f001:0:b0:33e:7753:30bd with SMTP id j1csp995109wro; Thu, 4 Apr 2024 12:14:38 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVAx/rvXO8YOPWq4dbyIsPzAOcabHcIVyGa+djGahEKP/Ej0bfuzOKEQPnnXiTx3gOPuAKttaC7yW0/E8LVxKHl X-Google-Smtp-Source: AGHT+IGhze2lifaJ8n83M7oG6QBjNrqGp3YSVeeors89tX8oIPHg7mlBVi8BwINmufTsQUU7v5jz X-Received: by 2002:a81:a54f:0:b0:611:7132:e6ba with SMTP id v15-20020a81a54f000000b006117132e6bamr3776866ywg.40.1712258077793; Thu, 04 Apr 2024 12:14:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712258077; cv=none; d=google.com; s=arc-20160816; b=A8bTFzfzSz/znkhlHn8EhNsJRkIHGbEC4WLxy1+PDo+AhmSe7x1dzq7IPF2Wf4lhid scIrGbTGMiIpR9Xl0Q0JTRXLEqjiOdztqTBpOEKP2BQwuBKv7AhZ/vLA0d4Dk/dyEzLP l3hHgYHlVhxL0A4OQq03vk6h4sAGO1YAXw/S5ZNwpZ/f0P8lzFSxE35FrJrRRKFmX8UO le96VaZ+Jmed4CNDd6jWJmwL0+paqVokofJiQuh/dC5Mh6A44gQ6wKbSlKSLmhRtFy3Y 1TJG3BEfQrF/+dcdihQnGPhbQ3p6/ssL6xR+Qa7EQmce/iygBktgdCyUdmUPEbSmDhm+ qWEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QHbMdOAODgINQwjAjZnCEp30C4hPyCgHI0kFqKRWwYo=; fh=44nHfMYRpwWBZnXpe0K4n0Y+7CdN+IawWpzYWNtaCsU=; b=MdlF60OXpfGgdUCKitQATriXjPUy0ephwRZbIA6cOUhV0Ek8efJU0zp6t6D1H5/4B1 3FCHT5ImOK5ttOGp3AnWGYMFlKsc00bMOJ3qGhhSocN0s2tPD2L/Jm+BFy0mwXKWKfmT b6kdeUmg2qQDaLQJDSP45g9fuXMjuqpUrv5jdepOhj+T04i0VVfiwx3yYBK5kkbRCQqL bwtj24bkhEbDCK9bWZpVncil+rNkCvMK2Z5HRCjvYZ8+hRO6qOx8cqIHUy+E5jGa3e+t rYyWRDSt9NGfn33pRghcSRNNdKodgDOdTpCxgkKCnK56VNXRTvICneHbEzBBsfN9zX7r QTiw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dXmbbgr5; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h17-20020ac85851000000b004314838f893si2925450qth.558.2024.04.04.12.14.37 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 04 Apr 2024 12:14:37 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dXmbbgr5; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsSXB-00064e-Jz; Thu, 04 Apr 2024 15:14:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsSX9-00063d-RI for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:13:59 -0400 Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsSX6-0005WQ-AI for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:13:59 -0400 Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-56c404da0ebso2141749a12.0 for ; Thu, 04 Apr 2024 12:13:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712258034; x=1712862834; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QHbMdOAODgINQwjAjZnCEp30C4hPyCgHI0kFqKRWwYo=; b=dXmbbgr5W7vihir7enlinS7eS9C1PQ66OYvxHHk6iFGcH3p75HHj1plYB5yQmA0Y6c RDZBk6kn8WI8Jf7nrfT68unwQuu6saFfZeRfCGI5i038ftLV+TQNo7TzOVAU1xE92nmf CP/NukNpV/m5AdGS4xluCxW+GaKQDGxa7Skg4rcNcRsi4De8PuRZshLVLMTBBGoXYiHH sA9MGGuHbQ3la34wnySpOpYvYkcWgixD4/0KqihDzeAHCdaUg8a95QabOIoZEBmnHv6l FbcrBuFNrAxl4DdGYq9m+AePuZ5mFqsNJ+4bbcAQeD9i6XvWKF+BWf4NP8JpVOV3tkyo Hzpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712258034; x=1712862834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QHbMdOAODgINQwjAjZnCEp30C4hPyCgHI0kFqKRWwYo=; b=HRB3B1jT1oXDD6PAIekFFuvY1wzVw+7Tzr5D+f+vzYl+5DKG4YFAnkYWakqJhJIS7J joJrG5Cg8bRy4P1G7uykPT6Bq+6g/FM1W1fLEJFOnxC/ZAdLHeyaUQOgPowvjdI889AO GUcWXEpM6NeMrI/uldn85ritxcJ2hL+kvAIvFBA8Lra0mxVg25oBm6QYTi6BmfzbyB25 oEpSRK7jj2/TqDOfR69i7Sx/wGbgVk+q5GCplftM68rtXCe1f8Xrtoj5qp9tKZJlcD57 2R8zf/viiLTOe5OPs2e8zjow1w9TvjcCwoW5WeXIIZ+8JMXxMaer1rCeOgP9LQQsDU2H EKdw== X-Gm-Message-State: AOJu0YzX8ypsNoMDj9nyIl8vwos5v+rXpN6SsgsUGJDeH/92VzLvAj13 6Z5iVq+j9jmGP+Tz17qBKc8SRcMNaY5K6pP/dfXmxF6DcXKhFKOqadtc9e3EmMkdOpnimXUriHO e X-Received: by 2002:a17:907:3d8f:b0:a51:879f:a457 with SMTP id he15-20020a1709073d8f00b00a51879fa457mr2759701ejc.5.1712258034325; Thu, 04 Apr 2024 12:13:54 -0700 (PDT) Received: from m1x-phil.lan ([176.187.216.111]) by smtp.gmail.com with ESMTPSA id s4-20020a1709062ec400b00a4a33cfe593sm9395532eji.39.2024.04.04.12.13.52 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 04 Apr 2024 12:13:53 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , Amit Shah , "Michael S. Tsirkin" , Alexander Bulekov , "Gonglei (Arei)" , =?utf-8?q?Marc-Andr=C3=A9_Lurea?= =?utf-8?q?u?= , Laurent Vivier , Mauro Matteo Cascella , Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org, Yongkang Jia , Xiao Lei , Yiming Tao Subject: [PATCH-for-9.0 2/4] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs Date: Thu, 4 Apr 2024 21:13:37 +0200 Message-ID: <20240404191339.5688-3-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240404191339.5688-1-philmd@linaro.org> References: <20240404191339.5688-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::530; envelope-from=philmd@linaro.org; helo=mail-ed1-x530.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed: $ cat << EOF | qemu-system-i386 -display none -nodefaults \ -machine q35,accel=qtest \ -m 512M \ -device virtio-gpu \ -qtest stdio outl 0xcf8 0x80000820 outl 0xcfc 0xe0004000 outl 0xcf8 0x80000804 outw 0xcfc 0x06 write 0xe0004030 0x4 0x024000e0 write 0xe0004028 0x1 0xff write 0xe0004020 0x4 0x00009300 write 0xe000401c 0x1 0x01 write 0x101 0x1 0x04 write 0x103 0x1 0x1c write 0x9301c8 0x1 0x18 write 0x105 0x1 0x1c write 0x107 0x1 0x1c write 0x109 0x1 0x1c write 0x10b 0x1 0x00 write 0x10d 0x1 0x00 write 0x10f 0x1 0x00 write 0x111 0x1 0x00 write 0x113 0x1 0x00 write 0x115 0x1 0x00 write 0x117 0x1 0x00 write 0x119 0x1 0x00 write 0x11b 0x1 0x00 write 0x11d 0x1 0x00 write 0x11f 0x1 0x00 write 0x121 0x1 0x00 write 0x123 0x1 0x00 write 0x125 0x1 0x00 write 0x127 0x1 0x00 write 0x129 0x1 0x00 write 0x12b 0x1 0x00 write 0x12d 0x1 0x00 write 0x12f 0x1 0x00 write 0x131 0x1 0x00 write 0x133 0x1 0x00 write 0x135 0x1 0x00 write 0x137 0x1 0x00 write 0x139 0x1 0x00 write 0xe0007003 0x1 0x00 EOF ... ================================================================= ==276099==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000011178 at pc 0x562cc3b736c7 bp 0x7ffed49dee60 sp 0x7ffed49dee58 READ of size 8 at 0x60d000011178 thread T0 #0 0x562cc3b736c6 in virtio_gpu_ctrl_response hw/display/virtio-gpu.c:180:42 #1 0x562cc3b7c40b in virtio_gpu_ctrl_response_nodata hw/display/virtio-gpu.c:192:5 #2 0x562cc3b7c40b in virtio_gpu_simple_process_cmd hw/display/virtio-gpu.c:1015:13 #3 0x562cc3b82873 in virtio_gpu_process_cmdq hw/display/virtio-gpu.c:1050:9 #4 0x562cc4a85514 in aio_bh_call util/async.c:169:5 #5 0x562cc4a85c52 in aio_bh_poll util/async.c:216:13 #6 0x562cc4a1a79b in aio_dispatch util/aio-posix.c:423:5 #7 0x562cc4a8a2da in aio_ctx_dispatch util/async.c:358:5 #8 0x7f36840547a8 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x547a8) #9 0x562cc4a8b753 in glib_pollfds_poll util/main-loop.c:290:9 #10 0x562cc4a8b753 in os_host_main_loop_wait util/main-loop.c:313:5 #11 0x562cc4a8b753 in main_loop_wait util/main-loop.c:592:11 #12 0x562cc3938186 in qemu_main_loop system/runstate.c:782:9 #13 0x562cc43b7af5 in qemu_default_main system/main.c:37:14 #14 0x7f3683a6c189 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #15 0x7f3683a6c244 in __libc_start_main csu/../csu/libc-start.c:381:3 #16 0x562cc2a58ac0 in _start (qemu-system-i386+0x231bac0) 0x60d000011178 is located 56 bytes inside of 136-byte region [0x60d000011140,0x60d0000111c8) freed by thread T0 here: #0 0x562cc2adb662 in __interceptor_free (qemu-system-i386+0x239e662) #1 0x562cc3b86b21 in virtio_gpu_reset hw/display/virtio-gpu.c:1524:9 #2 0x562cc416e20e in virtio_reset hw/virtio/virtio.c:2145:9 #3 0x562cc37c5644 in virtio_pci_reset hw/virtio/virtio-pci.c:2249:5 #4 0x562cc4233758 in memory_region_write_accessor system/memory.c:497:5 #5 0x562cc4232eea in access_with_adjusted_size system/memory.c:573:18 previously allocated by thread T0 here: #0 0x562cc2adb90e in malloc (qemu-system-i386+0x239e90e) #1 0x7f368405a678 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5a678) #2 0x562cc4163ffc in virtqueue_split_pop hw/virtio/virtio.c:1612:12 #3 0x562cc4163ffc in virtqueue_pop hw/virtio/virtio.c:1783:16 #4 0x562cc3b91a95 in virtio_gpu_handle_ctrl hw/display/virtio-gpu.c:1112:15 #5 0x562cc4a85514 in aio_bh_call util/async.c:169:5 #6 0x562cc4a85c52 in aio_bh_poll util/async.c:216:13 #7 0x562cc4a1a79b in aio_dispatch util/aio-posix.c:423:5 SUMMARY: AddressSanitizer: heap-use-after-free hw/display/virtio-gpu.c:180:42 in virtio_gpu_ctrl_response With this change, the same reproducer triggers: qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: virtio-pci-common-virtio-gpu at addr: 0x6 Cc: qemu-stable@nongnu.org Reported-by: Alexander Bulekov Reported-by: Yongkang Jia Reported-by: Xiao Lei Reported-by: Yiming Tao Buglink: https://bugs.launchpad.net/qemu/+bug/1888606 Signed-off-by: Philippe Mathieu-Daudé --- hw/display/virtio-gpu.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 78d5a4f164..3ab94a9735 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1492,10 +1492,8 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) g->ctrl_vq = virtio_get_queue(vdev, 0); g->cursor_vq = virtio_get_queue(vdev, 1); - g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g, - &qdev->mem_reentrancy_guard); - g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g, - &qdev->mem_reentrancy_guard); + g->ctrl_bh = virtio_bh_new_guarded(vdev, virtio_gpu_ctrl_bh, g); + g->cursor_bh = virtio_bh_new_guarded(vdev, virtio_gpu_cursor_bh, g); g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); qemu_cond_init(&g->reset_cond); QTAILQ_INIT(&g->reslist); From patchwork Thu Apr 4 19:13:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 785826 Delivered-To: patch@linaro.org Received: by 2002:adf:f001:0:b0:33e:7753:30bd with SMTP id j1csp995190wro; Thu, 4 Apr 2024 12:14:51 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW7O920v61842unBtSZBUPIQwGCfljyuqbFNtelWDIHUYI4SGT+578iMkvEtZPX/2sLoZp7wdMK600exIAO1e00 X-Google-Smtp-Source: AGHT+IEv9U95vflxVMAxP/S5Je7YCtSl945mSYjYHDxp4ebfuTFv1Rl3mKTRQt9WgOKl5BCS02s3 X-Received: by 2002:a05:6808:1204:b0:3c3:62c1:e4c9 with SMTP id a4-20020a056808120400b003c362c1e4c9mr3425795oil.2.1712258091000; Thu, 04 Apr 2024 12:14:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712258090; cv=none; d=google.com; s=arc-20160816; b=0K+vEssrbPiVhRApccWNM9Z4q9lZ6RSMaO+hH4Tz4VASsDeKL/KFdFGfDrmL1OjaLj vppakNuKqUg00RHfdstavnAozg+U0FnEAn861+eoLHI1z5aK3+XVvrTXmshw1ojEO17n uJ5ut2Oatm0UrVeDqHuaS1ov/lAHp+HBvHGlcIRDb7jboFyW98T9DfCzSbWAc3M3IRfv TH5uTsVTmMAYJmjucCqynJNwXmMx51Aav2ZoGN8n9dDD7nM8+oWMO8ZeB1vniPdHki+e QIN0Z0qfpCKgf9HasGHkDjD3vLhUnOHO9SGmwrtEmngeRE4qEvRNuQ8B0P6b4dQu7NXY oEbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nmbBsanBBRtDgmvGjwsi0q571XomYrt8GuyHHF5Ax64=; fh=9uSWsK+3HWzkSmIThICfK1QNuLn7pkGruVB859YNre8=; b=sEiMcg6CTKzQtjy+sUPbKDGxwOhhz6mTZhWR8DlUXuf3zPscMPo0LYqqi/wKMLipw0 e93ktUdydxcGMvwSqLWyFwoZfYLsdajtzCD7HbK7k+4N9c2IwKVWScaO0l+zOJfgD1m1 tz3Qe/34N8vlcMaJKvH8I1SR8NFNe2GjCrBsKYY+cjKYPBwdALi/FxGY5cVJmbNdQ1Pu 8KAmNIqrBz65ti/61x2qzdOoy8aRy/Tdd4iUk2afG4eFnKLEebaGOkjbDvIV52mqdPS6 Ht+tFgONKv+U1C8exx4wDT67waWy6MHuYqzAx/j3FrcjFXOwcAWJsr+wpnbuC3N8U0uW H/Ug==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=lwvE15QO; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id y20-20020a05622a005400b00432fd246af8si8524468qtw.234.2024.04.04.12.14.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 04 Apr 2024 12:14:50 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=lwvE15QO; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsSXF-000655-6c; Thu, 04 Apr 2024 15:14:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsSXD-00064l-Ua for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:14:03 -0400 Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsSXC-0005Yu-5m for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:14:03 -0400 Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-56e2ac1c16aso438213a12.0 for ; Thu, 04 Apr 2024 12:14:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712258040; x=1712862840; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nmbBsanBBRtDgmvGjwsi0q571XomYrt8GuyHHF5Ax64=; b=lwvE15QOJt8t4LqYJ07SG7cf/PGyJqINW/i+W2+cpxieWsDJFelgASEOCynp34R6Tb LSHPtSnZSFHgFfgiMcjXpyFlnNRAv9ipNXzBefJPz0M9/komkmWLgwaK9DXfOG2Myd5S CxQAqVO+XprMdacc4K2b9KkDmbFZHmIFIjkLasl7tOiEUnth3qIvZljt+muq3ZYdoeeo UE3r9OniJfGbdBxLTpfHmRJoGtJAoZrQ56OhHbYisE5v11tOWJFBibRM3gpAOGmAyvQ+ uHWN82lyWNEG8w8NCI/N38N/Fg2p+cvOHI4eyccnXuhb2jtZC0wEIBYl5bwn0cosnSbU PnjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712258040; x=1712862840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nmbBsanBBRtDgmvGjwsi0q571XomYrt8GuyHHF5Ax64=; b=GwfgdhSwy3D+JWW0oBvWqSQENcirf7UbnxKDODQIHBg4AsNiW+VX4H0+ueTNgjSCep Az8LnvabpUSdDRbqWFOYeEXpWkjvtNjtbXwyLojOuPJmGlRg/9trVS61YRxvsHJ2w2HO GVLxOI2MUGeH4zwQWCE7EWJKIng2jswg2dXk3ivJ21IZlrMMFbdvMjnhG5n4pPg0pTrS W/x+9CkrtoHWJPeF2GVb9M6GzWP9TF9Bs3+4mtQkoubV1NXmWk86hln+ThIZgnSu++Q9 Ist27aIUaf7wHFNQj1lLI8ncA3A+3XBytVDBlb1mvY4y7UWLtW1wDUlGO4CtQOgNT+/X 8QFQ== X-Gm-Message-State: AOJu0YzERTgaMPpD7bQuShsybg8oPGxHOr8bPwNm3/d+nK5Ysi5brCGz PQq4sKkH1iLhF1BmiVirBRlBDh+AHPRR96O9syLKR+40/a5XYwKkgRF+3a0s8OUyJMwRW9c+K2B M X-Received: by 2002:a17:906:c449:b0:a4e:2f6:ed21 with SMTP id ck9-20020a170906c44900b00a4e02f6ed21mr2183209ejb.41.1712258040484; Thu, 04 Apr 2024 12:14:00 -0700 (PDT) Received: from m1x-phil.lan ([176.187.216.111]) by smtp.gmail.com with ESMTPSA id l1-20020a1709061c4100b00a5194b5b932sm618492ejg.16.2024.04.04.12.13.58 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 04 Apr 2024 12:14:00 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , Amit Shah , "Michael S. Tsirkin" , Alexander Bulekov , "Gonglei (Arei)" , =?utf-8?q?Marc-Andr=C3=A9_Lurea?= =?utf-8?q?u?= , Laurent Vivier , Mauro Matteo Cascella , Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH-for-9.0 3/4] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs Date: Thu, 4 Apr 2024 21:13:38 +0200 Message-ID: <20240404191339.5688-4-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240404191339.5688-1-philmd@linaro.org> References: <20240404191339.5688-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::530; envelope-from=philmd@linaro.org; helo=mail-ed1-x530.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed. Cc: qemu-stable@nongnu.org Suggested-by: Alexander Bulekov Signed-off-by: Philippe Mathieu-Daudé Acked-by: Michael S. Tsirkin --- hw/char/virtio-serial-bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index 016aba6374..cd0e3a11f7 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp) return; } - port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port, - &dev->mem_reentrancy_guard); + port->bh = virtio_bh_new_guarded(vdev, flush_queued_data_bh, port); port->elem = NULL; } From patchwork Thu Apr 4 19:13:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 785827 Delivered-To: patch@linaro.org Received: by 2002:adf:f001:0:b0:33e:7753:30bd with SMTP id j1csp995197wro; Thu, 4 Apr 2024 12:14:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXLGH+bYJ7whq4FNcROnv4mRO1QcB6ieQ3tN0mXfaatTAm9f0BS/Q7LdBW5cq57LAu6xPh9C5cIjUqEnP/iZ9t7 X-Google-Smtp-Source: AGHT+IFo3X3DKJKVUX8z/0kqdYR793KrReyjdtJqI8L0vQSkTuwGRCXE+7XBV0vW0ZuY2KyTVWYQ X-Received: by 2002:a05:6122:4f06:b0:4cd:20ea:35aa with SMTP id gh6-20020a0561224f0600b004cd20ea35aamr3402325vkb.8.1712258091767; Thu, 04 Apr 2024 12:14:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712258091; cv=none; d=google.com; s=arc-20160816; b=gJ5XTwuM7tZZVVB5pkyw+NkMTvZThZY5pNf0KyaCrDyRKe46nusxzPtqMBHeQRMnh2 qr8DzA0xTPDGXasHLKyLOu4loIIrD9QYHScL2Wj4rzXk5Wf2pa8sXVQlLChQsDxE+tni 7ZVJGC5Y7kkUSGKjwN1qGbzNs/ZiwaPdUmiaadZyMbpVn2oVGAgo1nW6J2NlfjqXUxXk BNSj33yBqzPf5gGYXQ94HoY97WYfT6MU3igvSx+rLlFqHC7B4Sy/kVgO7LrRQrvqCSQM ent9mF3Ng6C8mWBL9RgW/xlQiXikCWLewl9Boas8+RbahH1lufYL9Zy3yanNDhOCwv4Y a8+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Akez/1J4Qb6iNF6NCgcGNV+l9m0ULLqhTgwyXKIYR5w=; fh=9uSWsK+3HWzkSmIThICfK1QNuLn7pkGruVB859YNre8=; b=JoPZBg0YvO+8wrOB5UbsfZEIWoHxUhqMluz6Q4f+1aBieCWq9uQFQIbXenl4ns/pyV pdagTxKRhLpQF044VNNF+DM+fBX82JGudQ7PFKBNtp7TIZp9UYXVF1f20MiSz+v0+T2O qm2DZPmxUzDt7dl4ycCkO1lzHnVSrVGt9ba9zGObkm061a1ZrjjNNRFKyzbaSSk8pUoN zj+p+IDt4mmcl8f6udvJG26pMt+j66MJ1rcU0Zf2YF/O4etzCCcA5+Ph8pMmLp3eZFmQ rgIR8lbVGmZsyctSK8+UZXHkfLvZUvEToxZna6uFYmXyyiOFN59IPT82W5dZpcEHIXc6 KLAg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=biuIz3Lb; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id l10-20020a0cc20a000000b006993dd2418csi76997qvh.371.2024.04.04.12.14.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 04 Apr 2024 12:14:51 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=biuIz3Lb; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rsSXJ-000660-Vw; Thu, 04 Apr 2024 15:14:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rsSXJ-00065q-FN for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:14:09 -0400 Received: from mail-ed1-x52b.google.com ([2a00:1450:4864:20::52b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rsSXH-0005bK-VU for qemu-devel@nongnu.org; Thu, 04 Apr 2024 15:14:09 -0400 Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-56829f41f81so1939197a12.2 for ; Thu, 04 Apr 2024 12:14:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712258046; x=1712862846; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Akez/1J4Qb6iNF6NCgcGNV+l9m0ULLqhTgwyXKIYR5w=; b=biuIz3Lb7k3OiGzK1KJnKEVvgp+6unv2z7LZBcXfRlR9x+vzOju/3IAtritJhOANW/ sMTxr9CYV2tTYf/ndxx/+FfOXxWyN0OPdXi/n7XjtV+EF2KcZ2gf4XF5dV1UKgFGOVxq JWtLIFgFhHAzTddAvDYXmreSD5q4R8A8QzPcUJLe0JwEqvePypnzoHx4ht8RE6MGcjuq kjy25UM8nEmuFyft0zHNku1X0rcv5A+QO+9a/KtNTC5Rq1bABwC6/3Bx3IKyEnz6JmZ8 x+Rg4PuHap5WcN78KUDmGJWP1i7eEN2e+lKLJgqI7DIuQE3HyQVKGmVRKolLkI6I7g7r W4pQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712258046; x=1712862846; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Akez/1J4Qb6iNF6NCgcGNV+l9m0ULLqhTgwyXKIYR5w=; b=EY0GoxafG6E+tn+ivC/4F3gnpFLoMIOr2vtj6VkufET2SkYZrLHmRUxEDxKxnsDKRX lMDqHduZyiJU1hiruKe1j1hL/YOSJfgHoM9NtFrdEy16upkwdIjo0KwqhFV8ie9jeOz3 BfJli2tdoayo3pFp4NXZ4sF2Omi1OA91ixP6ysAXgH1wXQwm39D1OgpUTrXsY8XK5cFH k5G9XymdQqzprCtSNxAK4/cTS2Rh3V3DgcIa3IZM+gMDWY4ZHyYqigLipv9+3Ih/+BwH Gp8tlBPRKKK/tdCaZ8oiqT/O9Kza/4RC/IlH6dbu5ppZp/N3M6b75LV7RDkNZ++UvPr9 n2rw== X-Gm-Message-State: AOJu0Yzr8qYQ5cd1bSZ99wpP38ZAWK3Hm6WT8v+ddr5++dSfE+s32HkQ gdeAbKhDsavdcgDe1LDuBIUUXY2F15NQy2Ba2ttFrrvHznQCHqAhuBcH+s4y34QXsIa6xq0HmGd 3 X-Received: by 2002:a17:906:ca04:b0:a4e:8508:d807 with SMTP id jt4-20020a170906ca0400b00a4e8508d807mr2252811ejb.0.1712258046324; Thu, 04 Apr 2024 12:14:06 -0700 (PDT) Received: from m1x-phil.lan ([176.187.216.111]) by smtp.gmail.com with ESMTPSA id l3-20020a1709067d4300b00a466af74ef2sm9352805ejp.2.2024.04.04.12.14.04 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 04 Apr 2024 12:14:05 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Gerd Hoffmann , Amit Shah , "Michael S. Tsirkin" , Alexander Bulekov , "Gonglei (Arei)" , =?utf-8?q?Marc-Andr=C3=A9_Lurea?= =?utf-8?q?u?= , Laurent Vivier , Mauro Matteo Cascella , Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PATCH-for-9.0 4/4] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs Date: Thu, 4 Apr 2024 21:13:39 +0200 Message-ID: <20240404191339.5688-5-philmd@linaro.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240404191339.5688-1-philmd@linaro.org> References: <20240404191339.5688-1-philmd@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::52b; envelope-from=philmd@linaro.org; helo=mail-ed1-x52b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Replace qemu_bh_new_guarded() by virtio_bh_new_guarded() so the bus and device use the same guard. Otherwise the DMA-reentrancy protection can be bypassed. Cc: qemu-stable@nongnu.org Suggested-by: Alexander Bulekov Signed-off-by: Philippe Mathieu-Daudé --- hw/virtio/virtio-crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index fe1313f2ad..ac1b67d1fb 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -1080,8 +1080,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp) vcrypto->vqs[i].dataq = virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh); vcrypto->vqs[i].dataq_bh = - qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i], - &dev->mem_reentrancy_guard); + virtio_bh_new_guarded(vdev, virtio_crypto_dataq_bh, + &vcrypto->vqs[i]); vcrypto->vqs[i].vcrypto = vcrypto; }