9df0eb3b5b
- hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs(CVE-2024-3446) - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs(CVE-2024-3446) - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs(CVE-2024-3446) - hw/virtio: Introduce virtio_bh_new_guarded() helper - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded - checkpatch: add qemu_bh_new/aio_bh_new checks - async: avoid use-after-free on re-entrancy guard - async: Add an optional reentrancy guard to the BH API - util/async: add a human-readable name to BHs for debugging - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set - Include sysemu/sysemu.h a lot less Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
70 lines
2.5 KiB
Diff
70 lines
2.5 KiB
Diff
From 3735895ad5697b52f7af90bb2e37d5f792b01072 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
|
|
Date: Thu, 4 Apr 2024 20:56:11 +0200
|
|
Subject: [PATCH] hw/virtio: Introduce virtio_bh_new_guarded() helper
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Introduce virtio_bh_new_guarded(), similar to qemu_bh_new_guarded()
|
|
but using the transport memory guard, instead of the device one
|
|
(there can only be one virtio device per virtio bus).
|
|
|
|
Inspired-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Acked-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
|
|
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Message-Id: <20240409105537.18308-2-philmd@linaro.org>
|
|
Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
|
|
---
|
|
hw/virtio/virtio.c | 10 ++++++++++
|
|
include/hw/virtio/virtio.h | 8 ++++++++
|
|
2 files changed, 18 insertions(+)
|
|
|
|
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
|
index 79c2dcf54a..cd6757ba98 100644
|
|
--- a/hw/virtio/virtio.c
|
|
+++ b/hw/virtio/virtio.c
|
|
@@ -2850,3 +2850,13 @@ static void virtio_register_types(void)
|
|
}
|
|
|
|
type_init(virtio_register_types)
|
|
+
|
|
+QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev,
|
|
+ QEMUBHFunc *cb, void *opaque,
|
|
+ const char *name)
|
|
+{
|
|
+ DeviceState *transport = qdev_get_parent_bus(dev)->parent;
|
|
+
|
|
+ return qemu_bh_new_full(cb, opaque, name,
|
|
+ &transport->mem_reentrancy_guard);
|
|
+}
|
|
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
|
|
index f9f62370e9..80f03e5ac9 100644
|
|
--- a/include/hw/virtio/virtio.h
|
|
+++ b/include/hw/virtio/virtio.h
|
|
@@ -21,6 +21,7 @@
|
|
#include "qemu/event_notifier.h"
|
|
#include "standard-headers/linux/virtio_config.h"
|
|
#include "standard-headers/linux/virtio_ring.h"
|
|
+#include "block/aio.h"
|
|
|
|
/* A guest should never accept this. It implies negotiation is broken. */
|
|
#define VIRTIO_F_BAD_FEATURE 30
|
|
@@ -378,4 +379,11 @@ static inline void virtio_set_started(VirtIODevice *vdev, bool started)
|
|
vdev->started = started;
|
|
}
|
|
}
|
|
+
|
|
+QEMUBH *virtio_bh_new_guarded_full(DeviceState *dev,
|
|
+ QEMUBHFunc *cb, void *opaque,
|
|
+ const char *name);
|
|
+#define virtio_bh_new_guarded(dev, cb, opaque) \
|
|
+ virtio_bh_new_guarded_full((dev), (cb), (opaque), (stringify(cb)))
|
|
+
|
|
#endif
|
|
--
|
|
2.27.0
|
|
|