1 Star 0 Fork 126

ZhangBo/qemu_src

forked from src-openEuler/qemu 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
dma-Let-ld-_dma-propagate-MemTxResult.patch 7.56 KB
一键复制 编辑 原始数据 按行查看 历史
yezengruan 提交于 2022-06-09 17:10 . fix CVE-2021-3611
From e52e5e44ca9afd06639cc166b60cc8fbdb081593 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Fri, 17 Dec 2021 22:31:11 +0100
Subject: [PATCH 18/25] dma: Let ld*_dma() propagate MemTxResult
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
dma_memory_read() returns a MemTxResult type. Do not discard
it, return it to the caller.
Update the few callers.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211223115554.3155328-19-philmd@redhat.com>
---
hw/intc/pnv_xive.c | 8 ++++----
hw/usb/hcd-xhci.c | 7 ++++---
include/hw/pci/pci.h | 6 ++++--
include/hw/ppc/spapr_vio.h | 6 +++++-
include/sysemu/dma.h | 25 ++++++++++++-------------
5 files changed, 29 insertions(+), 23 deletions(-)
diff --git a/hw/intc/pnv_xive.c b/hw/intc/pnv_xive.c
index d9249bbc0c..bb207514f2 100644
--- a/hw/intc/pnv_xive.c
+++ b/hw/intc/pnv_xive.c
@@ -172,7 +172,7 @@ static uint64_t pnv_xive_vst_addr_indirect(PnvXive *xive, uint32_t type,
/* Get the page size of the indirect table. */
vsd_addr = vsd & VSD_ADDRESS_MASK;
- vsd = ldq_be_dma(&address_space_memory, vsd_addr, MEMTXATTRS_UNSPECIFIED);
+ ldq_be_dma(&address_space_memory, vsd_addr, &vsd, MEMTXATTRS_UNSPECIFIED);
if (!(vsd & VSD_ADDRESS_MASK)) {
#ifdef XIVE_DEBUG
@@ -195,8 +195,8 @@ static uint64_t pnv_xive_vst_addr_indirect(PnvXive *xive, uint32_t type,
/* Load the VSD we are looking for, if not already done */
if (vsd_idx) {
vsd_addr = vsd_addr + vsd_idx * XIVE_VSD_SIZE;
- vsd = ldq_be_dma(&address_space_memory, vsd_addr,
- MEMTXATTRS_UNSPECIFIED);
+ ldq_be_dma(&address_space_memory, vsd_addr, &vsd,
+ MEMTXATTRS_UNSPECIFIED);
if (!(vsd & VSD_ADDRESS_MASK)) {
#ifdef XIVE_DEBUG
@@ -543,7 +543,7 @@ static uint64_t pnv_xive_vst_per_subpage(PnvXive *xive, uint32_t type)
/* Get the page size of the indirect table. */
vsd_addr = vsd & VSD_ADDRESS_MASK;
- vsd = ldq_be_dma(&address_space_memory, vsd_addr, MEMTXATTRS_UNSPECIFIED);
+ ldq_be_dma(&address_space_memory, vsd_addr, &vsd, MEMTXATTRS_UNSPECIFIED);
if (!(vsd & VSD_ADDRESS_MASK)) {
#ifdef XIVE_DEBUG
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 1f7b796ce3..30c477f36e 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -2063,7 +2063,7 @@ static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
assert(slotid >= 1 && slotid <= xhci->numslots);
dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
- poctx = ldq_le_dma(xhci->as, dcbaap + 8 * slotid, MEMTXATTRS_UNSPECIFIED);
+ ldq_le_dma(xhci->as, dcbaap + 8 * slotid, &poctx, MEMTXATTRS_UNSPECIFIED);
ictx = xhci_mask64(pictx);
octx = xhci_mask64(poctx);
@@ -3433,6 +3433,7 @@ static int usb_xhci_post_load(void *opaque, int version_id)
uint32_t slot_ctx[4];
uint32_t ep_ctx[5];
int slotid, epid, state;
+ uint64_t addr;
dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
@@ -3441,8 +3442,8 @@ static int usb_xhci_post_load(void *opaque, int version_id)
if (!slot->addressed) {
continue;
}
- slot->ctx = xhci_mask64(ldq_le_dma(xhci->as, dcbaap + 8 * slotid,
- MEMTXATTRS_UNSPECIFIED));
+ ldq_le_dma(xhci->as, dcbaap + 8 * slotid, &addr, MEMTXATTRS_UNSPECIFIED);
+ slot->ctx = xhci_mask64(addr);
xhci_dma_read_u32s(xhci, slot->ctx, slot_ctx, sizeof(slot_ctx));
slot->uport = xhci_lookup_uport(xhci, slot_ctx);
if (!slot->uport) {
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index b287b3a19f..71c6513641 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -869,8 +869,10 @@ static inline MemTxResult pci_dma_write(PCIDevice *dev, dma_addr_t addr,
static inline uint##_bits##_t ld##_l##_pci_dma(PCIDevice *dev, \
dma_addr_t addr) \
{ \
- return ld##_l##_dma(pci_get_address_space(dev), addr, \
- MEMTXATTRS_UNSPECIFIED); \
+ uint##_bits##_t val; \
+ ld##_l##_dma(pci_get_address_space(dev), addr, &val, \
+ MEMTXATTRS_UNSPECIFIED); \
+ return val; \
} \
static inline void st##_s##_pci_dma(PCIDevice *dev, \
dma_addr_t addr, uint##_bits##_t val) \
diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index d2ec9b0637..7eae1a4847 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -127,7 +127,11 @@ static inline int spapr_vio_dma_set(SpaprVioDevice *dev, uint64_t taddr,
#define vio_stq(_dev, _addr, _val) \
(stq_be_dma(&(_dev)->as, (_addr), (_val), MEMTXATTRS_UNSPECIFIED))
#define vio_ldq(_dev, _addr) \
- (ldq_be_dma(&(_dev)->as, (_addr), MEMTXATTRS_UNSPECIFIED))
+ ({ \
+ uint64_t _val; \
+ ldq_be_dma(&(_dev)->as, (_addr), &_val, MEMTXATTRS_UNSPECIFIED); \
+ _val; \
+ })
int spapr_vio_send_crq(SpaprVioDevice *dev, uint8_t *crq);
diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
index 895044d747..b3faef41b2 100644
--- a/include/sysemu/dma.h
+++ b/include/sysemu/dma.h
@@ -240,14 +240,15 @@ static inline void dma_memory_unmap(AddressSpace *as,
}
#define DEFINE_LDST_DMA(_lname, _sname, _bits, _end) \
- static inline uint##_bits##_t ld##_lname##_##_end##_dma(AddressSpace *as, \
- dma_addr_t addr, \
- MemTxAttrs attrs) \
- { \
- uint##_bits##_t val; \
- dma_memory_read(as, addr, &val, (_bits) / 8, attrs); \
- return _end##_bits##_to_cpu(val); \
- } \
+ static inline MemTxResult ld##_lname##_##_end##_dma(AddressSpace *as, \
+ dma_addr_t addr, \
+ uint##_bits##_t *pval, \
+ MemTxAttrs attrs) \
+ { \
+ MemTxResult res = dma_memory_read(as, addr, pval, (_bits) / 8, attrs); \
+ _end##_bits##_to_cpus(pval); \
+ return res; \
+ } \
static inline MemTxResult st##_sname##_##_end##_dma(AddressSpace *as, \
dma_addr_t addr, \
uint##_bits##_t val, \
@@ -257,12 +258,10 @@ static inline void dma_memory_unmap(AddressSpace *as,
return dma_memory_write(as, addr, &val, (_bits) / 8, attrs); \
}
-static inline uint8_t ldub_dma(AddressSpace *as, dma_addr_t addr, MemTxAttrs attrs)
+static inline MemTxResult ldub_dma(AddressSpace *as, dma_addr_t addr,
+ uint8_t *val, MemTxAttrs attrs)
{
- uint8_t val;
-
- dma_memory_read(as, addr, &val, 1, attrs);
- return val;
+ return dma_memory_read(as, addr, val, 1, attrs);
}
static inline MemTxResult stb_dma(AddressSpace *as, dma_addr_t addr,
--
2.27.0
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/ooorz/qemu_src.git
git@gitee.com:ooorz/qemu_src.git
ooorz
qemu_src
qemu_src
master

搜索帮助