[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: fuzz: fuzz_dma_read_cb() may overlap with MMIO regions
|
From: |
Qiuhao Li |
|
Subject: |
Re: fuzz: fuzz_dma_read_cb() may overlap with MMIO regions |
|
Date: |
Mon, 23 Aug 2021 21:23:09 +0800 |
|
User-agent: |
Evolution 3.40.0-1 |
Aha! Nice patch.
My fault. I will search first next time :)
Thanks.
Qiuhao Li
On Mon, 2021-08-23 at 08:41 -0400, Alexander Bulekov wrote:
> On 210823 2034, Qiuhao Li wrote:
> > I think the check in fuzz_dma_read_cb() is buggy because it doesn't
> > consider when the write address is not in the mmio region but can
> > overlap. For example, the mmio region is 0xe0000000 to 0xe0001000,
> > and
> > the write address is 0xdffff000 (not ram) and length is 0x2000. In
> > this
> > case, the address_space_translate() will return the sparse_mem_mr
> > we
> > created, thus bypassing the check and call qtest_memwrite().
> >
> > Perhaps we need more detailed checks to ensure that the entire
> > write
> > operation occurs in the ram or won't overlap with mmio regions.
> > What do
> > you think?
> >
> >
>
> Good catch. I think this will fix that:
> https://lore.kernel.org/qemu-devel/20210713150037.9297-2-alxndr@bu.edu/
>
> I mentioned that there were some fixes waiting for the 6.1 release,
> but
> didn't realize you were talking about what seems to be the same
> issue.
> -Alex