qemu-block
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/1] hw/ide/core: terminate in-flight DMA on IDE bus reset

From: Simon Rowe
Subject: Re: [PATCH 1/1] hw/ide/core: terminate in-flight DMA on IDE bus reset
Date: Mon, 2 Oct 2023 09:08:44 +0000

On Thursday, 28 September 2023 Fiona Ebner <f.ebner@proxmox.com> wrote:

 

> AFAICT, yes, because the DMA callback is invoked before resetting the
> state now. But not 100% sure if it can't be triggered in some other way,
> maybe Simon knows more? I don't have a reproducer for the CVE either,
> but the second patch after the one linked above adds a qtest for the
> reset scenario.

 

I initially tested an identical change and, yes, it did seem to address the issue. I preferred my final solution because it felt wrong for the DMA to continue after the point the VM is expecting the controller to be reset. I felt it was best to leave the ordering as is (because there are multiple other controllers that use ide_bus_reset()) and terminate the DMA transaction using state that indicates a reset is being performed.

 

I have a test setup that I use to reproduce this (that was mentioned in the original CVE disclosure). My patch ran for 24+ hours successfully. I can test any other proposed fix.

 

Regards

Simon

reply via email to
[Prev in Thread] Current Thread [Next in Thread]