Check bus permission in flatview_access_allowed() before running any bus transaction.
There is not change for the default case (MEMTXPERM_UNSPECIFIED). The MEMTXPERM_UNRESTRICTED case works as an allow list. Devices using it won't be checked by flatview_access_allowed(). The only deny list equivalent is MEMTXPERM_RAM_DEVICE: devices using this flag will reject transactions and set the optional MemTxResult to MEMTX_BUS_ERROR. Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> --- softmmu/physmem.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/softmmu/physmem.c b/softmmu/physmem.c index 0d31a2f4199..329542dba75 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c @@ -2772,7 +2772,22 @@ static inline bool flatview_access_allowed(MemoryRegion *mr, MemTxAttrs attrs, hwaddr addr, hwaddr len, MemTxResult *result) { - return true; + if (unlikely(attrs.bus_perm == MEMTXPERM_RAM_DEVICE)) { + if (memory_region_is_ram(mr) || memory_region_is_ram_device(mr)) { + return true; + } + qemu_log_mask(LOG_GUEST_ERROR, + "Invalid access to non-RAM device at " + "addr 0x%" HWADDR_PRIX ", size %" HWADDR_PRIu ", " + "region '%s'\n", addr, len, memory_region_name(mr)); + if (result) { + *result |= MEMTX_BUS_ERROR; + } + return false; + } else { + /* MEMTXPERM_UNRESTRICTED and MEMTXPERM_UNSPECIFIED cases */ + return true; + } } /* Called within RCU critical section. */ -- 2.31.1