These patches aim to solve two types of DMA-reentrancy issues:
1.) mmio -> dma -> mmio case
To solve this, we track whether the device is engaged in io by
checking/setting a flag within APIs used for MMIO access.
2.) bh -> dma write -> mmio case
This case is trickier, since we dont have a generic way to associate a
bh with the underlying Device/DeviceState. Thus, this version introduces
a change to QEMU's DMA APIs to associate each request with the
origiantor DeviceState. In total, the affected APIs are used in
approximately 250 locations:
dma_memory_valid (1 usage)
dma_memory_rw (~5 uses)
dma_memory_read (~92 uses)
dma_memory_write (~71 uses)
dma_memory_set (~4 uses)
dma_memory_map (~18 uses)
dma_memory_unmap (~21 uses)
{ld,st}_{le,be}_{uw,l,q}_dma (~10 uses)
ldub_dma (does not appear to be used anywhere)
stb_dma (1 usage)
dma_buf_read (~18 uses)
dma_buf_write (~7 uses)
It is not trivial to mechanically replace all of the invocations:
For many cases, this will be as simple as adding DEVICE(s) to the
arguments, but there are locations where the code will need to be
slightly changed. As such, for now I added "_guarded" versions of most
of the APIs which can be used until all of the invocations are fixed.
The end goal is to go through all of hw/ and make the required changes
(I will need help with this). Once that is done, the "_guarded" APIs can
take the place of the standard DMA APIs and we can mecahnically remove
the "_guarded" suffix from all invocations.
These changes do not address devices that bypass DMA apis and directly
call into address_space.. APIs. This occurs somewhat commonly, and
prevents me from fixing issues in Virtio devices, such as:
https://gitlab.com/qemu-project/qemu/-/issues/827
I'm not sure what approach we should take for these cases - maybe they
should be switched to DMA APIs (or the DMA API expanded).
v2 -> v3: Bite the bullet and modify the DMA APIs, rather than
attempting to guess DeviceStates in BHs.
Alexander Bulekov (7):
memory: associate DMA accesses with the initiator Device
dma-helpers: switch to guarded DMA accesses
ahci: switch to guarded DMA acccesses
sdhci: switch to guarded DMA accesses
ehci: switch to guarded DMA accesses
xhci: switch to guarded DMA accesses
usb/libhw: switch to guarded DMA accesses
hw/ide/ahci.c | 16 +++++++++-------
hw/sd/sdhci.c | 43 ++++++++++++++++++++++--------------------
hw/usb/hcd-ehci.c | 8 ++++----
hw/usb/hcd-xhci.c | 24 +++++++++++------------
hw/usb/libhw.c | 4 ++--
include/hw/qdev-core.h | 2 ++
include/sysemu/dma.h | 41 ++++++++++++++++++++++++++++++++++++++++
softmmu/dma-helpers.c | 15 ++++++++-------
softmmu/memory.c | 15 +++++++++++++++
softmmu/trace-events | 1 +
10 files changed, 117 insertions(+), 52 deletions(-)
--
2.27.0
