From: Peter Xu <peterx@redhat.com>
To: qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>
Cc: peterx@redhat.com, Paolo Bonzini <pbonzini@redhat.com>,
David Hildenbrand <david@redhat.com>
Subject: [PULL 12/14] physmem: teach cpu_memory_rw_debug() to write to more memory regions
Date: Tue, 11 Feb 2025 17:50:56 -0500 [thread overview]
Message-ID: <20250211225059.182533-13-peterx@redhat.com> (raw)
In-Reply-To: <20250211225059.182533-1-peterx@redhat.com>
From: David Hildenbrand <david@redhat.com>
Right now, we only allow for writing to memory regions that allow direct
access using memcpy etc; all other writes are simply ignored. This
implies that debugging guests will not work as expected when writing
to MMIO device regions.
Let's extend cpu_memory_rw_debug() to write to more memory regions,
including MMIO device regions. Reshuffle the condition in
memory_access_is_direct() to make it easier to read and add a comment.
While this change implies that debug access can now also write to MMIO
devices, we now are also permit ELF image loads and similar users of
cpu_memory_rw_debug() to write to MMIO devices; currently we ignore
these writes.
Peter assumes [1] that there's probably a class of guest images, which
will start writing junk (likely zeroes) into device model registers; we
previously would silently ignore any such bogus ELF sections. Likely
these images are of questionable correctness and this can be ignored. If
ever a problem, we could make these cases use address_space_write_rom()
instead, which is left unchanged for now.
This patch is based on previous work by Stefan Zabka.
[1] https://lore.kernel.org/all/CAFEAcA_2CEJKFyjvbwmpt=on=GgMVamQ5hiiVt+zUr6AY3X=Xg@mail.gmail.com/
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/213
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Link: https://lore.kernel.org/r/20250210084648.33798-8-david@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
---
include/exec/memattrs.h | 5 ++++-
include/exec/memory.h | 3 ++-
hw/core/cpu-system.c | 13 +++++++++----
system/physmem.c | 9 ++-------
4 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/include/exec/memattrs.h b/include/exec/memattrs.h
index 060b7e7131..8db1d30464 100644
--- a/include/exec/memattrs.h
+++ b/include/exec/memattrs.h
@@ -44,6 +44,8 @@ typedef struct MemTxAttrs {
* (see MEMTX_ACCESS_ERROR).
*/
unsigned int memory:1;
+ /* Debug access that can even write to ROM. */
+ unsigned int debug:1;
/* Requester ID (for MSI for example) */
unsigned int requester_id:16;
@@ -56,7 +58,8 @@ typedef struct MemTxAttrs {
* Bus masters which don't specify any attributes will get this
* (via the MEMTXATTRS_UNSPECIFIED constant), so that we can
* distinguish "all attributes deliberately clear" from
- * "didn't specify" if necessary.
+ * "didn't specify" if necessary. "debug" can be set alongside
+ * "unspecified".
*/
bool unspecified;
diff --git a/include/exec/memory.h b/include/exec/memory.h
index b18ecf933e..78c4e0aec8 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -3018,7 +3018,8 @@ static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write,
if (!memory_region_supports_direct_access(mr)) {
return false;
}
- if (is_write) {
+ /* Debug access can write to ROM. */
+ if (is_write && !attrs.debug) {
return !mr->readonly && !mr->rom_device;
}
return true;
diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 6aae28a349..6e307c8959 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -51,13 +51,18 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
MemTxAttrs *attrs)
{
CPUClass *cc = CPU_GET_CLASS(cpu);
+ hwaddr paddr;
if (cc->sysemu_ops->get_phys_page_attrs_debug) {
- return cc->sysemu_ops->get_phys_page_attrs_debug(cpu, addr, attrs);
+ paddr = cc->sysemu_ops->get_phys_page_attrs_debug(cpu, addr, attrs);
+ } else {
+ /* Fallback for CPUs which don't implement the _attrs_ hook */
+ *attrs = MEMTXATTRS_UNSPECIFIED;
+ paddr = cc->sysemu_ops->get_phys_page_debug(cpu, addr);
}
- /* Fallback for CPUs which don't implement the _attrs_ hook */
- *attrs = MEMTXATTRS_UNSPECIFIED;
- return cc->sysemu_ops->get_phys_page_debug(cpu, addr);
+ /* Indicate that this is a debug access. */
+ attrs->debug = 1;
+ return paddr;
}
hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
diff --git a/system/physmem.c b/system/physmem.c
index 8745c10c9d..d3efdf13d3 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -3680,13 +3680,8 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
if (l > len)
l = len;
phys_addr += (addr & ~TARGET_PAGE_MASK);
- if (is_write) {
- res = address_space_write_rom(cpu->cpu_ases[asidx].as, phys_addr,
- attrs, buf, l);
- } else {
- res = address_space_read(cpu->cpu_ases[asidx].as, phys_addr,
- attrs, buf, l);
- }
+ res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf,
+ l, is_write);
if (res != MEMTX_OK) {
return -1;
}
--
2.47.0
next prev parent reply other threads:[~2025-02-11 22:51 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-11 22:50 [PULL 00/14] Mem next patches Peter Xu
2025-02-11 22:50 ` [PULL 01/14] system/physmem: take into account fd_offset for file fallocate Peter Xu
2025-02-11 22:50 ` [PULL 02/14] os: add an ability to lock memory on_fault Peter Xu
2025-02-12 14:13 ` Stefan Hajnoczi
2025-02-12 14:17 ` Daniil Tatianin
2025-02-11 22:50 ` [PULL 03/14] system/vl: extract overcommit option parsing into a helper Peter Xu
2025-02-11 22:50 ` [PULL 04/14] system: introduce a new MlockState enum Peter Xu
2025-02-11 22:50 ` [PULL 05/14] overcommit: introduce mem-lock=on-fault Peter Xu
2025-02-11 22:50 ` [PULL 06/14] physmem: factor out memory_region_is_ram_device() check in memory_access_is_direct() Peter Xu
2025-02-11 22:50 ` [PULL 07/14] physmem: factor out RAM/ROMD " Peter Xu
2025-02-11 22:50 ` [PULL 08/14] physmem: factor out direct access check into memory_region_supports_direct_access() Peter Xu
2025-02-11 22:50 ` [PULL 09/14] physmem: disallow direct access to RAM DEVICE in address_space_write_rom() Peter Xu
2025-02-11 22:50 ` [PULL 10/14] memory: pass MemTxAttrs to memory_access_is_direct() Peter Xu
2025-02-11 22:50 ` [PULL 11/14] hmp: use cpu_get_phys_page_debug() in hmp_gva2gpa() Peter Xu
2025-02-11 22:50 ` Peter Xu [this message]
2025-02-11 22:50 ` [PULL 13/14] system/physmem: handle hugetlb correctly in qemu_ram_remap() Peter Xu
2025-02-11 22:50 ` [PULL 14/14] system/physmem: poisoned memory discard on reboot Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250211225059.182533-13-peterx@redhat.com \
--to=peterx@redhat.com \
--cc=david@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).