On Tuesday, 2023-05-16 at 04:40:02 -04, Alexander Bulekov wrote: > engaged_in_io could be unset by an MR with re-entrancy checks disabled. > Ensure that only MRs that can set the engaged_in_io flag can unset it. > > Closes: https://gitlab.com/qemu-project/qemu/-/issues/1563 > Reported-by: Thomas Huth <[email protected]> > Signed-off-by: Alexander Bulekov <[email protected]>
Reviewed-by: Darren Kenny <[email protected]> > --- > softmmu/memory.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/softmmu/memory.c b/softmmu/memory.c > index b7b3386e9d..26424f1d78 100644 > --- a/softmmu/memory.c > +++ b/softmmu/memory.c > @@ -534,6 +534,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, > unsigned access_size; > unsigned i; > MemTxResult r = MEMTX_OK; > + bool reentrancy_guard_applied = false; > > if (!access_size_min) { > access_size_min = 1; > @@ -552,6 +553,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, > return MEMTX_ACCESS_ERROR; > } > mr->dev->mem_reentrancy_guard.engaged_in_io = true; > + reentrancy_guard_applied = true; > } > > /* FIXME: support unaligned access? */ > @@ -568,7 +570,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, > access_mask, attrs); > } > } > - if (mr->dev) { > + if (mr->dev && reentrancy_guard_applied) { > mr->dev->mem_reentrancy_guard.engaged_in_io = false; > } > return r; > -- > 2.39.0
