Comment 5 for bug 1886362
Revision history for this message
| Peter Maydell (pmaydell) wrote Re: [Bug 1886362] [NEW] Heap use-after-free in lduw_he_p through e1000e_write_to_rx_buffers | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
On Wed, 15 Jul 2020 at 09:36, Jason Wang <email address hidden> wrote:
> I think the point is to make DMA to MMIO work as real hardware.
I wouldn't care to give a 100% guarantee that asking a real
h/w device to DMA to itself didn't cause it to misbehave :-)
It's more likely to happen-to-work because the DMA engine bit
of a real h/w device is going to be decoupled somewhat from
the respond-
it probably wasn't something the designers were actively
thinking about either...
> For
> e1000e and other networking devices we need make sure such DMA doesn't
> break anything.
Yeah, this is the interesting part for QEMU. How should we
structure devices that do DMA so that we can be sure that
the device emulation at least doesn't crash? We could have
a rule that all devices that do DMA must always postpone
all of that DMA to a bottom-half, but that's a lot of
refactoring of a lot of device code...
thanks
-- PMM