From 05cd02d6c64d0e7786eb0e55e34703d0697f08a9 Mon Sep 17 00:00:00 2001 From: Alexander Duyck Date: Thu, 30 Apr 2020 07:25:57 -0400 Subject: [PATCH] memory: Do not allow direct write access to rom_device regions According to the documentation in memory.h a ROM memory region will be backed by RAM for reads, but is supposed to go through a callback for writes. Currently we were not checking for the existence of the rom_device flag when determining if we could perform a direct write or not. To correct that add a check to memory_region_is_direct so that if the memory region has the rom_device flag set we will return false for all checks where is_write is set. Backports commit d489ae4ac57ebe14bde8384556cbac237ead988d from qemu --- qemu/include/exec/memory.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qemu/include/exec/memory.h b/qemu/include/exec/memory.h index 459eb51d..3c09aef4 100644 --- a/qemu/include/exec/memory.h +++ b/qemu/include/exec/memory.h @@ -1348,8 +1348,8 @@ void *qemu_map_ram_ptr(struct uc_struct *uc, RAMBlock *ram_block, static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write) { if (is_write) { - return memory_region_is_ram(mr) && - !mr->readonly && !memory_region_is_ram_device(mr); + return memory_region_is_ram(mr) && !mr->readonly && + !mr->rom_device && !memory_region_is_ram_device(mr); } else { return (memory_region_is_ram(mr) && !memory_region_is_ram_device(mr)) || memory_region_is_romd(mr);