From: Stefano Garzarella <sgarzare@redhat.com>
To: virtualization@lists.linux-foundation.org
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>
Subject: [RFC PATCH 08/10] vhost/vdpa: allow user space to pass buffers bigger than config space
Date: Tue, 16 Feb 2021 10:44:52 +0100 [thread overview]
Message-ID: <20210216094454.82106-9-sgarzare@redhat.com> (raw)
In-Reply-To: <20210216094454.82106-1-sgarzare@redhat.com>
vdpa_get_config() and vdpa_set_config() now are able to read/write
only the bytes available in the device configuration space, also if
the buffer provided is bigger than that.
Let's use this feature to allow the user space application to pass any
buffer. We limit the size of the internal bounce buffer allocated with
the device config size.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
drivers/vhost/vdpa.c | 36 ++++++++++++++++++++----------------
1 file changed, 20 insertions(+), 16 deletions(-)
diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
index cdd8f24168b2..544f8582a42b 100644
--- a/drivers/vhost/vdpa.c
+++ b/drivers/vhost/vdpa.c
@@ -185,10 +185,10 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
return 0;
}
-static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
- struct vhost_vdpa_config *c)
+static ssize_t vhost_vdpa_config_validate(struct vhost_vdpa *v,
+ struct vhost_vdpa_config *c)
{
- long size = 0;
+ u32 size = 0;
switch (v->virtio_id) {
case VIRTIO_ID_NET:
@@ -199,10 +199,7 @@ static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
if (c->len == 0)
return -EINVAL;
- if (c->len > size - c->off)
- return -E2BIG;
-
- return 0;
+ return min(c->len, size);
}
static long vhost_vdpa_get_config(struct vhost_vdpa *v,
@@ -211,19 +208,23 @@ static long vhost_vdpa_get_config(struct vhost_vdpa *v,
struct vdpa_device *vdpa = v->vdpa;
struct vhost_vdpa_config config;
unsigned long size = offsetof(struct vhost_vdpa_config, buf);
+ ssize_t config_size;
u8 *buf;
if (copy_from_user(&config, c, size))
return -EFAULT;
- if (vhost_vdpa_config_validate(v, &config))
- return -EINVAL;
- buf = kvzalloc(config.len, GFP_KERNEL);
+
+ config_size = vhost_vdpa_config_validate(v, &config);
+ if (config_size <= 0)
+ return config_size;
+
+ buf = kvzalloc(config_size, GFP_KERNEL);
if (!buf)
return -ENOMEM;
- vdpa_get_config(vdpa, config.off, buf, config.len);
+ vdpa_get_config(vdpa, config.off, buf, config_size);
- if (copy_to_user(c->buf, buf, config.len)) {
+ if (copy_to_user(c->buf, buf, config_size)) {
kvfree(buf);
return -EFAULT;
}
@@ -238,18 +239,21 @@ static long vhost_vdpa_set_config(struct vhost_vdpa *v,
struct vdpa_device *vdpa = v->vdpa;
struct vhost_vdpa_config config;
unsigned long size = offsetof(struct vhost_vdpa_config, buf);
+ ssize_t config_size;
u8 *buf;
if (copy_from_user(&config, c, size))
return -EFAULT;
- if (vhost_vdpa_config_validate(v, &config))
- return -EINVAL;
- buf = vmemdup_user(c->buf, config.len);
+ config_size = vhost_vdpa_config_validate(v, &config);
+ if (config_size <= 0)
+ return config_size;
+
+ buf = vmemdup_user(c->buf, config_size);
if (IS_ERR(buf))
return PTR_ERR(buf);
- vdpa_set_config(vdpa, config.off, buf, config.len);
+ vdpa_set_config(vdpa, config.off, buf, config_size);
kvfree(buf);
return 0;
--
2.29.2
WARNING: multiple messages have this Message-ID (diff)
From: Stefano Garzarella <sgarzare@redhat.com>
To: virtualization@lists.linux-foundation.org
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: [RFC PATCH 08/10] vhost/vdpa: allow user space to pass buffers bigger than config space
Date: Tue, 16 Feb 2021 10:44:52 +0100 [thread overview]
Message-ID: <20210216094454.82106-9-sgarzare@redhat.com> (raw)
In-Reply-To: <20210216094454.82106-1-sgarzare@redhat.com>
vdpa_get_config() and vdpa_set_config() now are able to read/write
only the bytes available in the device configuration space, also if
the buffer provided is bigger than that.
Let's use this feature to allow the user space application to pass any
buffer. We limit the size of the internal bounce buffer allocated with
the device config size.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
drivers/vhost/vdpa.c | 36 ++++++++++++++++++++----------------
1 file changed, 20 insertions(+), 16 deletions(-)
diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
index cdd8f24168b2..544f8582a42b 100644
--- a/drivers/vhost/vdpa.c
+++ b/drivers/vhost/vdpa.c
@@ -185,10 +185,10 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp)
return 0;
}
-static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
- struct vhost_vdpa_config *c)
+static ssize_t vhost_vdpa_config_validate(struct vhost_vdpa *v,
+ struct vhost_vdpa_config *c)
{
- long size = 0;
+ u32 size = 0;
switch (v->virtio_id) {
case VIRTIO_ID_NET:
@@ -199,10 +199,7 @@ static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
if (c->len == 0)
return -EINVAL;
- if (c->len > size - c->off)
- return -E2BIG;
-
- return 0;
+ return min(c->len, size);
}
static long vhost_vdpa_get_config(struct vhost_vdpa *v,
@@ -211,19 +208,23 @@ static long vhost_vdpa_get_config(struct vhost_vdpa *v,
struct vdpa_device *vdpa = v->vdpa;
struct vhost_vdpa_config config;
unsigned long size = offsetof(struct vhost_vdpa_config, buf);
+ ssize_t config_size;
u8 *buf;
if (copy_from_user(&config, c, size))
return -EFAULT;
- if (vhost_vdpa_config_validate(v, &config))
- return -EINVAL;
- buf = kvzalloc(config.len, GFP_KERNEL);
+
+ config_size = vhost_vdpa_config_validate(v, &config);
+ if (config_size <= 0)
+ return config_size;
+
+ buf = kvzalloc(config_size, GFP_KERNEL);
if (!buf)
return -ENOMEM;
- vdpa_get_config(vdpa, config.off, buf, config.len);
+ vdpa_get_config(vdpa, config.off, buf, config_size);
- if (copy_to_user(c->buf, buf, config.len)) {
+ if (copy_to_user(c->buf, buf, config_size)) {
kvfree(buf);
return -EFAULT;
}
@@ -238,18 +239,21 @@ static long vhost_vdpa_set_config(struct vhost_vdpa *v,
struct vdpa_device *vdpa = v->vdpa;
struct vhost_vdpa_config config;
unsigned long size = offsetof(struct vhost_vdpa_config, buf);
+ ssize_t config_size;
u8 *buf;
if (copy_from_user(&config, c, size))
return -EFAULT;
- if (vhost_vdpa_config_validate(v, &config))
- return -EINVAL;
- buf = vmemdup_user(c->buf, config.len);
+ config_size = vhost_vdpa_config_validate(v, &config);
+ if (config_size <= 0)
+ return config_size;
+
+ buf = vmemdup_user(c->buf, config_size);
if (IS_ERR(buf))
return PTR_ERR(buf);
- vdpa_set_config(vdpa, config.off, buf, config.len);
+ vdpa_set_config(vdpa, config.off, buf, config_size);
kvfree(buf);
return 0;
--
2.29.2
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-02-16 9:51 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-16 9:44 [RFC PATCH 00/10] vdpa: get/set_config() rework Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 01/10] vdpa: add get_config_size callback in vdpa_config_ops Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-03-02 4:14 ` Jason Wang
2021-03-02 4:14 ` Jason Wang
2021-03-02 14:15 ` Stefano Garzarella
2021-03-02 14:15 ` Stefano Garzarella
2021-03-04 8:34 ` Jason Wang
2021-03-04 8:34 ` Jason Wang
2021-03-05 8:38 ` Stefano Garzarella
2021-03-05 8:38 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 02/10] vdpa: check vdpa_get_config() parameters and return bytes read Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 03/10] vdpa: add vdpa_set_config() helper Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 04/10] vdpa: remove param checks in the get/set_config callbacks Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 05/10] vdpa: remove WARN_ON() " Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 06/10] virtio_vdpa: use vdpa_set_config() Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 07/10] vhost/vdpa: " Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella [this message]
2021-02-16 9:44 ` [RFC PATCH 08/10] vhost/vdpa: allow user space to pass buffers bigger than config space Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 09/10] vhost/vdpa: use get_config_size callback in vhost_vdpa_config_validate() Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-02-16 9:44 ` [RFC PATCH 10/10] vhost/vdpa: return configuration bytes read and written to user space Stefano Garzarella
2021-02-16 9:44 ` Stefano Garzarella
2021-03-02 4:05 ` Jason Wang
2021-03-02 4:05 ` Jason Wang
2021-03-02 14:06 ` Stefano Garzarella
2021-03-02 14:06 ` Stefano Garzarella
2021-03-04 8:31 ` Jason Wang
2021-03-04 8:31 ` Jason Wang
2021-03-05 8:37 ` Stefano Garzarella
2021-03-05 8:37 ` Stefano Garzarella
2021-03-08 3:59 ` Jason Wang
2021-03-08 3:59 ` Jason Wang
2021-03-01 8:17 ` [RFC PATCH 00/10] vdpa: get/set_config() rework Stefano Garzarella
2021-03-01 8:17 ` Stefano Garzarella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210216094454.82106-9-sgarzare@redhat.com \
--to=sgarzare@redhat.com \
--cc=jasowang@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.