From: Ricardo Koller <ricarkol@google.com>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.cs.columbia.edu>,
LinuxMIPS <linux-mips@vger.kernel.org>,
KVMPPC <kvm-ppc@vger.kernel.org>,
LinuxS390 <linux-s390@vger.kernel.org>,
Linuxkselftest <linux-kselftest@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Will Deacon <will@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Mackerras <paulus@ozlabs.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
David Hildenbrand <david@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Jim Mattson <jmattson@google.com>,
Peter Shier <pshier@google.com>, Oliver Upton <oupton@google.com>,
David Rientjes <rientjes@google.com>,
Emanuele Giuseppe Esposito <eesposit@redhat.com>
Subject: Re: [PATCH v5 2/4] KVM: stats: Add fd-based API to read binary stats data
Date: Wed, 19 May 2021 21:21:50 -0700 [thread overview]
Message-ID: <YKXj3gHvUoLnojzB@google.com> (raw)
In-Reply-To: <20210517145314.157626-3-jingzhangos@google.com>
On Mon, May 17, 2021 at 02:53:12PM +0000, Jing Zhang wrote:
> Provides a file descriptor per VM to read VM stats info/data.
> Provides a file descriptor per vCPU to read vCPU stats info/data.
>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
> arch/arm64/kvm/guest.c | 26 +++++
> arch/mips/kvm/mips.c | 52 +++++++++
> arch/powerpc/kvm/book3s.c | 52 +++++++++
> arch/powerpc/kvm/booke.c | 45 ++++++++
> arch/s390/kvm/kvm-s390.c | 117 ++++++++++++++++++++
> arch/x86/kvm/x86.c | 53 +++++++++
> include/linux/kvm_host.h | 127 ++++++++++++++++++++++
> include/uapi/linux/kvm.h | 50 +++++++++
> virt/kvm/kvm_main.c | 223 ++++++++++++++++++++++++++++++++++++++
> 9 files changed, 745 insertions(+)
>
> +static ssize_t kvm_vcpu_stats_read(struct file *file, char __user *user_buffer,
> + size_t size, loff_t *offset)
> +{
> + char id[KVM_STATS_ID_MAXLEN];
> + struct kvm_vcpu *vcpu = file->private_data;
> + ssize_t copylen, len, remain = size;
> + size_t size_header, size_desc, size_stats;
> + loff_t pos = *offset;
> + char __user *dest = user_buffer;
> + void *src;
Nit. Better to do pointer arithmetic on a "char *". Note that gcc and
clang will do the expected thing.
> +
> + snprintf(id, sizeof(id), "kvm-%d/vcpu-%d",
> + task_pid_nr(current), vcpu->vcpu_id);
> + size_header = sizeof(kvm_vcpu_stats_header);
> + size_desc =
> + kvm_vcpu_stats_header.count * sizeof(struct _kvm_stats_desc);
> + size_stats = sizeof(vcpu->stat);
> +
> + len = sizeof(id) + size_header + size_desc + size_stats - pos;
> + len = min(len, remain);
> + if (len <= 0)
> + return 0;
> + remain = len;
If 'desc_offset' is not right after the header, then the 'len'
calculation is missing the gap into account. For example, assuming there
is a gap of 0x1000000 between the header and the descriptors:
desc_offset = sizeof(id) + size_header + 0x1000000
and the user calls the ioctl with enough space for the whole file,
including the gap:
*offset = 0
size = sizeof(id) + size_header + size_desc + size_stats + 0x1000000
then 'remain' gets the wrong size:
remain = sizeof(id) + size_header + size_desc + size_stats
and ... (more below)
> +
> + /* Copy kvm vcpu stats header id string */
> + copylen = sizeof(id) - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)id + pos;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats header */
> + copylen = sizeof(id) + size_header - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vcpu_stats_header;
> + src += pos - sizeof(id);
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats descriptors */
> + copylen = kvm_vcpu_stats_header.desc_offset + size_desc - pos;
This would be the state at this point:
pos = sizeof(id) + size_header
copylen = sizeof(id) + size_header + 0x1000000 + size_desc - (sizeof(id) + size_header)
= 0x1000000 + size_desc
remain = size_desc + size_stats
> + copylen = min(copylen, remain);
copylen = size_desc + size_stats
which is not enough to copy the descriptors (and the data).
> + if (copylen > 0) {
> + src = (void *)&kvm_vcpu_stats_desc;
> + src += pos - kvm_vcpu_stats_header.desc_offset;
Moreover, src also needs to take the gap into account.
src = &kvm_vcpu_stats_desc + (sizeof(id) + size_header) - (sizeof(id) + size_header + 0x1000000)
= &kvm_vcpu_stats_desc - 0x1000000
Otherwise, src ends up pointing at the wrong place.
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats values */
> + copylen = kvm_vcpu_stats_header.data_offset + size_stats - pos;
The same problem occurs here. There is a potential gap before
data_offset that needs to be taken into account for src and len.
Would it be possible to just ensure that there is no gap? maybe even
remove data_offset and desc_offset and always place them adjacent, and
have the descriptors right after the header.
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&vcpu->stat;
> + src += pos - kvm_vcpu_stats_header.data_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> +
> + *offset = pos;
> + return len;
> +}
> +
>
> +static ssize_t kvm_vm_stats_read(struct file *file, char __user *user_buffer,
> + size_t size, loff_t *offset)
> +{
Consider moving the common code between kvm_vcpu_stats_read and this one
into some function that takes pointers to header, desc, and data. Unless
there is something vcpu or vm specific besides that.
> + char id[KVM_STATS_ID_MAXLEN];
> + struct kvm *kvm = file->private_data;
> + ssize_t copylen, len, remain = size;
> + size_t size_header, size_desc, size_stats;
> + loff_t pos = *offset;
> + char __user *dest = user_buffer;
> + void *src;
> +
> + snprintf(id, sizeof(id), "kvm-%d", task_pid_nr(current));
> + size_header = sizeof(kvm_vm_stats_header);
> + size_desc = kvm_vm_stats_header.count * sizeof(struct _kvm_stats_desc);
> + size_stats = sizeof(kvm->stat);
> +
> + len = sizeof(id) + size_header + size_desc + size_stats - pos;
> + len = min(len, remain);
> + if (len <= 0)
> + return 0;
> + remain = len;
> +
> + /* Copy kvm vm stats header id string */
> + copylen = sizeof(id) - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)id + pos;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats header */
> + copylen = sizeof(id) + size_header - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vm_stats_header;
> + src += pos - sizeof(id);
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats descriptors */
> + copylen = kvm_vm_stats_header.desc_offset + size_desc - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vm_stats_desc;
> + src += pos - kvm_vm_stats_header.desc_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats values */
> + copylen = kvm_vm_stats_header.data_offset + size_stats - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm->stat;
> + src += pos - kvm_vm_stats_header.data_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> +
> + *offset = pos;
> + return len;
> +}
> +
> --
> 2.31.1.751.gd2f1c929bd-goog
>
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Ricardo Koller <ricarkol@google.com>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, David Hildenbrand <david@redhat.com>,
Paul Mackerras <paulus@ozlabs.org>,
Linuxkselftest <linux-kselftest@vger.kernel.org>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Will Deacon <will@kernel.org>,
KVMARM <kvmarm@lists.cs.columbia.edu>,
Emanuele Giuseppe Esposito <eesposit@redhat.com>,
LinuxS390 <linux-s390@vger.kernel.org>,
Janosch Frank <frankja@linux.ibm.com>,
Oliver Upton <oupton@google.com>, Marc Zyngier <maz@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
David Rientjes <rientjes@google.com>,
KVMPPC <kvm-ppc@vger.kernel.org>,
Jim Mattson <jmattson@google.com>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Sean Christopherson <seanjc@google.com>,
Cornelia Huck <cohuck@redhat.com>,
Peter Shier <pshier@google.com>,
LinuxMIPS <linux-mips@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>
Subject: Re: [PATCH v5 2/4] KVM: stats: Add fd-based API to read binary stats data
Date: Wed, 19 May 2021 21:21:50 -0700 [thread overview]
Message-ID: <YKXj3gHvUoLnojzB@google.com> (raw)
In-Reply-To: <20210517145314.157626-3-jingzhangos@google.com>
On Mon, May 17, 2021 at 02:53:12PM +0000, Jing Zhang wrote:
> Provides a file descriptor per VM to read VM stats info/data.
> Provides a file descriptor per vCPU to read vCPU stats info/data.
>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
> arch/arm64/kvm/guest.c | 26 +++++
> arch/mips/kvm/mips.c | 52 +++++++++
> arch/powerpc/kvm/book3s.c | 52 +++++++++
> arch/powerpc/kvm/booke.c | 45 ++++++++
> arch/s390/kvm/kvm-s390.c | 117 ++++++++++++++++++++
> arch/x86/kvm/x86.c | 53 +++++++++
> include/linux/kvm_host.h | 127 ++++++++++++++++++++++
> include/uapi/linux/kvm.h | 50 +++++++++
> virt/kvm/kvm_main.c | 223 ++++++++++++++++++++++++++++++++++++++
> 9 files changed, 745 insertions(+)
>
> +static ssize_t kvm_vcpu_stats_read(struct file *file, char __user *user_buffer,
> + size_t size, loff_t *offset)
> +{
> + char id[KVM_STATS_ID_MAXLEN];
> + struct kvm_vcpu *vcpu = file->private_data;
> + ssize_t copylen, len, remain = size;
> + size_t size_header, size_desc, size_stats;
> + loff_t pos = *offset;
> + char __user *dest = user_buffer;
> + void *src;
Nit. Better to do pointer arithmetic on a "char *". Note that gcc and
clang will do the expected thing.
> +
> + snprintf(id, sizeof(id), "kvm-%d/vcpu-%d",
> + task_pid_nr(current), vcpu->vcpu_id);
> + size_header = sizeof(kvm_vcpu_stats_header);
> + size_desc =
> + kvm_vcpu_stats_header.count * sizeof(struct _kvm_stats_desc);
> + size_stats = sizeof(vcpu->stat);
> +
> + len = sizeof(id) + size_header + size_desc + size_stats - pos;
> + len = min(len, remain);
> + if (len <= 0)
> + return 0;
> + remain = len;
If 'desc_offset' is not right after the header, then the 'len'
calculation is missing the gap into account. For example, assuming there
is a gap of 0x1000000 between the header and the descriptors:
desc_offset = sizeof(id) + size_header + 0x1000000
and the user calls the ioctl with enough space for the whole file,
including the gap:
*offset = 0
size = sizeof(id) + size_header + size_desc + size_stats + 0x1000000
then 'remain' gets the wrong size:
remain = sizeof(id) + size_header + size_desc + size_stats
and ... (more below)
> +
> + /* Copy kvm vcpu stats header id string */
> + copylen = sizeof(id) - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)id + pos;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats header */
> + copylen = sizeof(id) + size_header - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vcpu_stats_header;
> + src += pos - sizeof(id);
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats descriptors */
> + copylen = kvm_vcpu_stats_header.desc_offset + size_desc - pos;
This would be the state at this point:
pos = sizeof(id) + size_header
copylen = sizeof(id) + size_header + 0x1000000 + size_desc - (sizeof(id) + size_header)
= 0x1000000 + size_desc
remain = size_desc + size_stats
> + copylen = min(copylen, remain);
copylen = size_desc + size_stats
which is not enough to copy the descriptors (and the data).
> + if (copylen > 0) {
> + src = (void *)&kvm_vcpu_stats_desc;
> + src += pos - kvm_vcpu_stats_header.desc_offset;
Moreover, src also needs to take the gap into account.
src = &kvm_vcpu_stats_desc + (sizeof(id) + size_header) - (sizeof(id) + size_header + 0x1000000)
= &kvm_vcpu_stats_desc - 0x1000000
Otherwise, src ends up pointing at the wrong place.
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats values */
> + copylen = kvm_vcpu_stats_header.data_offset + size_stats - pos;
The same problem occurs here. There is a potential gap before
data_offset that needs to be taken into account for src and len.
Would it be possible to just ensure that there is no gap? maybe even
remove data_offset and desc_offset and always place them adjacent, and
have the descriptors right after the header.
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&vcpu->stat;
> + src += pos - kvm_vcpu_stats_header.data_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> +
> + *offset = pos;
> + return len;
> +}
> +
>
> +static ssize_t kvm_vm_stats_read(struct file *file, char __user *user_buffer,
> + size_t size, loff_t *offset)
> +{
Consider moving the common code between kvm_vcpu_stats_read and this one
into some function that takes pointers to header, desc, and data. Unless
there is something vcpu or vm specific besides that.
> + char id[KVM_STATS_ID_MAXLEN];
> + struct kvm *kvm = file->private_data;
> + ssize_t copylen, len, remain = size;
> + size_t size_header, size_desc, size_stats;
> + loff_t pos = *offset;
> + char __user *dest = user_buffer;
> + void *src;
> +
> + snprintf(id, sizeof(id), "kvm-%d", task_pid_nr(current));
> + size_header = sizeof(kvm_vm_stats_header);
> + size_desc = kvm_vm_stats_header.count * sizeof(struct _kvm_stats_desc);
> + size_stats = sizeof(kvm->stat);
> +
> + len = sizeof(id) + size_header + size_desc + size_stats - pos;
> + len = min(len, remain);
> + if (len <= 0)
> + return 0;
> + remain = len;
> +
> + /* Copy kvm vm stats header id string */
> + copylen = sizeof(id) - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)id + pos;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats header */
> + copylen = sizeof(id) + size_header - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vm_stats_header;
> + src += pos - sizeof(id);
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats descriptors */
> + copylen = kvm_vm_stats_header.desc_offset + size_desc - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vm_stats_desc;
> + src += pos - kvm_vm_stats_header.desc_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats values */
> + copylen = kvm_vm_stats_header.data_offset + size_stats - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm->stat;
> + src += pos - kvm_vm_stats_header.data_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> +
> + *offset = pos;
> + return len;
> +}
> +
> --
> 2.31.1.751.gd2f1c929bd-goog
>
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Ricardo Koller <ricarkol@google.com>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.cs.columbia.edu>,
LinuxMIPS <linux-mips@vger.kernel.org>,
KVMPPC <kvm-ppc@vger.kernel.org>,
LinuxS390 <linux-s390@vger.kernel.org>,
Linuxkselftest <linux-kselftest@vger.kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Will Deacon <will@kernel.org>,
Huacai Chen <chenhuacai@kernel.org>,
Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Paul Mackerras <paulus@ozlabs.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
David Hildenbrand <david@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Jim Mattson <jmattson@google.com>,
Peter Shier <pshier@google.com>, Oliver Upton <oupton@google.com>,
David Rientjes <rientjes@google.com>,
Emanuele Giuseppe Esposito <eesposit@redhat.com>
Subject: Re: [PATCH v5 2/4] KVM: stats: Add fd-based API to read binary stats data
Date: Thu, 20 May 2021 04:21:50 +0000 [thread overview]
Message-ID: <YKXj3gHvUoLnojzB@google.com> (raw)
In-Reply-To: <20210517145314.157626-3-jingzhangos@google.com>
On Mon, May 17, 2021 at 02:53:12PM +0000, Jing Zhang wrote:
> Provides a file descriptor per VM to read VM stats info/data.
> Provides a file descriptor per vCPU to read vCPU stats info/data.
>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
> arch/arm64/kvm/guest.c | 26 +++++
> arch/mips/kvm/mips.c | 52 +++++++++
> arch/powerpc/kvm/book3s.c | 52 +++++++++
> arch/powerpc/kvm/booke.c | 45 ++++++++
> arch/s390/kvm/kvm-s390.c | 117 ++++++++++++++++++++
> arch/x86/kvm/x86.c | 53 +++++++++
> include/linux/kvm_host.h | 127 ++++++++++++++++++++++
> include/uapi/linux/kvm.h | 50 +++++++++
> virt/kvm/kvm_main.c | 223 ++++++++++++++++++++++++++++++++++++++
> 9 files changed, 745 insertions(+)
>
> +static ssize_t kvm_vcpu_stats_read(struct file *file, char __user *user_buffer,
> + size_t size, loff_t *offset)
> +{
> + char id[KVM_STATS_ID_MAXLEN];
> + struct kvm_vcpu *vcpu = file->private_data;
> + ssize_t copylen, len, remain = size;
> + size_t size_header, size_desc, size_stats;
> + loff_t pos = *offset;
> + char __user *dest = user_buffer;
> + void *src;
Nit. Better to do pointer arithmetic on a "char *". Note that gcc and
clang will do the expected thing.
> +
> + snprintf(id, sizeof(id), "kvm-%d/vcpu-%d",
> + task_pid_nr(current), vcpu->vcpu_id);
> + size_header = sizeof(kvm_vcpu_stats_header);
> + size_desc > + kvm_vcpu_stats_header.count * sizeof(struct _kvm_stats_desc);
> + size_stats = sizeof(vcpu->stat);
> +
> + len = sizeof(id) + size_header + size_desc + size_stats - pos;
> + len = min(len, remain);
> + if (len <= 0)
> + return 0;
> + remain = len;
If 'desc_offset' is not right after the header, then the 'len'
calculation is missing the gap into account. For example, assuming there
is a gap of 0x1000000 between the header and the descriptors:
desc_offset = sizeof(id) + size_header + 0x1000000
and the user calls the ioctl with enough space for the whole file,
including the gap:
*offset = 0
size = sizeof(id) + size_header + size_desc + size_stats + 0x1000000
then 'remain' gets the wrong size:
remain = sizeof(id) + size_header + size_desc + size_stats
and ... (more below)
> +
> + /* Copy kvm vcpu stats header id string */
> + copylen = sizeof(id) - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)id + pos;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats header */
> + copylen = sizeof(id) + size_header - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vcpu_stats_header;
> + src += pos - sizeof(id);
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats descriptors */
> + copylen = kvm_vcpu_stats_header.desc_offset + size_desc - pos;
This would be the state at this point:
pos = sizeof(id) + size_header
copylen = sizeof(id) + size_header + 0x1000000 + size_desc - (sizeof(id) + size_header)
= 0x1000000 + size_desc
remain = size_desc + size_stats
> + copylen = min(copylen, remain);
copylen = size_desc + size_stats
which is not enough to copy the descriptors (and the data).
> + if (copylen > 0) {
> + src = (void *)&kvm_vcpu_stats_desc;
> + src += pos - kvm_vcpu_stats_header.desc_offset;
Moreover, src also needs to take the gap into account.
src = &kvm_vcpu_stats_desc + (sizeof(id) + size_header) - (sizeof(id) + size_header + 0x1000000)
= &kvm_vcpu_stats_desc - 0x1000000
Otherwise, src ends up pointing at the wrong place.
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vcpu stats values */
> + copylen = kvm_vcpu_stats_header.data_offset + size_stats - pos;
The same problem occurs here. There is a potential gap before
data_offset that needs to be taken into account for src and len.
Would it be possible to just ensure that there is no gap? maybe even
remove data_offset and desc_offset and always place them adjacent, and
have the descriptors right after the header.
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&vcpu->stat;
> + src += pos - kvm_vcpu_stats_header.data_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> +
> + *offset = pos;
> + return len;
> +}
> +
>
> +static ssize_t kvm_vm_stats_read(struct file *file, char __user *user_buffer,
> + size_t size, loff_t *offset)
> +{
Consider moving the common code between kvm_vcpu_stats_read and this one
into some function that takes pointers to header, desc, and data. Unless
there is something vcpu or vm specific besides that.
> + char id[KVM_STATS_ID_MAXLEN];
> + struct kvm *kvm = file->private_data;
> + ssize_t copylen, len, remain = size;
> + size_t size_header, size_desc, size_stats;
> + loff_t pos = *offset;
> + char __user *dest = user_buffer;
> + void *src;
> +
> + snprintf(id, sizeof(id), "kvm-%d", task_pid_nr(current));
> + size_header = sizeof(kvm_vm_stats_header);
> + size_desc = kvm_vm_stats_header.count * sizeof(struct _kvm_stats_desc);
> + size_stats = sizeof(kvm->stat);
> +
> + len = sizeof(id) + size_header + size_desc + size_stats - pos;
> + len = min(len, remain);
> + if (len <= 0)
> + return 0;
> + remain = len;
> +
> + /* Copy kvm vm stats header id string */
> + copylen = sizeof(id) - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)id + pos;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats header */
> + copylen = sizeof(id) + size_header - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vm_stats_header;
> + src += pos - sizeof(id);
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats descriptors */
> + copylen = kvm_vm_stats_header.desc_offset + size_desc - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm_vm_stats_desc;
> + src += pos - kvm_vm_stats_header.desc_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> + /* Copy kvm vm stats values */
> + copylen = kvm_vm_stats_header.data_offset + size_stats - pos;
> + copylen = min(copylen, remain);
> + if (copylen > 0) {
> + src = (void *)&kvm->stat;
> + src += pos - kvm_vm_stats_header.data_offset;
> + if (copy_to_user(dest, src, copylen))
> + return -EFAULT;
> + remain -= copylen;
> + pos += copylen;
> + dest += copylen;
> + }
> +
> + *offset = pos;
> + return len;
> +}
> +
> --
> 2.31.1.751.gd2f1c929bd-goog
>
> _______________________________________________
> kvmarm mailing list
> kvmarm@lists.cs.columbia.edu
> https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2021-05-20 4:21 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 14:53 [PATCH v5 0/4] KVM statistics data fd-based binary interface Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-17 14:53 ` [PATCH v5 1/4] KVM: stats: Separate common stats from architecture specific ones Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-17 23:39 ` David Matlack
2021-05-17 23:39 ` David Matlack
2021-05-17 23:39 ` David Matlack
2021-05-18 0:10 ` Jing Zhang
2021-05-18 0:10 ` Jing Zhang
2021-05-18 0:10 ` Jing Zhang
2021-05-18 16:27 ` David Matlack
2021-05-18 16:27 ` David Matlack
2021-05-18 16:27 ` David Matlack
2021-05-18 17:25 ` Jing Zhang
2021-05-18 17:25 ` Jing Zhang
2021-05-18 17:25 ` Jing Zhang
2021-05-18 18:40 ` Krish Sadhukhan
2021-05-18 18:40 ` Krish Sadhukhan
2021-05-18 18:40 ` Krish Sadhukhan
2021-05-21 19:04 ` Jing Zhang
2021-05-21 19:04 ` Jing Zhang
2021-05-21 19:04 ` Jing Zhang
2021-05-17 14:53 ` [PATCH v5 2/4] KVM: stats: Add fd-based API to read binary stats data Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-19 17:12 ` David Matlack
2021-05-19 17:12 ` David Matlack
2021-05-19 17:12 ` David Matlack
2021-05-19 19:02 ` Jing Zhang
2021-05-19 19:02 ` Jing Zhang
2021-05-19 19:02 ` Jing Zhang
2021-05-20 4:21 ` Ricardo Koller [this message]
2021-05-20 4:21 ` Ricardo Koller
2021-05-20 4:21 ` Ricardo Koller
2021-05-20 17:37 ` Jing Zhang
2021-05-20 17:37 ` Jing Zhang
2021-05-20 17:37 ` Jing Zhang
2021-05-20 18:58 ` Ricardo Koller
2021-05-20 18:58 ` Ricardo Koller
2021-05-20 18:58 ` Ricardo Koller
2021-05-20 19:46 ` Jing Zhang
2021-05-20 19:46 ` Jing Zhang
2021-05-20 19:46 ` Jing Zhang
2021-05-20 20:50 ` Ricardo Koller
2021-05-20 20:50 ` Ricardo Koller
2021-05-20 20:50 ` Ricardo Koller
2021-05-20 21:14 ` Jing Zhang
2021-05-20 21:14 ` Jing Zhang
2021-05-20 21:14 ` Jing Zhang
2021-05-17 14:53 ` [PATCH v5 3/4] KVM: stats: Add documentation for statistics data binary interface Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-19 16:57 ` David Matlack
2021-05-19 16:57 ` David Matlack
2021-05-19 16:57 ` David Matlack
2021-05-19 19:29 ` Jing Zhang
2021-05-19 19:29 ` Jing Zhang
2021-05-19 19:29 ` Jing Zhang
2021-05-19 20:30 ` Jing Zhang
2021-05-19 20:30 ` Jing Zhang
2021-05-19 20:30 ` Jing Zhang
2021-05-19 17:02 ` David Matlack
2021-05-19 17:02 ` David Matlack
2021-05-19 17:02 ` David Matlack
2021-05-19 19:30 ` Jing Zhang
2021-05-19 19:30 ` Jing Zhang
2021-05-19 19:30 ` Jing Zhang
2021-05-17 14:53 ` [PATCH v5 4/4] KVM: selftests: Add selftest for KVM " Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-17 14:53 ` Jing Zhang
2021-05-19 17:21 ` David Matlack
2021-05-19 17:21 ` David Matlack
2021-05-19 17:21 ` David Matlack
2021-05-19 17:58 ` Jing Zhang
2021-05-19 17:58 ` Jing Zhang
2021-05-19 17:58 ` Jing Zhang
2021-05-19 22:00 ` Ricardo Koller
2021-05-19 22:00 ` Ricardo Koller
2021-05-19 22:00 ` Ricardo Koller
2021-05-19 22:54 ` Jing Zhang
2021-05-19 22:54 ` Jing Zhang
2021-05-19 22:54 ` Jing Zhang
2021-05-20 21:30 ` Jing Zhang
2021-05-20 21:30 ` Jing Zhang
2021-05-20 21:30 ` Jing Zhang
2021-05-17 14:55 ` [PATCH v5 0/4] KVM statistics data fd-based " Jing Zhang
2021-05-17 14:55 ` Jing Zhang
2021-05-17 14:55 ` Jing Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YKXj3gHvUoLnojzB@google.com \
--to=ricarkol@google.com \
--cc=aleksandar.qemu.devel@gmail.com \
--cc=borntraeger@de.ibm.com \
--cc=chenhuacai@kernel.org \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eesposit@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=james.morse@arm.com \
--cc=jingzhangos@google.com \
--cc=jmattson@google.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oupton@google.com \
--cc=paulus@ozlabs.org \
--cc=pbonzini@redhat.com \
--cc=pshier@google.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tsbogend@alpha.franken.de \
--cc=vkuznets@redhat.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.