From: David Hildenbrand <david@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>,
dhildenb@redhat.com, imammedo@redhat.com, ehabkost@redhat.com
Cc: mst@redhat.com, pbonzini@redhat.com, qemu-devel@nongnu.org,
qemu-ppc@nongnu.org
Subject: Re: [Qemu-devel] [RFC 2/5] virtio-balloon: Corrections to address verification
Date: Fri, 12 Oct 2018 09:44:25 +0200 [thread overview]
Message-ID: <0ea22284-a019-4d6b-9951-976174248d5a@redhat.com> (raw)
In-Reply-To: <20181012032431.32693-3-david@gibson.dropbear.id.au>
On 12/10/2018 05:24, David Gibson wrote:
> The virtio-balloon device's verification of the address given to it by the
> guest has a number of faults:
> * The addresses here are guest physical addresses, which should be
> 'hwaddr' rather than 'ram_addr_t' (the distinction is admittedly
> pretty subtle and confusing)
> * We don't check for section.mr being NULL, which is the main way that
> memory_region_find() reports basic failures. We really need to check
> that before looking at any other section fields, because
> memory_region_find() doesn't initialize them on the failure path
> * We're passing a length of '1' to memory_region_find(), but really the
> guest is requesting that we put the entire page into the balloon,
> so it makes more sense to call it with BALLOON_PAGE_SIZE
>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> hw/virtio/virtio-balloon.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 6ec4bcf4e1..e8611aab0e 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -221,17 +221,20 @@ static void virtio_balloon_handle_output(VirtIODevice *vdev, VirtQueue *vq)
> }
>
> while (iov_to_buf(elem->out_sg, elem->out_num, offset, &pfn, 4) == 4) {
> - ram_addr_t pa;
> - ram_addr_t addr;
> + hwaddr pa;
> + hwaddr addr;
> int p = virtio_ldl_p(vdev, &pfn);
>
> - pa = (ram_addr_t) p << VIRTIO_BALLOON_PFN_SHIFT;
> + pa = (hwaddr) p << VIRTIO_BALLOON_PFN_SHIFT;
> offset += 4;
>
> - /* FIXME: remove get_system_memory(), but how? */
Should we leave that fixme? (on the other hand, virtio-balloon operates
on all system mamory, so I also don't really see a way around this ...)
> - section = memory_region_find(get_system_memory(), pa, 1);
> - if (!int128_nz(section.size) ||
> - !memory_region_is_ram(section.mr) ||
> + section = memory_region_find(get_system_memory(), pa,
> + BALLOON_PAGE_SIZE);
> + if (!section.mr) {
> + trace_virtio_balloon_bad_addr(pa);
> + continue;
> + }
> + if (!memory_region_is_ram(section.mr) ||
> memory_region_is_rom(section.mr) ||
> memory_region_is_romd(section.mr)) {
> trace_virtio_balloon_bad_addr(pa);
>
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2018-10-12 7:44 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-12 3:24 [Qemu-devel] [RFC 0/5] Improve balloon handling of pagesizes other than 4kiB David Gibson
2018-10-12 3:24 ` [Qemu-devel] [RFC 1/5] virtio-balloon: Remove unnecessary MADV_WILLNEED on deflate David Gibson
2018-10-12 7:40 ` David Hildenbrand
2018-10-13 6:26 ` David Gibson
2018-10-12 17:41 ` Richard Henderson
2018-10-12 17:59 ` Eric Blake
2018-10-13 6:23 ` David Gibson
2018-10-12 18:05 ` Michael S. Tsirkin
2018-10-15 6:54 ` David Hildenbrand
2018-10-15 10:43 ` Michael S. Tsirkin
2018-10-15 11:14 ` David Hildenbrand
2018-12-04 4:26 ` David Gibson
2018-10-12 3:24 ` [Qemu-devel] [RFC 2/5] virtio-balloon: Corrections to address verification David Gibson
2018-10-12 7:44 ` David Hildenbrand [this message]
2018-10-13 6:25 ` David Gibson
2018-10-12 3:24 ` [Qemu-devel] [RFC 3/5] virtio-balloon: Rework ballon_page() interface David Gibson
2018-10-12 7:46 ` David Hildenbrand
2018-10-13 6:29 ` David Gibson
2018-10-12 3:24 ` [Qemu-devel] [RFC 4/5] virtio-balloon: Use ram_block_discard_range() instead of raw madvise() David Gibson
2018-10-12 3:24 ` [Qemu-devel] [RFC 5/5] virtio-balloon: Safely handle BALLOON_PAGE_SIZE < host page size David Gibson
2018-10-12 8:06 ` David Hildenbrand
2018-10-13 6:40 ` David Gibson
2018-10-15 7:08 ` David Hildenbrand
2018-10-17 3:28 ` David Gibson
2018-10-17 9:56 ` David Hildenbrand
2018-10-23 8:02 ` David Gibson
2018-10-23 15:13 ` David Hildenbrand
2018-10-12 8:32 ` David Hildenbrand
2018-10-13 6:41 ` David Gibson
2018-10-12 17:26 ` [Qemu-devel] [RFC 0/5] Improve balloon handling of pagesizes other than 4kiB Michael S. Tsirkin
2018-10-17 3:31 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0ea22284-a019-4d6b-9951-976174248d5a@redhat.com \
--to=david@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=dhildenb@redhat.com \
--cc=ehabkost@redhat.com \
--cc=imammedo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.