All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects
@ 2017-11-24 17:52 P J P
  2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 1/2] virtio: check VirtQueue Vring object is set P J P
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: P J P @ 2017-11-24 17:52 UTC (permalink / raw)
  To: Qemu Developers
  Cc: Stefan Hajnoczi, zhangboxian, Paolo Bonzini, Cornelia Huck,
	Prasad J Pandit

From: Prasad J Pandit <pjp@fedoraproject.org>

Hello,

An user could attempt to use an uninitialised VirtQueue object
or set Vring object with undue values, raising an unexpected
exception in Qemu. This patch set fixes this issue and also adds
a unit test to the suite.

Thank you.
--
Prasad J Pandit (2):
  virtio: check VirtQueue Vring object is set
  tests: add test to check VirtQueue object

 hw/virtio/virtio.c      | 14 +++++++++++---
 tests/virtio-blk-test.c | 25 +++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 3 deletions(-)

-- 
2.13.6

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH v2 1/2] virtio: check VirtQueue Vring object is set
  2017-11-24 17:52 [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects P J P
@ 2017-11-24 17:52 ` P J P
  2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 2/2] tests: add test to check VirtQueue object P J P
  2017-11-24 17:59 ` [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects no-reply
  2 siblings, 0 replies; 4+ messages in thread
From: P J P @ 2017-11-24 17:52 UTC (permalink / raw)
  To: Qemu Developers
  Cc: Stefan Hajnoczi, zhangboxian, Paolo Bonzini, Cornelia Huck,
	Prasad J Pandit

From: Prasad J Pandit <pjp@fedoraproject.org>

An user could attempt to use an uninitialised VirtQueue object
or unset Vring.align leading to a arithmetic exception. Add check
to avoid it.

Reported-by: Zhangboxian <zhangboxian@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/virtio/virtio.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

Update: add vring.num check to virtio_queue_set_rings
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg04549.html

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 5884ce3480..f4bfc23344 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -182,7 +182,7 @@ void virtio_queue_update_rings(VirtIODevice *vdev, int n)
 {
     VRing *vring = &vdev->vq[n].vring;
 
-    if (!vring->desc) {
+    if (!vdev->vq[n].vring.num || !vring->desc || !vring->align) {
         /* not yet setup -> nothing to do */
         return;
     }
@@ -1414,6 +1414,9 @@ void virtio_config_modern_writel(VirtIODevice *vdev,
 
 void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr)
 {
+    if (!vdev->vq[n].vring.num) {
+        return;
+    }
     vdev->vq[n].vring.desc = addr;
     virtio_queue_update_rings(vdev, n);
 }
@@ -1426,6 +1429,9 @@ hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n)
 void virtio_queue_set_rings(VirtIODevice *vdev, int n, hwaddr desc,
                             hwaddr avail, hwaddr used)
 {
+    if(!vdev->vq[n].vring.num || !desc || !vdev->vq[n].vring.align) {
+        return;
+    }
     vdev->vq[n].vring.desc = desc;
     vdev->vq[n].vring.avail = avail;
     vdev->vq[n].vring.used = used;
@@ -1494,8 +1500,10 @@ void virtio_queue_set_align(VirtIODevice *vdev, int n, int align)
      */
     assert(k->has_variable_vring_alignment);
 
-    vdev->vq[n].vring.align = align;
-    virtio_queue_update_rings(vdev, n);
+    if (align) {
+        vdev->vq[n].vring.align = align;
+        virtio_queue_update_rings(vdev, n);
+    }
 }
 
 static bool virtio_queue_notify_aio_vq(VirtQueue *vq)
-- 
2.13.6

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH v2 2/2] tests: add test to check VirtQueue object
  2017-11-24 17:52 [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects P J P
  2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 1/2] virtio: check VirtQueue Vring object is set P J P
@ 2017-11-24 17:52 ` P J P
  2017-11-24 17:59 ` [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects no-reply
  2 siblings, 0 replies; 4+ messages in thread
From: P J P @ 2017-11-24 17:52 UTC (permalink / raw)
  To: Qemu Developers
  Cc: Stefan Hajnoczi, zhangboxian, Paolo Bonzini, Cornelia Huck,
	Prasad J Pandit

From: Prasad J Pandit <pjp@fedoraproject.org>

An uninitialised VirtQueue object or one with Vring.align field
set to zero(0) could lead to arithmetic exceptions. Add a unit
test to validate it.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 tests/virtio-blk-test.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

Update: rename the test and add doc comments
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg04578.html

diff --git a/tests/virtio-blk-test.c b/tests/virtio-blk-test.c
index e6fb9bac87..45f368dcd9 100644
--- a/tests/virtio-blk-test.c
+++ b/tests/virtio-blk-test.c
@@ -674,6 +674,30 @@ static void pci_hotplug(void)
     qtest_shutdown(qs);
 }
 
+/*
+ * Check that setting the vring addr on a non-existent virtqueue does
+ * not crash.
+ */
+static void test_nonexistent_virtqueue(void)
+{
+    QPCIBar bar0;
+    QOSState *qs;
+    QPCIDevice *dev;
+
+    qs = pci_test_start();
+    dev = qpci_device_find(qs->pcibus, QPCI_DEVFN(4, 0));
+    g_assert(dev != NULL);
+
+    qpci_device_enable(dev);
+    bar0 = qpci_iomap(dev, 0, NULL);
+
+    qpci_io_writeb(dev, bar0, VIRTIO_PCI_QUEUE_SEL, 2);
+    qpci_io_writel(dev, bar0, VIRTIO_PCI_QUEUE_PFN, 1);
+
+    g_free(dev);
+    qtest_shutdown(qs);
+}
+
 static void mmio_basic(void)
 {
     QVirtioMMIODevice *dev;
@@ -724,6 +748,7 @@ int main(int argc, char **argv)
         qtest_add_func("/virtio/blk/pci/basic", pci_basic);
         qtest_add_func("/virtio/blk/pci/indirect", pci_indirect);
         qtest_add_func("/virtio/blk/pci/config", pci_config);
+        qtest_add_func("/virtio/blk/pci/nxvirtq", test_nonexistent_virtqueue);
         if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
             qtest_add_func("/virtio/blk/pci/msix", pci_msix);
             qtest_add_func("/virtio/blk/pci/idx", pci_idx);
-- 
2.13.6

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects
  2017-11-24 17:52 [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects P J P
  2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 1/2] virtio: check VirtQueue Vring object is set P J P
  2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 2/2] tests: add test to check VirtQueue object P J P
@ 2017-11-24 17:59 ` no-reply
  2 siblings, 0 replies; 4+ messages in thread
From: no-reply @ 2017-11-24 17:59 UTC (permalink / raw)
  To: ppandit; +Cc: famz, qemu-devel, pbonzini, cohuck, zhangboxian, stefanha, pjp

Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects
Type: series
Message-id: 20171124175211.2234-1-ppandit@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
    echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
    if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
        failed=1
        echo
    fi
    n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]               patchew/20171124175211.2234-1-ppandit@redhat.com -> patchew/20171124175211.2234-1-ppandit@redhat.com
Switched to a new branch 'test'
c81077c585 tests: add test to check VirtQueue object
65c6440326 virtio: check VirtQueue Vring object is set

=== OUTPUT BEGIN ===
Checking PATCH 1/2: virtio: check VirtQueue Vring object is set...
ERROR: space required before the open parenthesis '('
#41: FILE: hw/virtio/virtio.c:1432:
+    if(!vdev->vq[n].vring.num || !desc || !vdev->vq[n].vring.align) {

total: 1 errors, 0 warnings, 38 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/2: tests: add test to check VirtQueue object...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-24 18:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-24 17:52 [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects P J P
2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 1/2] virtio: check VirtQueue Vring object is set P J P
2017-11-24 17:52 ` [Qemu-devel] [PATCH v2 2/2] tests: add test to check VirtQueue object P J P
2017-11-24 17:59 ` [Qemu-devel] [PATCH v2 0/2] check VirtiQueue Vring objects no-reply

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.