From: Cornelia Huck <cornelia.huck@de.ibm.com>
To: Jason Wang <jasowang@redhat.com>
Cc: mst@redhat.com, qemu-devel@nongnu.org,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH V3 2/3] virtio: destroy region cache during reset
Date: Tue, 14 Mar 2017 10:29:18 +0100 [thread overview]
Message-ID: <20170314102918.3dce0075.cornelia.huck@de.ibm.com> (raw)
In-Reply-To: <1489460502-6686-3-git-send-email-jasowang@redhat.com>
On Tue, 14 Mar 2017 11:01:41 +0800
Jason Wang <jasowang@redhat.com> wrote:
> We don't destroy region cache during reset which can make the maps
> of previous driver leaked to a buggy or malicious driver that don't
> set vring address before starting to use the device. Fix this by
> destroy the region cache during reset and validate it before trying to
> see them.
>
> Cc: Cornelia Huck <cornelia.huck@de.ibm.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> Changes from V2:
> - introduce a helper and assert caches != NULL
> Changes from v1:
> - switch to use rcu in virtio_virtqueue_region_cache()
> - use unlikely() when needed
> ---
> hw/virtio/virtio.c | 46 ++++++++++++++++++++++++++++++----------------
> 1 file changed, 30 insertions(+), 16 deletions(-)
>
> @@ -249,11 +255,10 @@ static inline void vring_used_idx_set(VirtQueue *vq, uint16_t val)
> /* Called within rcu_read_lock(). */
> static inline void vring_used_flags_set_bit(VirtQueue *vq, int mask)
> {
> - VRingMemoryRegionCaches *caches = atomic_rcu_read(&vq->vring.caches);
> + VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
> VirtIODevice *vdev = vq->vdev;
> hwaddr pa = offsetof(VRingUsed, flags);
> uint16_t flags = virtio_lduw_phys_cached(vq->vdev, &caches->used, pa);
> -
Unrelated whitespace change.
> virtio_stw_phys_cached(vdev, &caches->used, pa, flags | mask);
> address_space_cache_invalidate(&caches->used, pa, sizeof(flags));
> }
Other than that:
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
next prev parent reply other threads:[~2017-03-14 9:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-14 3:01 [Qemu-devel] [PATCH V3 0/3] Several fixes for virito region caches Jason Wang
2017-03-14 3:01 ` [Qemu-devel] [PATCH V3 1/3] virtio: guard against NULL pfn Jason Wang
2017-03-14 9:22 ` Cornelia Huck
2017-03-14 3:01 ` [Qemu-devel] [PATCH V3 2/3] virtio: destroy region cache during reset Jason Wang
2017-03-14 9:29 ` Cornelia Huck [this message]
2017-03-15 2:14 ` Jason Wang
2017-03-15 3:17 ` Michael S. Tsirkin
2017-03-14 3:01 ` [Qemu-devel] [PATCH V3 3/3] virtio: validate address space cache during init Jason Wang
2017-03-14 8:35 ` [Qemu-devel] [PATCH V3 0/3] Several fixes for virito region caches Zhang Chen
2017-03-15 2:13 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170314102918.3dce0075.cornelia.huck@de.ibm.com \
--to=cornelia.huck@de.ibm.com \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.