From: Dima Stepanov <dimastep@yandex-team.ru>
To: Jason Wang <jasowang@redhat.com>
Cc: fam@euphon.net, kwolf@redhat.com, yc-core@yandex-team.ru,
qemu-block@nongnu.org, mst@redhat.com, qemu-devel@nongnu.org,
dgilbert@redhat.com, arei.gonglei@huawei.com,
raphael.norwitz@nutanix.com, fengli@smartx.com,
stefanha@redhat.com, marcandre.lureau@redhat.com,
pbonzini@redhat.com, mreitz@redhat.com
Subject: Re: [PATCH v2 4/5] vhost: check vring address before calling unmap
Date: Mon, 11 May 2020 12:11:17 +0300 [thread overview]
Message-ID: <20200511091117.GB27319@dimastep-nix> (raw)
In-Reply-To: <4a03e4aa-3a21-d678-be98-13268343b674@redhat.com>
On Mon, May 11, 2020 at 11:05:58AM +0800, Jason Wang wrote:
>
> On 2020/4/30 下午9:36, Dima Stepanov wrote:
> >Since disconnect can happen at any time during initialization not all
> >vring buffers (for instance used vring) can be intialized successfully.
> >If the buffer was not initialized then vhost_memory_unmap call will lead
> >to SIGSEGV. Add checks for the vring address value before calling unmap.
> >Also add assert() in the vhost_memory_unmap() routine.
> >
> >Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
> >---
> > hw/virtio/vhost.c | 27 +++++++++++++++++++++------
> > 1 file changed, 21 insertions(+), 6 deletions(-)
> >
> >diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> >index ddbdc53..3ee50c4 100644
> >--- a/hw/virtio/vhost.c
> >+++ b/hw/virtio/vhost.c
> >@@ -314,6 +314,8 @@ static void vhost_memory_unmap(struct vhost_dev *dev, void *buffer,
> > hwaddr len, int is_write,
> > hwaddr access_len)
> > {
> >+ assert(buffer);
> >+
> > if (!vhost_dev_has_iommu(dev)) {
> > cpu_physical_memory_unmap(buffer, len, is_write, access_len);
> > }
> >@@ -1132,12 +1134,25 @@ static void vhost_virtqueue_stop(struct vhost_dev *dev,
> > vhost_vq_index);
> > }
> >- vhost_memory_unmap(dev, vq->used, virtio_queue_get_used_size(vdev, idx),
> >- 1, virtio_queue_get_used_size(vdev, idx));
> >- vhost_memory_unmap(dev, vq->avail, virtio_queue_get_avail_size(vdev, idx),
> >- 0, virtio_queue_get_avail_size(vdev, idx));
> >- vhost_memory_unmap(dev, vq->desc, virtio_queue_get_desc_size(vdev, idx),
> >- 0, virtio_queue_get_desc_size(vdev, idx));
> >+ /*
> >+ * Since the vhost-user disconnect can happen during initialization
> >+ * check if vring was initialized, before making unmap.
> >+ */
> >+ if (vq->used) {
> >+ vhost_memory_unmap(dev, vq->used,
> >+ virtio_queue_get_used_size(vdev, idx),
> >+ 1, virtio_queue_get_used_size(vdev, idx));
> >+ }
> >+ if (vq->avail) {
> >+ vhost_memory_unmap(dev, vq->avail,
> >+ virtio_queue_get_avail_size(vdev, idx),
> >+ 0, virtio_queue_get_avail_size(vdev, idx));
> >+ }
> >+ if (vq->desc) {
> >+ vhost_memory_unmap(dev, vq->desc,
> >+ virtio_queue_get_desc_size(vdev, idx),
> >+ 0, virtio_queue_get_desc_size(vdev, idx));
> >+ }
>
>
> Any reason not checking hdev->started instead? vhost_dev_start() will set it
> to true if virtqueues were correctly mapped.
>
> Thanks
Well i see it a little bit different:
- vhost_dev_start() sets hdev->started to true before starting
virtqueues
- vhost_virtqueue_start() maps all the memory
If we hit the vhost disconnect at the start of the
vhost_virtqueue_start(), for instance for this call:
r = dev->vhost_ops->vhost_set_vring_base(dev, &state);
Then we will call vhost_user_blk_disconnect:
vhost_user_blk_disconnect()->
vhost_user_blk_stop()->
vhost_dev_stop()->
vhost_virtqueue_stop()
As a result we will come in this routine with the hdev->started still
set to true, but if used/avail/desc fields still uninitialized and set
to 0.
>
>
> > }
> > static void vhost_eventfd_add(MemoryListener *listener,
>
next prev parent reply other threads:[~2020-05-11 9:12 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 13:36 [PATCH v2 0/5] vhost-user reconnect issues during vhost initialization Dima Stepanov
2020-04-30 13:36 ` [PATCH v2 1/5] char-socket: return -1 in case of disconnect during tcp_chr_write Dima Stepanov
2020-05-06 8:54 ` Li Feng
2020-05-06 9:46 ` Marc-André Lureau
2020-04-30 13:36 ` [PATCH v2 2/5] vhost: introduce wrappers to set guest notifiers for virtio device Dima Stepanov
2020-05-04 0:36 ` Raphael Norwitz
2020-05-06 8:54 ` Dima Stepanov
2020-05-11 3:03 ` Jason Wang
2020-05-11 8:55 ` Dima Stepanov
2020-04-30 13:36 ` [PATCH v2 3/5] vhost-user-blk: add mechanism to track the guest notifiers init state Dima Stepanov
2020-05-04 1:06 ` Raphael Norwitz
2020-05-06 8:51 ` Dima Stepanov
2020-04-30 13:36 ` [PATCH v2 4/5] vhost: check vring address before calling unmap Dima Stepanov
2020-05-04 1:13 ` Raphael Norwitz
2020-05-11 3:05 ` Jason Wang
2020-05-11 9:11 ` Dima Stepanov [this message]
2020-05-12 3:26 ` Jason Wang
2020-05-12 9:08 ` Dima Stepanov
2020-05-13 3:00 ` Jason Wang
2020-05-13 9:36 ` Dima Stepanov
2020-05-14 7:28 ` Jason Wang
2020-04-30 13:36 ` [PATCH v2 5/5] vhost: add device started check in migration set log Dima Stepanov
2020-05-06 22:08 ` Raphael Norwitz
2020-05-07 7:15 ` Michael S. Tsirkin
2020-05-07 15:35 ` Dima Stepanov
2020-05-11 0:03 ` Raphael Norwitz
2020-05-11 9:43 ` Dima Stepanov
2020-05-11 3:15 ` Jason Wang
2020-05-11 9:25 ` Dima Stepanov
2020-05-12 3:32 ` Jason Wang
2020-05-12 3:47 ` Li Feng
2020-05-12 9:23 ` Dima Stepanov
2020-05-12 9:35 ` Dima Stepanov
2020-05-13 3:20 ` Jason Wang
2020-05-13 9:39 ` Dima Stepanov
2020-05-13 4:15 ` Michael S. Tsirkin
2020-05-13 5:56 ` Jason Wang
2020-05-13 9:47 ` Dima Stepanov
2020-05-14 7:34 ` Jason Wang
2020-05-15 16:54 ` Dima Stepanov
2020-05-16 3:20 ` Li Feng
2020-05-18 2:52 ` Jason Wang
2020-05-18 9:33 ` Dima Stepanov
2020-05-18 9:27 ` Dima Stepanov
2020-05-18 2:50 ` Jason Wang
2020-05-18 9:41 ` Dima Stepanov
2020-05-18 9:53 ` Dr. David Alan Gilbert
2020-05-19 9:07 ` Dima Stepanov
2020-05-19 10:24 ` Dr. David Alan Gilbert
2020-05-19 9:59 ` Michael S. Tsirkin
2020-05-19 9:13 ` Dima Stepanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200511091117.GB27319@dimastep-nix \
--to=dimastep@yandex-team.ru \
--cc=arei.gonglei@huawei.com \
--cc=dgilbert@redhat.com \
--cc=fam@euphon.net \
--cc=fengli@smartx.com \
--cc=jasowang@redhat.com \
--cc=kwolf@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=raphael.norwitz@nutanix.com \
--cc=stefanha@redhat.com \
--cc=yc-core@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.