From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751788AbdJNIwx (ORCPT ); Sat, 14 Oct 2017 04:52:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:26910 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750970AbdJNIwt (ORCPT ); Sat, 14 Oct 2017 04:52:49 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B6A9981DE3 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=eric.auger@redhat.com Subject: Re: [PATCH v2 03/10] KVM: arm/arm64: vgic-its: Improve error reporting on device table save To: Christoffer Dall References: <1506518920-18571-1-git-send-email-eric.auger@redhat.com> <1506518920-18571-4-git-send-email-eric.auger@redhat.com> <20171013131618.GH8927@cbox> <0a5b2332-a88f-060f-6c0c-8c8d64f6a1f9@redhat.com> <20171013175653.GD17578@cbox> Cc: eric.auger.pro@gmail.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, marc.zyngier@arm.com, peter.maydell@linaro.org, andre.przywara@arm.com, wanghaibin.wang@huawei.com, wu.wubin@huawei.com From: Auger Eric Message-ID: <29e61353-ac2d-b163-2a49-4215a1e596e0@redhat.com> Date: Sat, 14 Oct 2017 10:52:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20171013175653.GD17578@cbox> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Sat, 14 Oct 2017 08:52:48 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Christoffer, On 13/10/2017 19:56, Christoffer Dall wrote: > On Fri, Oct 13, 2017 at 04:22:25PM +0200, Auger Eric wrote: >> Hi, >> >> On 13/10/2017 15:16, Christoffer Dall wrote: >>> On Wed, Sep 27, 2017 at 03:28:33PM +0200, Eric Auger wrote: >>>> At the moment the device table save() returns -EINVAL if >>>> vgic_its_check_id() fails to return the gpa of the entry >>>> associated to the device/collection id. Let vgic_its_check_id() >>>> return an int instead of a bool and return a more precised >>>> error value: >>>> - EINVAL in case the id is out of range >>>> - EFAULT if the gpa is not provisionned or is not valid >>>> >>> >>> This is just to ease debugging, yes? >> >> I understood user-space should be able to discriminate between bad guest >> programming and values corrupted by the userspace (regs for instance). >> In first case QEMU should not abort. In latter case it should abort. > > So what is userspace supposed to do in the first case? I was referring to https://www.spinics.net/lists/kvm/msg148791.html. QEMU is supposed to write a message in that case but not cause an abort(). This is what is actually implemented on QEMU side. In case the ioctl returns -EFAULT, we don't abort but simply warn. However at the moment we return -EINVAL in some circumstances where - I think - we should return -EFAULT. Hence this patch attempting to be more precise on the cause of the failure instead of abruptly returning -EINVAL here. Thanks Eric > >> >> In vgic_its_check_id we are checking the L1 entry validity bit and in >> case it is invalid we can't compute the GPA of the entry. I was thinking >> we should return -EFAULT in that case. But maybe returning EFAULT in >> case the BASER address is not reachable also is wrong because that >> may be caused by the userspace writing a wrong value. Sigh ... >> > > I think if either userspace or the guest programmed something that > cannot be traversed, then you just don't save/restore the ITS properly, > because it's broken anyway, so I don't think we need to replicate the > *same broken state* at the destination. > > Maybe I'm missing part of the picture here. > > Thanks, > -Christoffer >