* [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed
@ 2016-05-23 6:50 Gonglei
2016-06-01 16:42 ` Marc-André Lureau
0 siblings, 1 reply; 2+ messages in thread
From: Gonglei @ 2016-05-23 6:50 UTC (permalink / raw)
To: qemu-devel; +Cc: mst, wangyunjian, Gonglei
At present all corresponding functions which calling vhost_user_read()
don't return failure when vhost_user_read() executed failed. That's
dangerous, because VhostUserMsg will be a random value, and cause the
virtual machine panic finally.
A example:
In Qemu side report:
qemu-kvm: -netdev type=vhost-user,id=hostnet0,chardev=charnet0: \
Failed to read msg header. Read -1 instead of 12.
Then, the guest panic with the below serial message:
[ 13.853740] ------------[ cut here ]------------
[ 13.855709] kernel BUG at virtio_net.c:893!
[ 13.857006] invalid opcode: 0000 [#1] SMP
[ 13.857006] last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/virtio0/device
[ 13.857006] CPU 2
[ 13.857006] Supported: Yes
[ 13.857006] Pid: 2474, comm: ip Tainted: G N 2.6.32.12-0.7-default #1 Standard PC (i440FX + PIIX, 1996)
[ 13.857006] RIP: 0010:[<ffffffffa001369a>] [<ffffffffa001369a>] virtnet_send_command+0x12a/0x140 [virtio_net]
[ 13.857006] RSP: 0018:ffff880137241758 EFLAGS: 00010246
[ 13.857006] RAX: 0000000000000011 RBX: ffff880138f88400 RCX: ffffffffa00160d8
[ 13.857006] RDX: 000000000000000e RSI: 0000000000000011 RDI: 0000000000000015
[ 13.857006] RBP: ffff88013b724780 R08: 0000000000000000 R09: ffff880137241818
[ 13.857006] R10: 0000000000000001 R11: ffffffffa00137f0 R12: 0000000000000000
[ 13.857006] R13: 0000000000000000 R14: ffff880137241818 R15: 0000000000000000
[ 13.857006] FS: 00007f19cee00700(0000) GS:ffff880005900000(0000) knlGS:0000000000000000
[ 13.857006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 13.857006] CR2: 00007f19ce562bd0 CR3: 00000001375cc000 CR4: 00000000000406e0
[ 13.857006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 13.917524] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 13.917524] Process ip (pid: 2474, threadinfo ffff880137240000, task ffff880137b021c0)
Reported-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
hw/virtio/vhost-user.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 5082e04..8118910 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -220,7 +220,7 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, uint64_t base,
if (shmfd) {
msg.size = 0;
if (vhost_user_read(dev, &msg) < 0) {
- return 0;
+ return -1;
}
if (msg.request != VHOST_USER_SET_LOG_BASE) {
@@ -365,7 +365,7 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
vhost_user_write(dev, &msg, NULL, 0);
if (vhost_user_read(dev, &msg) < 0) {
- return 0;
+ return -1;
}
if (msg.request != VHOST_USER_GET_VRING_BASE) {
@@ -460,7 +460,7 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int request, uint64_t *u64)
vhost_user_write(dev, &msg, NULL, 0);
if (vhost_user_read(dev, &msg) < 0) {
- return 0;
+ return -1;
}
if (msg.request != request) {
--
1.7.12.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed
2016-05-23 6:50 [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed Gonglei
@ 2016-06-01 16:42 ` Marc-André Lureau
0 siblings, 0 replies; 2+ messages in thread
From: Marc-André Lureau @ 2016-06-01 16:42 UTC (permalink / raw)
To: Gonglei; +Cc: QEMU, wangyunjian, Michael S. Tsirkin
Hi
On Mon, May 23, 2016 at 8:50 AM, Gonglei <arei.gonglei@huawei.com> wrote:
> At present all corresponding functions which calling vhost_user_read()
> don't return failure when vhost_user_read() executed failed. That's
> dangerous, because VhostUserMsg will be a random value, and cause the
> virtual machine panic finally.
>
> A example:
>
> In Qemu side report:
> qemu-kvm: -netdev type=vhost-user,id=hostnet0,chardev=charnet0: \
> Failed to read msg header. Read -1 instead of 12.
>
> Then, the guest panic with the below serial message:
>
> [ 13.853740] ------------[ cut here ]------------
> [ 13.855709] kernel BUG at virtio_net.c:893!
> [ 13.857006] invalid opcode: 0000 [#1] SMP
> [ 13.857006] last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/virtio0/device
> [ 13.857006] CPU 2
> [ 13.857006] Supported: Yes
> [ 13.857006] Pid: 2474, comm: ip Tainted: G N 2.6.32.12-0.7-default #1 Standard PC (i440FX + PIIX, 1996)
> [ 13.857006] RIP: 0010:[<ffffffffa001369a>] [<ffffffffa001369a>] virtnet_send_command+0x12a/0x140 [virtio_net]
> [ 13.857006] RSP: 0018:ffff880137241758 EFLAGS: 00010246
> [ 13.857006] RAX: 0000000000000011 RBX: ffff880138f88400 RCX: ffffffffa00160d8
> [ 13.857006] RDX: 000000000000000e RSI: 0000000000000011 RDI: 0000000000000015
> [ 13.857006] RBP: ffff88013b724780 R08: 0000000000000000 R09: ffff880137241818
> [ 13.857006] R10: 0000000000000001 R11: ffffffffa00137f0 R12: 0000000000000000
> [ 13.857006] R13: 0000000000000000 R14: ffff880137241818 R15: 0000000000000000
> [ 13.857006] FS: 00007f19cee00700(0000) GS:ffff880005900000(0000) knlGS:0000000000000000
> [ 13.857006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 13.857006] CR2: 00007f19ce562bd0 CR3: 00000001375cc000 CR4: 00000000000406e0
> [ 13.857006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 13.917524] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 13.917524] Process ip (pid: 2474, threadinfo ffff880137240000, task ffff880137b021c0)
>
> Reported-by: Yunjian Wang <wangyunjian@huawei.com>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
fwiw, I have the same patch in my queue for the "reconnect" series:
https://github.com/elmarco/qemu/commit/8b9148d356a2837fceebd04b74fee7a8709bfa59
> ---
> hw/virtio/vhost-user.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 5082e04..8118910 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -220,7 +220,7 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, uint64_t base,
> if (shmfd) {
> msg.size = 0;
> if (vhost_user_read(dev, &msg) < 0) {
> - return 0;
> + return -1;
> }
>
> if (msg.request != VHOST_USER_SET_LOG_BASE) {
> @@ -365,7 +365,7 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
> vhost_user_write(dev, &msg, NULL, 0);
>
> if (vhost_user_read(dev, &msg) < 0) {
> - return 0;
> + return -1;
> }
>
> if (msg.request != VHOST_USER_GET_VRING_BASE) {
> @@ -460,7 +460,7 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int request, uint64_t *u64)
> vhost_user_write(dev, &msg, NULL, 0);
>
> if (vhost_user_read(dev, &msg) < 0) {
> - return 0;
> + return -1;
> }
>
> if (msg.request != request) {
> --
> 1.7.12.4
>
>
>
--
Marc-André Lureau
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-01 16:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-23 6:50 [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed Gonglei
2016-06-01 16:42 ` Marc-André Lureau
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.