All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed
@ 2016-05-23  6:50 Gonglei
  2016-06-01 16:42 ` Marc-André Lureau
  0 siblings, 1 reply; 2+ messages in thread
From: Gonglei @ 2016-05-23  6:50 UTC (permalink / raw)
  To: qemu-devel; +Cc: mst, wangyunjian, Gonglei

At present all corresponding functions which calling vhost_user_read()
don't return failure when vhost_user_read() executed failed. That's
dangerous, because VhostUserMsg will be a random value, and cause the
virtual machine panic finally.

A example:

In Qemu side report:
qemu-kvm: -netdev type=vhost-user,id=hostnet0,chardev=charnet0: \
Failed to read msg header. Read -1 instead of 12.

Then, the guest panic with the below serial message:

[   13.853740] ------------[ cut here ]------------
[   13.855709] kernel BUG at virtio_net.c:893!
[   13.857006] invalid opcode: 0000 [#1] SMP
[   13.857006] last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/virtio0/device
[   13.857006] CPU 2
[   13.857006] Supported: Yes
[   13.857006] Pid: 2474, comm: ip Tainted: G          N  2.6.32.12-0.7-default #1 Standard PC (i440FX + PIIX, 1996)
[   13.857006] RIP: 0010:[<ffffffffa001369a>]  [<ffffffffa001369a>] virtnet_send_command+0x12a/0x140 [virtio_net]
[   13.857006] RSP: 0018:ffff880137241758  EFLAGS: 00010246
[   13.857006] RAX: 0000000000000011 RBX: ffff880138f88400 RCX: ffffffffa00160d8
[   13.857006] RDX: 000000000000000e RSI: 0000000000000011 RDI: 0000000000000015
[   13.857006] RBP: ffff88013b724780 R08: 0000000000000000 R09: ffff880137241818
[   13.857006] R10: 0000000000000001 R11: ffffffffa00137f0 R12: 0000000000000000
[   13.857006] R13: 0000000000000000 R14: ffff880137241818 R15: 0000000000000000
[   13.857006] FS:  00007f19cee00700(0000) GS:ffff880005900000(0000) knlGS:0000000000000000
[   13.857006] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   13.857006] CR2: 00007f19ce562bd0 CR3: 00000001375cc000 CR4: 00000000000406e0
[   13.857006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   13.917524] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   13.917524] Process ip (pid: 2474, threadinfo ffff880137240000, task ffff880137b021c0)

Reported-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 hw/virtio/vhost-user.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 5082e04..8118910 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -220,7 +220,7 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, uint64_t base,
     if (shmfd) {
         msg.size = 0;
         if (vhost_user_read(dev, &msg) < 0) {
-            return 0;
+            return -1;
         }
 
         if (msg.request != VHOST_USER_SET_LOG_BASE) {
@@ -365,7 +365,7 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
     vhost_user_write(dev, &msg, NULL, 0);
 
     if (vhost_user_read(dev, &msg) < 0) {
-        return 0;
+        return -1;
     }
 
     if (msg.request != VHOST_USER_GET_VRING_BASE) {
@@ -460,7 +460,7 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int request, uint64_t *u64)
     vhost_user_write(dev, &msg, NULL, 0);
 
     if (vhost_user_read(dev, &msg) < 0) {
-        return 0;
+        return -1;
     }
 
     if (msg.request != request) {
-- 
1.7.12.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed
  2016-05-23  6:50 [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed Gonglei
@ 2016-06-01 16:42 ` Marc-André Lureau
  0 siblings, 0 replies; 2+ messages in thread
From: Marc-André Lureau @ 2016-06-01 16:42 UTC (permalink / raw)
  To: Gonglei; +Cc: QEMU, wangyunjian, Michael S. Tsirkin

Hi

On Mon, May 23, 2016 at 8:50 AM, Gonglei <arei.gonglei@huawei.com> wrote:
> At present all corresponding functions which calling vhost_user_read()
> don't return failure when vhost_user_read() executed failed. That's
> dangerous, because VhostUserMsg will be a random value, and cause the
> virtual machine panic finally.
>
> A example:
>
> In Qemu side report:
> qemu-kvm: -netdev type=vhost-user,id=hostnet0,chardev=charnet0: \
> Failed to read msg header. Read -1 instead of 12.
>
> Then, the guest panic with the below serial message:
>
> [   13.853740] ------------[ cut here ]------------
> [   13.855709] kernel BUG at virtio_net.c:893!
> [   13.857006] invalid opcode: 0000 [#1] SMP
> [   13.857006] last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/virtio0/device
> [   13.857006] CPU 2
> [   13.857006] Supported: Yes
> [   13.857006] Pid: 2474, comm: ip Tainted: G          N  2.6.32.12-0.7-default #1 Standard PC (i440FX + PIIX, 1996)
> [   13.857006] RIP: 0010:[<ffffffffa001369a>]  [<ffffffffa001369a>] virtnet_send_command+0x12a/0x140 [virtio_net]
> [   13.857006] RSP: 0018:ffff880137241758  EFLAGS: 00010246
> [   13.857006] RAX: 0000000000000011 RBX: ffff880138f88400 RCX: ffffffffa00160d8
> [   13.857006] RDX: 000000000000000e RSI: 0000000000000011 RDI: 0000000000000015
> [   13.857006] RBP: ffff88013b724780 R08: 0000000000000000 R09: ffff880137241818
> [   13.857006] R10: 0000000000000001 R11: ffffffffa00137f0 R12: 0000000000000000
> [   13.857006] R13: 0000000000000000 R14: ffff880137241818 R15: 0000000000000000
> [   13.857006] FS:  00007f19cee00700(0000) GS:ffff880005900000(0000) knlGS:0000000000000000
> [   13.857006] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   13.857006] CR2: 00007f19ce562bd0 CR3: 00000001375cc000 CR4: 00000000000406e0
> [   13.857006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   13.917524] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [   13.917524] Process ip (pid: 2474, threadinfo ffff880137240000, task ffff880137b021c0)
>
> Reported-by: Yunjian Wang <wangyunjian@huawei.com>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>

fwiw, I have the same patch in my queue for the "reconnect" series:
https://github.com/elmarco/qemu/commit/8b9148d356a2837fceebd04b74fee7a8709bfa59

> ---
>  hw/virtio/vhost-user.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 5082e04..8118910 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -220,7 +220,7 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, uint64_t base,
>      if (shmfd) {
>          msg.size = 0;
>          if (vhost_user_read(dev, &msg) < 0) {
> -            return 0;
> +            return -1;
>          }
>
>          if (msg.request != VHOST_USER_SET_LOG_BASE) {
> @@ -365,7 +365,7 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
>      vhost_user_write(dev, &msg, NULL, 0);
>
>      if (vhost_user_read(dev, &msg) < 0) {
> -        return 0;
> +        return -1;
>      }
>
>      if (msg.request != VHOST_USER_GET_VRING_BASE) {
> @@ -460,7 +460,7 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int request, uint64_t *u64)
>      vhost_user_write(dev, &msg, NULL, 0);
>
>      if (vhost_user_read(dev, &msg) < 0) {
> -        return 0;
> +        return -1;
>      }
>
>      if (msg.request != request) {
> --
> 1.7.12.4
>
>
>



-- 
Marc-André Lureau

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-01 16:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-23  6:50 [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed Gonglei
2016-06-01 16:42 ` Marc-André Lureau

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.