All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Jürgen Groß" <jgross@suse.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Stefano Stabellini" <sstabellini@kernel.org>,
	"Julien Grall" <julien@xen.org>, "Wei Liu" <wl@xen.org>,
	"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
	"Andrew Cooper" <andrew.cooper3@citrix.com>,
	"Ian Jackson" <ian.jackson@eu.citrix.com>,
	"George Dunlap" <george.dunlap@citrix.com>,
	xen-devel@lists.xenproject.org,
	"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
	"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [Xen-devel] [PATCH v6 04/12] xen: add basic hypervisor filesystem support
Date: Fri, 6 Mar 2020 07:06:28 +0100	[thread overview]
Message-ID: <c799989e-fc68-15f9-4d1f-3e1d8d452fcc@suse.com> (raw)
In-Reply-To: <db0355a2-c00e-b84e-64d7-55a6dc7d0859@suse.com>

On 04.03.20 16:21, Jan Beulich wrote:
> On 04.03.2020 16:14, Jürgen Groß wrote:
>> On 04.03.20 16:07, Jan Beulich wrote:
>>> On 04.03.2020 15:39, Jürgen Groß wrote:
>>>> On 04.03.20 14:03, Jan Beulich wrote:
>>>>> On 04.03.2020 13:00, Jürgen Groß wrote:
>>>>>> On 03.03.20 17:59, Jan Beulich wrote:
>>>>>>> On 26.02.2020 13:46, Juergen Gross wrote:
>>>>>>>> --- /dev/null
>>>>>>>> +++ b/xen/common/hypfs.c
>>>>>>>> @@ -0,0 +1,349 @@
>>>>>>>> +/******************************************************************************
>>>>>>>> + *
>>>>>>>> + * hypfs.c
>>>>>>>> + *
>>>>>>>> + * Simple sysfs-like file system for the hypervisor.
>>>>>>>> + */
>>>>>>>> +
>>>>>>>> +#include <xen/err.h>
>>>>>>>> +#include <xen/guest_access.h>
>>>>>>>> +#include <xen/hypercall.h>
>>>>>>>> +#include <xen/hypfs.h>
>>>>>>>> +#include <xen/lib.h>
>>>>>>>> +#include <xen/rwlock.h>
>>>>>>>> +#include <public/hypfs.h>
>>>>>>>> +
>>>>>>>> +#ifdef CONFIG_COMPAT
>>>>>>>> +#include <compat/hypfs.h>
>>>>>>>> +CHECK_hypfs_direntry;
>>>>>>>> +#undef CHECK_hypfs_direntry
>>>>>>>> +#define CHECK_hypfs_direntry struct xen_hypfs_direntry
>>>>>>>
>>>>>>> I'm struggling to see why you need this #undef and #define.
>>>>>>
>>>>>> Without those I get:
>>>>>>
>>>>>> In file included from /home/gross/xen/unstable/xen/include/compat/xen.h:3:0,
>>>>>>                      from /home/gross/xen/unstable/xen/include/xen/shared.h:6,
>>>>>>                      from /home/gross/xen/unstable/xen/include/xen/sched.h:8,
>>>>>>                      from /home/gross/xen/unstable/xen/include/asm/paging.h:29,
>>>>>>                      from
>>>>>> /home/gross/xen/unstable/xen/include/asm/guest_access.h:1,
>>>>>>                      from
>>>>>> /home/gross/xen/unstable/xen/include/xen/guest_access.h:1,
>>>>>>                      from hypfs.c:9:
>>>>>> /home/gross/xen/unstable/xen/include/xen/compat.h:134:32: error:
>>>>>> redefinition of ‘__checkFstruct_hypfs_direntry__flags’
>>>>>>      #define CHECK_NAME_(k, n, tag) __check ## tag ## k ## _ ## n
>>>>>>                                     ^
>>>>>> /home/gross/xen/unstable/xen/include/xen/compat.h:166:34: note: in
>>>>>> definition of macro ‘CHECK_FIELD_COMMON_’
>>>>>>      static inline int __maybe_unused name(k xen_ ## n *x, k compat_ ## n *c) \
>>>>>>                                       ^~~~
>>>>>> /home/gross/xen/unstable/xen/include/xen/compat.h:176:28: note: in
>>>>>> expansion of macro ‘CHECK_NAME_’
>>>>>>          CHECK_FIELD_COMMON_(k, CHECK_NAME_(k, n ## __ ## f, F), n, f)
>>>>>>                                 ^~~~~~~~~~~
>>>>>> /home/gross/xen/unstable/xen/include/compat/xlat.h:775:5: note: in
>>>>>> expansion of macro ‘CHECK_FIELD_’
>>>>>>          CHECK_FIELD_(struct, hypfs_direntry, flags); \
>>>>>>          ^~~~~~~~~~~~
>>>>>> /home/gross/xen/unstable/xen/include/compat/xlat.h:782:5: note: in
>>>>>> expansion of macro ‘CHECK_hypfs_direntry’
>>>>>>          CHECK_hypfs_direntry; \
>>>>>>          ^~~~~~~~~~~~~~~~~~~~
>>>>>> hypfs.c:19:1: note: in expansion of macro ‘CHECK_hypfs_dirlistentry’
>>>>>>      CHECK_hypfs_dirlistentry;
>>>>>>      ^~~~~~~~~~~~~~~~~~~~~~~~
>>>>>> /home/gross/xen/unstable/xen/include/xen/compat.h:134:32: note: previous
>>>>>> definition of ‘__checkFstruct_hypfs_direntry__flags’ was here
>>>>>>      #define CHECK_NAME_(k, n, tag) __check ## tag ## k ## _ ## n
>>>>>>                                     ^
>>>>>> /home/gross/xen/unstable/xen/include/xen/compat.h:166:34: note: in
>>>>>> definition of macro ‘CHECK_FIELD_COMMON_’
>>>>>>      static inline int __maybe_unused name(k xen_ ## n *x, k compat_ ## n *c) \
>>>>>>                                       ^~~~
>>>>>> /home/gross/xen/unstable/xen/include/xen/compat.h:176:28: note: in
>>>>>> expansion of macro ‘CHECK_NAME_’
>>>>>>          CHECK_FIELD_COMMON_(k, CHECK_NAME_(k, n ## __ ## f, F), n, f)
>>>>>>                                 ^~~~~~~~~~~
>>>>>> /home/gross/xen/unstable/xen/include/compat/xlat.h:775:5: note: in
>>>>>> expansion of macro ‘CHECK_FIELD_’
>>>>>>          CHECK_FIELD_(struct, hypfs_direntry, flags); \
>>>>>>          ^~~~~~~~~~~~
>>>>>> hypfs.c:18:1: note: in expansion of macro ‘CHECK_hypfs_direntry’
>>>>>>      CHECK_hypfs_direntry;
>>>>>
>>>>> Which suggests to me that the explicit CHECK_hypfs_direntry invocation
>>>>> is unneeded, as it's getting verified as part of the invocation of
>>>>> CHECK_hypfs_dirlistentry.
>>>>
>>>> Ah, right. This is working. Will change.
>>>>
>>>>>
>>>>>>>> +int hypfs_write_leaf(struct hypfs_entry_leaf *leaf,
>>>>>>>> +                     XEN_GUEST_HANDLE_PARAM(void) uaddr, unsigned long ulen)
>>>>>>>> +{
>>>>>>>> +    char *buf;
>>>>>>>> +    int ret;
>>>>>>>> +
>>>>>>>> +    if ( ulen > leaf->e.size )
>>>>>>>> +        return -ENOSPC;
>>>>>>>> +
>>>>>>>> +    if ( leaf->e.type != XEN_HYPFS_TYPE_STRING &&
>>>>>>>> +         leaf->e.type != XEN_HYPFS_TYPE_BLOB && ulen != leaf->e.size )
>>>>>>>> +        return -EDOM;
>>>>>>>
>>>>>>> Why the exception of string and blob? My concern about the
>>>>>>> meaning of a partially written entry (without its size having
>>>>>>> changed) remains.
>>>>>>
>>>>>> It is perfectly valid to write a shorter string into a character
>>>>>> array. I could drop the blob here, but in the end I think allowing
>>>>>> for a blob to change the size should be fine.
>>>>>
>>>>> But shouldn't this then also adjust the recorded size?
>>>>
>>>> No, this is the max size of the buffer (you can have a look at patch 9
>>>> where the size is set to the provided space for custom and string
>>>> parameters).
>>>
>>> If I'm not mistaken it is hypfs_read_leaf() which processes read
>>> requests for strings. Yet that copies entry->size bytes, not the
>>> potentially smaller strlen()-bounded payload. Things would be
>>
>> There is no risk of leaking problematic data here.
> 
> I didn't think of leaks, but rather of consumers looking at the
> size and strlen() and getting confused about the mismatch.

I think telling the maximum possible write length is mandatory.

So either I can add a comment to the header saying that for strings
and blobs the length is the maximum value and the content is to be
self-descriptive regarding its true length (which is the case for
strings due to the terminating 0 byte), or I need two size fields:
one for the actual size and one for the maximum allowed size for
writes (this could then replace the writable flag with "0" for "not
writable").


Juergen


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  reply	other threads:[~2020-03-06  6:07 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-26 12:46 [Xen-devel] [PATCH v6 00/12] Add hypervisor sysfs-like support Juergen Gross
2020-02-26 12:46 ` [Xen-devel] [PATCH v6 01/12] xen: allow only sizeof(bool) variables for boolean_param() Juergen Gross
2020-03-03 16:40   ` Jan Beulich
2020-03-09 11:43   ` Julien Grall
2020-03-09 11:55     ` Jan Beulich
2020-03-09 13:01       ` Jürgen Groß
2020-03-09 13:06         ` Jan Beulich
2020-03-09 14:06           ` Jürgen Groß
2020-02-26 12:46 ` [Xen-devel] [PATCH v6 02/12] xen: add a generic way to include binary files as variables Juergen Gross
2020-02-26 12:46 ` [Xen-devel] [PATCH v6 03/12] docs: add feature document for Xen hypervisor sysfs-like support Juergen Gross
2020-03-09 11:48   ` Julien Grall
2020-03-25 14:05     ` Jürgen Groß
2020-02-26 12:46 ` [Xen-devel] [PATCH v6 04/12] xen: add basic hypervisor filesystem support Juergen Gross
2020-03-03 16:59   ` Jan Beulich
2020-03-04 12:00     ` Jürgen Groß
2020-03-04 13:03       ` Jan Beulich
2020-03-04 14:39         ` Jürgen Groß
2020-03-04 15:07           ` Jan Beulich
2020-03-04 15:14             ` Jürgen Groß
2020-03-04 15:21               ` Jan Beulich
2020-03-06  6:06                 ` Jürgen Groß [this message]
2020-03-06  8:19                   ` Jan Beulich
2020-02-26 12:46 ` [Xen-devel] [PATCH v6 05/12] libs: add libxenhypfs Juergen Gross
2020-02-26 12:46 ` [Xen-devel] [PATCH v6 06/12] tools: add xenfs tool Juergen Gross
2020-02-26 12:47 ` [Xen-devel] [PATCH v6 07/12] xen: provide version information in hypfs Juergen Gross
2020-02-26 12:47 ` [Xen-devel] [PATCH v6 08/12] xen: add /buildinfo/config entry to hypervisor filesystem Juergen Gross
2020-03-04 10:49   ` Jan Beulich
2020-03-04 12:06     ` Jürgen Groß
2020-03-04 13:04       ` Jan Beulich
2020-02-26 12:47 ` [Xen-devel] [PATCH v6 09/12] xen: add runtime parameter access support to hypfs Juergen Gross
2020-03-04 11:32   ` Jan Beulich
2020-03-04 15:07     ` Jürgen Groß
2020-03-04 15:19       ` Jan Beulich
2020-03-04 16:31         ` Jürgen Groß
2020-03-04 16:56           ` Jan Beulich
2020-03-05  6:01             ` Jürgen Groß
2020-03-05  8:26               ` Jan Beulich
2020-03-06  6:42                 ` Jürgen Groß
2020-03-06  8:20                   ` Jan Beulich
2020-03-06  8:47                     ` Jürgen Groß
2020-03-06  9:04                       ` Jan Beulich
2020-03-06  9:20                         ` Jürgen Groß
2020-03-06  9:22                           ` Jan Beulich
2020-03-06  9:27                             ` Jürgen Groß
2020-03-23 10:38   ` Julien Grall
2020-02-26 12:47 ` [Xen-devel] [PATCH v6 10/12] tools/libxl: use libxenhypfs for setting xen runtime parameters Juergen Gross
2020-02-26 12:47 ` [Xen-devel] [PATCH v6 11/12] tools/libxc: remove xc_set_parameters() Juergen Gross
2020-02-26 12:47 ` [Xen-devel] [PATCH v6 12/12] xen: remove XEN_SYSCTL_set_parameter support Juergen Gross
2020-03-04 11:45   ` Jan Beulich
2020-03-04 14:40     ` Jürgen Groß

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c799989e-fc68-15f9-4d1f-3e1d8d452fcc@suse.com \
    --to=jgross@suse.com \
    --cc=Volodymyr_Babchuk@epam.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=george.dunlap@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien@xen.org \
    --cc=konrad.wilk@oracle.com \
    --cc=roger.pau@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.