Re: [PATCH v3 09/13] vhost/vdpa: remove vhost_vdpa_config_validate()

[Jason Wang <jasowang@redhat.com>]

On 2021/2/5 下午10:17, Stefano Garzarella wrote:
> On Fri, Feb 05, 2021 at 08:32:37AM -0500, Michael S. Tsirkin wrote:
>> On Fri, Feb 05, 2021 at 10:16:51AM +0100, Stefano Garzarella wrote:
>>> On Fri, Feb 05, 2021 at 11:27:32AM +0800, Jason Wang wrote:
>>> >
>>> > On 2021/2/5 上午1:22, Stefano Garzarella wrote:
>>> > > get_config() and set_config() callbacks in the 'struct 
>>> vdpa_config_ops'
>>> > > usually already validated the inputs. Also now they can return 
>>> an error,
>>> > > so we don't need to validate them here anymore.
>>> > >
>>> > > Let's use the return value of these callbacks and return it in 
>>> case of
>>> > > error in vhost_vdpa_get_config() and vhost_vdpa_set_config().
>>> > >
>>> > > Originally-by: Xie Yongji <xieyongji@bytedance.com>
>>> > > Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
>>> > > ---
>>> > >  drivers/vhost/vdpa.c | 41 
>>> +++++++++++++----------------------------
>>> > >  1 file changed, 13 insertions(+), 28 deletions(-)
>>> > >
>>> > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c
>>> > > index ef688c8c0e0e..d61e779000a8 100644
>>> > > --- a/drivers/vhost/vdpa.c
>>> > > +++ b/drivers/vhost/vdpa.c
>>> > > @@ -185,51 +185,35 @@ static long vhost_vdpa_set_status(struct 
>>> vhost_vdpa *v, u8 __user *statusp)
>>> > >      return 0;
>>> > >  }
>>> > > -static int vhost_vdpa_config_validate(struct vhost_vdpa *v,
>>> > > -                      struct vhost_vdpa_config *c)
>>> > > -{
>>> > > -    long size = 0;
>>> > > -
>>> > > -    switch (v->virtio_id) {
>>> > > -    case VIRTIO_ID_NET:
>>> > > -        size = sizeof(struct virtio_net_config);
>>> > > -        break;
>>> > > -    }
>>> > > -
>>> > > -    if (c->len == 0)
>>> > > -        return -EINVAL;
>>> > > -
>>> > > -    if (c->len > size - c->off)
>>> > > -        return -E2BIG;
>>> > > -
>>> > > -    return 0;
>>> > > -}
>>> > > -
>>> > >  static long vhost_vdpa_get_config(struct vhost_vdpa *v,
>>> > >                    struct vhost_vdpa_config __user *c)
>>> > >  {
>>> > >      struct vdpa_device *vdpa = v->vdpa;
>>> > >      struct vhost_vdpa_config config;
>>> > >      unsigned long size = offsetof(struct vhost_vdpa_config, buf);
>>> > > +    long ret;
>>> > >      u8 *buf;
>>> > >      if (copy_from_user(&config, c, size))
>>> > >          return -EFAULT;
>>> > > -    if (vhost_vdpa_config_validate(v, &config))
>>> > > +    if (config.len == 0)
>>> > >          return -EINVAL;
>>> > >      buf = kvzalloc(config.len, GFP_KERNEL);
>>> >
>>> >
>>> > Then it means usersapce can allocate a very large memory.
>>>
>>> Good point.
>>>
>>> >
>>> > Rethink about this, we should limit the size here (e.g PAGE_SIZE) or
>>> > fetch the config size first (either through a config ops as you
>>> > suggested or a variable in the vdpa device that is initialized during
>>> > device creation).
>>>
>>> Maybe PAGE_SIZE is okay as a limit.
>>>
>>> If instead we want to fetch the config size, then better a config 
>>> ops in my
>>> opinion, to avoid adding a new parameter to __vdpa_alloc_device().
>>>
>>> I vote for PAGE_SIZE, but it isn't a strong opinion.
>>>
>>> What do you and @Michael suggest?
>>>
>>> Thanks,
>>> Stefano
>>
>> Devices know what the config size is. Just have them provide it.
>>
>
> Okay, I'll add get_config_size() callback in vdpa_config_ops and I'll 
> leave vhost_vdpa_config_validate() that will use that callback instead 
> of 'virtio_id' to get the config size from the device.
>
> At this point I think I can remove the "vdpa: add return value to 
> get_config/set_config callbacks" patch and leave void return to 
> get_config/set_config callbacks.
>
> Does this make sense?
>
> Thanks,
> Stefano


Yes I think so.

Thanks