* [PATCH 0/2] fixes to the hypervisor ubd thread
@ 2020-03-17 0:45 Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 1/2] um: ubd: Prevent buffer overrun on command completion Gabriel Krisman Bertazi
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Gabriel Krisman Bertazi @ 2020-03-17 0:45 UTC (permalink / raw)
To: jdike
Cc: richard, anton.ivanov, linux-um, linux-kernel,
Gabriel Krisman Bertazi, kernel
Hi,
While debugging a somewhat related issue, I ran into two issues I
believe can cause the hypervisor to write garbage to the pipe.
This was find by visual inspection and is only slightly tested. It
seems to partially some the problems my test case shows.
Please, let me know what you think
Gabriel Krisman Bertazi (2):
um: ubd: Prevent buffer overrun on command completion
um: ubd: Retry buffer read on any kind of error
arch/um/drivers/ubd_kern.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--
2.25.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] um: ubd: Prevent buffer overrun on command completion
2020-03-17 0:45 [PATCH 0/2] fixes to the hypervisor ubd thread Gabriel Krisman Bertazi
@ 2020-03-17 0:45 ` Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 2/2] um: ubd: Retry buffer read on any kind of error Gabriel Krisman Bertazi
2020-03-29 21:40 ` [PATCH 0/2] fixes to the hypervisor ubd thread Richard Weinberger
2 siblings, 0 replies; 4+ messages in thread
From: Gabriel Krisman Bertazi @ 2020-03-17 0:45 UTC (permalink / raw)
To: jdike
Cc: richard, anton.ivanov, linux-um, linux-kernel,
Gabriel Krisman Bertazi, kernel, Martyn Welch
On the hypervisor side, when completing commands and the pipe is full,
we retry writing only the entries that failed, by offsetting
io_req_buffer, but we don't reduce the number of bytes written, which
can cause a buffer overrun of io_req_buffer, and write garbage to the
pipe.
Cc: Martyn Welch <martyn.welch@collabora.com>
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
---
arch/um/drivers/ubd_kern.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
index 6627d7c30f37..0f5d0a699a49 100644
--- a/arch/um/drivers/ubd_kern.c
+++ b/arch/um/drivers/ubd_kern.c
@@ -1606,7 +1606,9 @@ int io_thread(void *arg)
written = 0;
do {
- res = os_write_file(kernel_fd, ((char *) io_req_buffer) + written, n);
+ res = os_write_file(kernel_fd,
+ ((char *) io_req_buffer) + written,
+ n - written);
if (res >= 0) {
written += res;
}
--
2.25.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] um: ubd: Retry buffer read on any kind of error
2020-03-17 0:45 [PATCH 0/2] fixes to the hypervisor ubd thread Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 1/2] um: ubd: Prevent buffer overrun on command completion Gabriel Krisman Bertazi
@ 2020-03-17 0:45 ` Gabriel Krisman Bertazi
2020-03-29 21:40 ` [PATCH 0/2] fixes to the hypervisor ubd thread Richard Weinberger
2 siblings, 0 replies; 4+ messages in thread
From: Gabriel Krisman Bertazi @ 2020-03-17 0:45 UTC (permalink / raw)
To: jdike
Cc: richard, anton.ivanov, linux-um, linux-kernel,
Gabriel Krisman Bertazi, kernel, Martyn Welch
Should bulk_req_safe_read return an error, we want to retry the read,
otherwise, even though no IO will be done, os_write_file might still end
up writing garbage to the pipe.
Cc: Martyn Welch <martyn.welch@collabora.com>
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
---
arch/um/drivers/ubd_kern.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
index 0f5d0a699a49..d259f0728003 100644
--- a/arch/um/drivers/ubd_kern.c
+++ b/arch/um/drivers/ubd_kern.c
@@ -1591,11 +1591,11 @@ int io_thread(void *arg)
&io_remainder_size,
UBD_REQ_BUFFER_SIZE
);
- if (n < 0) {
- if (n == -EAGAIN) {
+ if (n <= 0) {
+ if (n == -EAGAIN)
ubd_read_poll(-1);
- continue;
- }
+
+ continue;
}
for (count = 0; count < n/sizeof(struct io_thread_req *); count++) {
--
2.25.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] fixes to the hypervisor ubd thread
2020-03-17 0:45 [PATCH 0/2] fixes to the hypervisor ubd thread Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 1/2] um: ubd: Prevent buffer overrun on command completion Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 2/2] um: ubd: Retry buffer read on any kind of error Gabriel Krisman Bertazi
@ 2020-03-29 21:40 ` Richard Weinberger
2 siblings, 0 replies; 4+ messages in thread
From: Richard Weinberger @ 2020-03-29 21:40 UTC (permalink / raw)
To: Gabriel Krisman Bertazi
Cc: Jeff Dike, Richard Weinberger, linux-um, LKML, kernel, Anton Ivanov
On Tue, Mar 17, 2020 at 1:45 AM Gabriel Krisman Bertazi
<krisman@collabora.com> wrote:
>
> Hi,
>
> While debugging a somewhat related issue, I ran into two issues I
> believe can cause the hypervisor to write garbage to the pipe.
>
> This was find by visual inspection and is only slightly tested. It
> seems to partially some the problems my test case shows.
>
> Please, let me know what you think
Both patches make sense. Thanks for fixing, applied.
--
Thanks,
//richard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-29 21:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-17 0:45 [PATCH 0/2] fixes to the hypervisor ubd thread Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 1/2] um: ubd: Prevent buffer overrun on command completion Gabriel Krisman Bertazi
2020-03-17 0:45 ` [PATCH 2/2] um: ubd: Retry buffer read on any kind of error Gabriel Krisman Bertazi
2020-03-29 21:40 ` [PATCH 0/2] fixes to the hypervisor ubd thread Richard Weinberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).