diff mbox series

[RFC,v4,47/49] multi-process: Enable support for multiple devices in remote

Message ID c67656abcd0e41278710460d2920036254ecffb7.1571905346.git.jag.raman@oracle.com
State New
Headers show
Series Initial support of multi-process qemu | expand

Commit Message

Jag Raman Oct. 24, 2019, 9:09 a.m. UTC 
From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Add support to allow multiple devices to be configured in the
remote process

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
---
 New patch in v4

 hw/proxy/qemu-proxy.c         |  3 +++
 include/hw/proxy/qemu-proxy.h |  3 +++
 include/io/mpqemu-link.h      |  1 +
 qdev-monitor.c                |  2 ++
 remote/remote-main.c          | 34 ++++++++++++++++++++++++----------
 5 files changed, 33 insertions(+), 10 deletions(-)

Comments

Stefan Hajnoczi Nov. 11, 2019, 4:15 p.m. UTC | #1 
On Thu, Oct 24, 2019 at 05:09:28AM -0400, Jagannathan Raman wrote:
> @@ -93,7 +94,8 @@ static void process_config_write(MPQemuMsg *msg)
>      struct conf_data_msg *conf = (struct conf_data_msg *)msg->data2;
>  
>      qemu_mutex_lock_iothread();
> -    pci_default_write_config(remote_pci_dev, conf->addr, conf->val, conf->l);
> +    pci_default_write_config(remote_pci_devs[msg->id], conf->addr, conf->val,
> +                             conf->l);
>      qemu_mutex_unlock_iothread();
>  }
>  
> @@ -106,7 +108,8 @@ static void process_config_read(MPQemuMsg *msg)
>      wait = msg->fds[0];
>  
>      qemu_mutex_lock_iothread();
> -    val = pci_default_read_config(remote_pci_dev, conf->addr, conf->l);
> +    val = pci_default_read_config(remote_pci_devs[msg->id], conf->addr,
> +                                  conf->l);
>      qemu_mutex_unlock_iothread();
>  
>      notify_proxy(wait, val);

msg->id was read from a socket and hasn't been validated before indexing
into remote_pci_devs[].
Jag Raman Nov. 13, 2019, 4:21 p.m. UTC | #2 
On 11/11/2019 11:15 AM, Stefan Hajnoczi wrote:
> On Thu, Oct 24, 2019 at 05:09:28AM -0400, Jagannathan Raman wrote:
>> @@ -93,7 +94,8 @@ static void process_config_write(MPQemuMsg *msg)
>>       struct conf_data_msg *conf = (struct conf_data_msg *)msg->data2;
>>   
>>       qemu_mutex_lock_iothread();
>> -    pci_default_write_config(remote_pci_dev, conf->addr, conf->val, conf->l);
>> +    pci_default_write_config(remote_pci_devs[msg->id], conf->addr, conf->val,
>> +                             conf->l);
>>       qemu_mutex_unlock_iothread();
>>   }
>>   
>> @@ -106,7 +108,8 @@ static void process_config_read(MPQemuMsg *msg)
>>       wait = msg->fds[0];
>>   
>>       qemu_mutex_lock_iothread();
>> -    val = pci_default_read_config(remote_pci_dev, conf->addr, conf->l);
>> +    val = pci_default_read_config(remote_pci_devs[msg->id], conf->addr,
>> +                                  conf->l);
>>       qemu_mutex_unlock_iothread();
>>   
>>       notify_proxy(wait, val);
> 
> msg->id was read from a socket and hasn't been validated before indexing
> into remote_pci_devs[].

We see the common thread, w.r.t your concerns about security. Thanks for
pointing them out.

We will fix this and other similar issues in the future.

Thank you very much!
--
Jag

>
diff mbox series

Patch

diff --git a/hw/proxy/qemu-proxy.c b/hw/proxy/qemu-proxy.c
index eff299b..2231c36 100644
--- a/hw/proxy/qemu-proxy.c
+++ b/hw/proxy/qemu-proxy.c
@@ -176,6 +176,7 @@  static void set_remote_opts(PCIDevice *dev, QDict *qdict, unsigned int cmd)
     msg.bytestream = 1;
     msg.size = qstring_get_length(qstr) + 1;
     msg.num_fds = 0;
+    msg.id = pdev->id;
 
     mpqemu_msg_send(pdev->mpqemu_link, &msg, pdev->mpqemu_link->com);
 
@@ -322,6 +323,7 @@  static int config_op_send(PCIProxyDev *dev, uint32_t addr, uint32_t *val, int l,
     msg.size = sizeof(conf_data);
     msg.cmd = op;
     msg.bytestream = 1;
+    msg.id = dev->id;
 
     if (op == CONF_WRITE) {
         msg.num_fds = 0;
@@ -602,6 +604,7 @@  static void setup_irqfd(PCIProxyDev *dev)
 
     memset(&msg, 0, sizeof(MPQemuMsg));
     msg.cmd = SET_IRQFD;
+    msg.id = dev->id;
     msg.num_fds = 2;
     msg.fds[0] = event_notifier_get_fd(&dev->intr);
     msg.fds[1] = event_notifier_get_fd(&dev->resample);
diff --git a/include/hw/proxy/qemu-proxy.h b/include/hw/proxy/qemu-proxy.h
index 7fe987d..6a0a574 100644
--- a/include/hw/proxy/qemu-proxy.h
+++ b/include/hw/proxy/qemu-proxy.h
@@ -57,6 +57,9 @@  extern const MemoryRegionOps proxy_default_ops;
 struct PCIProxyDev {
     PCIDevice parent_dev;
 
+    uint64_t id;
+    uint64_t nr_devices;
+
     int n_mr_sections;
     MemoryRegionSection *mr_sections;
 
diff --git a/include/io/mpqemu-link.h b/include/io/mpqemu-link.h
index f5a0bbb..ba81515 100644
--- a/include/io/mpqemu-link.h
+++ b/include/io/mpqemu-link.h
@@ -124,6 +124,7 @@  typedef struct {
 typedef struct {
     mpqemu_cmd_t cmd;
     int bytestream;
+    uint64_t id;
     size_t size;
 
     union {
diff --git a/qdev-monitor.c b/qdev-monitor.c
index c6aa35c..70a7a5a 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -716,9 +716,11 @@  DeviceState *qdev_proxy_add(const char *rid, const char *id, char *bus,
         pdev->mmio_sock = old_pdev->mmio_sock;
         pdev->remote_pid = old_pdev->remote_pid;
         pdev->mem_init = true;
+        pdev->id = old_pdev->nr_devices++;
     } else {
         pdev->rsocket = managed ? rsocket : -1;
         pdev->socket = managed ? rsocket : -1;
+        pdev->id =  pdev->nr_devices++;
     }
     pdev->managed = managed;
 
diff --git a/remote/remote-main.c b/remote/remote-main.c
index 600c894..93b8500 100644
--- a/remote/remote-main.c
+++ b/remote/remote-main.c
@@ -85,7 +85,8 @@ 
 
 static MPQemuLinkState *mpqemu_link;
 
-PCIDevice *remote_pci_dev;
+PCIDevice **remote_pci_devs;
+uint64_t nr_devices;
 bool create_done;
 
 static void process_config_write(MPQemuMsg *msg)
@@ -93,7 +94,8 @@  static void process_config_write(MPQemuMsg *msg)
     struct conf_data_msg *conf = (struct conf_data_msg *)msg->data2;
 
     qemu_mutex_lock_iothread();
-    pci_default_write_config(remote_pci_dev, conf->addr, conf->val, conf->l);
+    pci_default_write_config(remote_pci_devs[msg->id], conf->addr, conf->val,
+                             conf->l);
     qemu_mutex_unlock_iothread();
 }
 
@@ -106,7 +108,8 @@  static void process_config_read(MPQemuMsg *msg)
     wait = msg->fds[0];
 
     qemu_mutex_lock_iothread();
-    val = pci_default_read_config(remote_pci_dev, conf->addr, conf->l);
+    val = pci_default_read_config(remote_pci_devs[msg->id], conf->addr,
+                                  conf->l);
     qemu_mutex_unlock_iothread();
 
     notify_proxy(wait, val);
@@ -366,9 +369,17 @@  static int setup_device(MPQemuMsg *msg, Error **errp)
                    qstring_get_str(qobject_to_json(QOBJECT(qdict))));
         return rc;
     }
+
     if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
-        remote_pci_dev = PCI_DEVICE(dev);
+        if (nr_devices <= msg->id) {
+            nr_devices = msg->id + 1;
+            remote_pci_devs = g_realloc(remote_pci_devs,
+                                        nr_devices * sizeof(PCIDevice *));
+        }
+
+        remote_pci_devs[msg->id] = PCI_DEVICE(dev);
     }
+
     qemu_opts_del(opts);
 
     return 0;
@@ -489,12 +500,15 @@  static void process_msg(GIOCondition cond, MPQemuChannel *chan)
         }
         break;
     case SET_IRQFD:
-        process_set_irqfd_msg(remote_pci_dev, msg);
-        qdev_machine_creation_done();
-        qemu_mutex_lock_iothread();
-        qemu_run_machine_init_done_notifiers();
-        qemu_mutex_unlock_iothread();
-        create_done = true;
+        process_set_irqfd_msg(remote_pci_devs[msg->id], msg);
+
+        if (!create_done) {
+            qdev_machine_creation_done();
+            qemu_mutex_lock_iothread();
+            qemu_run_machine_init_done_notifiers();
+            qemu_mutex_unlock_iothread();
+            create_done = true;
+        }
         break;
     case DRIVE_OPTS:
         if (setup_drive(msg, &err)) {