From patchwork Tue Jul 28 09:10:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Wang X-Patchwork-Id: 1337669 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=H7KAgO4l; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BG9rv1QXWz9sR4 for ; Tue, 28 Jul 2020 19:11:11 +1000 (AEST) Received: from localhost ([::1]:47752 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0Ldc-0006Lp-3G for incoming@patchwork.ozlabs.org; Tue, 28 Jul 2020 05:11:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60000) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Ld6-0006KD-Jq for qemu-devel@nongnu.org; Tue, 28 Jul 2020 05:10:36 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:55962 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Ld4-0007CW-PE for qemu-devel@nongnu.org; Tue, 28 Jul 2020 05:10:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595927434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=QEWe54TC6Rr7+K7ziQiMtOrZqhkhpMwTIP1e/wV8VVU=; b=H7KAgO4leSvF33scLRrXrCWI39MZ0TAsebeG6S8oXDol/1PbED0gw8KDapDbgwWuH0jDEX /aJa2PR2Q4/mmsAd8vBNOgprDt1GdTvtSkzyXusShtSK7gSlihs+3AKVXjTfmnr70r4WQr AbU4IlsZ2BAx0cs7AaWKBXbZH1PU1oU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-377-6lPiy0tLPBKVRNr19AFrOw-1; Tue, 28 Jul 2020 05:10:31 -0400 X-MC-Unique: 6lPiy0tLPBKVRNr19AFrOw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 85C971DE1; Tue, 28 Jul 2020 09:10:30 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-12-214.pek2.redhat.com [10.72.12.214]) by smtp.corp.redhat.com (Postfix) with ESMTP id 348FC90E62; Tue, 28 Jul 2020 09:10:26 +0000 (UTC) From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL V2 1/3] virtio-pci: fix wrong index in virtio_pci_queue_enabled Date: Tue, 28 Jul 2020 17:10:17 +0800 Message-Id: <1595927419-27346-2-git-send-email-jasowang@redhat.com> In-Reply-To: <1595927419-27346-1-git-send-email-jasowang@redhat.com> References: <1595927419-27346-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:55:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yuri Benditovich , Jason Wang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Yuri Benditovich We should use the index passed by the caller instead of the queue_sel when checking the enablement of a specific virtqueue. This is reported in https://bugzilla.redhat.com/show_bug.cgi?id=1702608 Fixes: f19bcdfedd53 ("virtio-pci: implement queue_enabled method") Signed-off-by: Yuri Benditovich Signed-off-by: Jason Wang --- hw/virtio/virtio-pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 4ad3ad8..ccdf54e 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1113,7 +1113,7 @@ static bool virtio_pci_queue_enabled(DeviceState *d, int n) VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); if (virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) { - return proxy->vqs[vdev->queue_sel].enabled; + return proxy->vqs[n].enabled; } return virtio_queue_enabled_legacy(vdev, n); From patchwork Tue Jul 28 09:10:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Wang X-Patchwork-Id: 1337668 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Lwx908Mb; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BG9rv1kTLz9sSd for ; Tue, 28 Jul 2020 19:11:11 +1000 (AEST) Received: from localhost ([::1]:47876 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0Ldd-0006Or-03 for incoming@patchwork.ozlabs.org; Tue, 28 Jul 2020 05:11:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60014) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Ld8-0006Lt-2K for qemu-devel@nongnu.org; Tue, 28 Jul 2020 05:10:38 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:36863 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Ld6-0007Ca-CZ for qemu-devel@nongnu.org; Tue, 28 Jul 2020 05:10:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595927435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=n03KLV8sGAHwM3z7JXtuYCSL1E+BbALjV9c8F3Y1sHs=; b=Lwx908MbaQtwyENLmdp7Hip0p3sBm0A3p/WKFIpBumKI2vPIOsrxOw0vjPpunoSqJDCQkd 1uJLzVJ4Rt7nCCVWC+BZ+pTUT+Jl9Fib9czyS6w/T/HsE67oB61btbcfrVX+RVB5AF/8KA nojAxuz+jV4Hiu+Z+Bz6ZbYYYUeBn4I= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-149-JSKjLX9DPJSsIbZeVtrOrw-1; Tue, 28 Jul 2020 05:10:33 -0400 X-MC-Unique: JSKjLX9DPJSsIbZeVtrOrw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E08B31DE2; Tue, 28 Jul 2020 09:10:32 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-12-214.pek2.redhat.com [10.72.12.214]) by smtp.corp.redhat.com (Postfix) with ESMTP id 24EE890E6D; Tue, 28 Jul 2020 09:10:30 +0000 (UTC) From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL V2 2/3] virtio-net: check the existence of peer before accessing vDPA config Date: Tue, 28 Jul 2020 17:10:18 +0800 Message-Id: <1595927419-27346-3-git-send-email-jasowang@redhat.com> In-Reply-To: <1595927419-27346-1-git-send-email-jasowang@redhat.com> References: <1595927419-27346-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:55:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jason Wang , qemu-devel@nongnu.org, Cindy Lu Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" We try to check whether a peer is VDPA in order to get config from there - with no peer, this leads to a NULL pointer dereference. Add a check before trying to access the peer type. No peer means not VDPA. Fixes: 108a64818e69b ("vhost-vdpa: introduce vhost-vdpa backend") Cc: Cindy Lu Tested-by: Cornelia Huck Reviewed-by: Cornelia Huck Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 4895af1..a1fe9e9 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -125,6 +125,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config) { VirtIONet *n = VIRTIO_NET(vdev); struct virtio_net_config netcfg; + NetClientState *nc = qemu_get_queue(n->nic); int ret = 0; memset(&netcfg, 0 , sizeof(struct virtio_net_config)); @@ -142,13 +143,16 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config) VIRTIO_NET_RSS_SUPPORTED_HASHES); memcpy(config, &netcfg, n->config_size); - NetClientState *nc = qemu_get_queue(n->nic); - if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) { + /* + * Is this VDPA? No peer means not VDPA: there's no way to + * disconnect/reconnect a VDPA peer. + */ + if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) { ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg, - n->config_size); - if (ret != -1) { - memcpy(config, &netcfg, n->config_size); - } + n->config_size); + if (ret != -1) { + memcpy(config, &netcfg, n->config_size); + } } } @@ -156,6 +160,7 @@ static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config) { VirtIONet *n = VIRTIO_NET(vdev); struct virtio_net_config netcfg = {}; + NetClientState *nc = qemu_get_queue(n->nic); memcpy(&netcfg, config, n->config_size); @@ -166,11 +171,14 @@ static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config) qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac); } - NetClientState *nc = qemu_get_queue(n->nic); - if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) { - vhost_net_set_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg, - 0, n->config_size, - VHOST_SET_CONFIG_TYPE_MASTER); + /* + * Is this VDPA? No peer means not VDPA: there's no way to + * disconnect/reconnect a VDPA peer. + */ + if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) { + vhost_net_set_config(get_vhost_net(nc->peer), + (uint8_t *)&netcfg, 0, n->config_size, + VHOST_SET_CONFIG_TYPE_MASTER); } } From patchwork Tue Jul 28 09:10:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Wang X-Patchwork-Id: 1337681 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=NNfq+3tD; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BG9tb5Pkzz9sR4 for ; Tue, 28 Jul 2020 19:12:39 +1000 (AEST) Received: from localhost ([::1]:53912 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k0Lf3-0000Ql-Hc for incoming@patchwork.ozlabs.org; Tue, 28 Jul 2020 05:12:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60034) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k0Ld9-0006Ok-RR for qemu-devel@nongnu.org; Tue, 28 Jul 2020 05:10:39 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:39093 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1k0Ld8-0007Df-9g for qemu-devel@nongnu.org; Tue, 28 Jul 2020 05:10:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595927437; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=BizKAjSDHwqLVrq96cuiIXoDoNkf2Pbi3L5JlP/JAHo=; b=NNfq+3tDlUgum+tX/fc4QPR30/gtTOAuRdzW9Zhj5R6mh2B1LpcJIKwypPTZrybl5LRahZ dZ5yoNM6EqdHt4L0JnkMVcfThZMW1cEO32dmiGQ9uJFLNk9jNdqJuXx1KJQbf9ewl9kO4i zoAdVHPtVxMQ/rSE3KcziAfE3m3MKi0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-481-jK5oLramPnaKBWu5pCTfiQ-1; Tue, 28 Jul 2020 05:10:35 -0400 X-MC-Unique: jK5oLramPnaKBWu5pCTfiQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E26E51932480; Tue, 28 Jul 2020 09:10:34 +0000 (UTC) Received: from jason-ThinkPad-T430s.redhat.com (ovpn-12-214.pek2.redhat.com [10.72.12.214]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6F7EE90E62; Tue, 28 Jul 2020 09:10:33 +0000 (UTC) From: Jason Wang To: peter.maydell@linaro.org Subject: [PULL V2 3/3] net: forbid the reentrant RX Date: Tue, 28 Jul 2020 17:10:19 +0800 Message-Id: <1595927419-27346-4-git-send-email-jasowang@redhat.com> In-Reply-To: <1595927419-27346-1-git-send-email-jasowang@redhat.com> References: <1595927419-27346-1-git-send-email-jasowang@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=207.211.31.120; envelope-from=jasowang@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/27 23:55:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jason Wang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The memory API allows DMA into NIC's MMIO area. This means the NIC's RX routine must be reentrant. Instead of auditing all the NIC, we can simply detect the reentrancy and return early. The queue->delivering is set and cleared by qemu_net_queue_deliver() for other queue helpers to know whether the delivering in on going (NIC's receive is being called). We can check it and return early in qemu_net_queue_flush() to forbid reentrant RX. Signed-off-by: Jason Wang --- net/queue.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/queue.c b/net/queue.c index 0164727..19e32c8 100644 --- a/net/queue.c +++ b/net/queue.c @@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState *from) bool qemu_net_queue_flush(NetQueue *queue) { + if (queue->delivering) + return false; + while (!QTAILQ_EMPTY(&queue->packets)) { NetPacket *packet; int ret;