Message ID | 20190107123147.97038-1-pasic@linux.ibm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [1/1] s390/virtio: handle find on invalid queue gracefully | expand |
On Mon, 7 Jan 2019 13:31:46 +0100 Halil Pasic <pasic@linux.ibm.com> wrote: > A queue with a capacity of zero is clearly not a valid virtio queue. > Some emulators report zero queue size if queried with an invalid queue > index. Instead of crashing in this case let us just return -EINVAL. To s/-EINVAL/-ENOENT/ > make that work properly, let us fix the notifier cleanup logic as well. > > Signed-off-by: Halil Pasic <pasic@linux.ibm.com> > --- > This patch is motivated by commit 86a5597 "virtio-balloon: > VIRTIO_BALLOON_F_FREE_PAGE_HINT" (Wei Wang, 2018-08-27) which triggered > the described scenario. The emulator in question is the current QEMU. > The problem we run into is the underflow in the following loop > in __vring_new_virtqueue(): > for (i = 0; i < vring.num-1; i++) > vq->vring.desc[i].next = cpu_to_virtio16(vdev, i + 1) > Namely vring.num is an unsigned int. > > RFC --> v1: > * Change error code from -EINVAL to -ENOENT, so we are in line with the > other transports. > * Push down the detection of the error into virtio_ccw_read_vq_conf(). > --- > drivers/s390/virtio/virtio_ccw.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Thanks, applied.
On Mon, 7 Jan 2019 16:06:32 +0100 Cornelia Huck <cohuck@redhat.com> wrote: > On Mon, 7 Jan 2019 13:31:46 +0100 > Halil Pasic <pasic@linux.ibm.com> wrote: > > > A queue with a capacity of zero is clearly not a valid virtio queue. > > Some emulators report zero queue size if queried with an invalid queue > > index. Instead of crashing in this case let us just return -EINVAL. To > > s/-EINVAL/-ENOENT/ > So I did forget something, again. :/ Thanks for spotting it! > > make that work properly, let us fix the notifier cleanup logic as well. > > > > Signed-off-by: Halil Pasic <pasic@linux.ibm.com> > > --- > > This patch is motivated by commit 86a5597 "virtio-balloon: > > VIRTIO_BALLOON_F_FREE_PAGE_HINT" (Wei Wang, 2018-08-27) which triggered > > the described scenario. The emulator in question is the current QEMU. > > The problem we run into is the underflow in the following loop > > in __vring_new_virtqueue(): > > for (i = 0; i < vring.num-1; i++) > > vq->vring.desc[i].next = cpu_to_virtio16(vdev, i + 1) > > Namely vring.num is an unsigned int. > > > > RFC --> v1: > > * Change error code from -EINVAL to -ENOENT, so we are in line with the > > other transports. > > * Push down the detection of the error into virtio_ccw_read_vq_conf(). > > --- > > drivers/s390/virtio/virtio_ccw.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > Thanks, applied. > Thanks! Halil
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index fc9dbad476c0..2c6f8a5009ed 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -272,6 +272,8 @@ static void virtio_ccw_drop_indicators(struct virtio_ccw_device *vcdev) { struct virtio_ccw_vq_info *info; + if (!vcdev->airq_info) + return; list_for_each_entry(info, &vcdev->virtqueues, node) drop_airq_indicator(info->vq, vcdev->airq_info); } @@ -413,7 +415,7 @@ static int virtio_ccw_read_vq_conf(struct virtio_ccw_device *vcdev, ret = ccw_io_helper(vcdev, ccw, VIRTIO_CCW_DOING_READ_VQ_CONF); if (ret) return ret; - return vcdev->config_block->num; + return vcdev->config_block->num ?: -ENOENT; } static void virtio_ccw_del_vq(struct virtqueue *vq, struct ccw1 *ccw)
A queue with a capacity of zero is clearly not a valid virtio queue. Some emulators report zero queue size if queried with an invalid queue index. Instead of crashing in this case let us just return -EINVAL. To make that work properly, let us fix the notifier cleanup logic as well. Signed-off-by: Halil Pasic <pasic@linux.ibm.com> --- This patch is motivated by commit 86a5597 "virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT" (Wei Wang, 2018-08-27) which triggered the described scenario. The emulator in question is the current QEMU. The problem we run into is the underflow in the following loop in __vring_new_virtqueue(): for (i = 0; i < vring.num-1; i++) vq->vring.desc[i].next = cpu_to_virtio16(vdev, i + 1) Namely vring.num is an unsigned int. RFC --> v1: * Change error code from -EINVAL to -ENOENT, so we are in line with the other transports. * Push down the detection of the error into virtio_ccw_read_vq_conf(). --- drivers/s390/virtio/virtio_ccw.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)