From patchwork Mon May 23 06:50:00 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gonglei (Arei)" X-Patchwork-Id: 9131187 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 48875607D3 for ; Mon, 23 May 2016 06:50:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3C502281F6 for ; Mon, 23 May 2016 06:50:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 30E5F281FF; Mon, 23 May 2016 06:50:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 48953281F6 for ; Mon, 23 May 2016 06:50:50 +0000 (UTC) Received: from localhost ([::1]:45943 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b4jhR-00056Q-Su for patchwork-qemu-devel@patchwork.kernel.org; Mon, 23 May 2016 02:50:49 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38283) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b4jhD-00055g-0z for qemu-devel@nongnu.org; Mon, 23 May 2016 02:50:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b4jh9-0007jL-N5 for qemu-devel@nongnu.org; Mon, 23 May 2016 02:50:34 -0400 Received: from szxga03-in.huawei.com ([119.145.14.66]:9579) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b4jh8-0007hF-Nf for qemu-devel@nongnu.org; Mon, 23 May 2016 02:50:31 -0400 Received: from 172.24.1.60 (EHLO szxeml434-hub.china.huawei.com) ([172.24.1.60]) by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued) with ESMTP id CCB39326; Mon, 23 May 2016 14:50:17 +0800 (CST) Received: from localhost (10.177.18.62) by szxeml434-hub.china.huawei.com (10.82.67.225) with Microsoft SMTP Server id 14.3.235.1; Mon, 23 May 2016 14:50:09 +0800 From: Gonglei To: Date: Mon, 23 May 2016 14:50:00 +0800 Message-ID: <1463986200-205860-1-git-send-email-arei.gonglei@huawei.com> X-Mailer: git-send-email 2.6.3.windows.1 MIME-Version: 1.0 X-Originating-IP: [10.177.18.62] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.5742A82C.00FA, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: e63f619045811cde25acda903b7ca4ab X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 119.145.14.66 Subject: [Qemu-devel] [PATCH] vhost-user: fix unreasonable return value when vhost-user read failed X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: wangyunjian@huawei.com, Gonglei , mst@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP At present all corresponding functions which calling vhost_user_read() don't return failure when vhost_user_read() executed failed. That's dangerous, because VhostUserMsg will be a random value, and cause the virtual machine panic finally. A example: In Qemu side report: qemu-kvm: -netdev type=vhost-user,id=hostnet0,chardev=charnet0: \ Failed to read msg header. Read -1 instead of 12. Then, the guest panic with the below serial message: [ 13.853740] ------------[ cut here ]------------ [ 13.855709] kernel BUG at virtio_net.c:893! [ 13.857006] invalid opcode: 0000 [#1] SMP [ 13.857006] last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/virtio0/device [ 13.857006] CPU 2 [ 13.857006] Supported: Yes [ 13.857006] Pid: 2474, comm: ip Tainted: G N 2.6.32.12-0.7-default #1 Standard PC (i440FX + PIIX, 1996) [ 13.857006] RIP: 0010:[] [] virtnet_send_command+0x12a/0x140 [virtio_net] [ 13.857006] RSP: 0018:ffff880137241758 EFLAGS: 00010246 [ 13.857006] RAX: 0000000000000011 RBX: ffff880138f88400 RCX: ffffffffa00160d8 [ 13.857006] RDX: 000000000000000e RSI: 0000000000000011 RDI: 0000000000000015 [ 13.857006] RBP: ffff88013b724780 R08: 0000000000000000 R09: ffff880137241818 [ 13.857006] R10: 0000000000000001 R11: ffffffffa00137f0 R12: 0000000000000000 [ 13.857006] R13: 0000000000000000 R14: ffff880137241818 R15: 0000000000000000 [ 13.857006] FS: 00007f19cee00700(0000) GS:ffff880005900000(0000) knlGS:0000000000000000 [ 13.857006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 13.857006] CR2: 00007f19ce562bd0 CR3: 00000001375cc000 CR4: 00000000000406e0 [ 13.857006] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 13.917524] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 13.917524] Process ip (pid: 2474, threadinfo ffff880137240000, task ffff880137b021c0) Reported-by: Yunjian Wang Signed-off-by: Gonglei --- hw/virtio/vhost-user.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 5082e04..8118910 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -220,7 +220,7 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, uint64_t base, if (shmfd) { msg.size = 0; if (vhost_user_read(dev, &msg) < 0) { - return 0; + return -1; } if (msg.request != VHOST_USER_SET_LOG_BASE) { @@ -365,7 +365,7 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev, vhost_user_write(dev, &msg, NULL, 0); if (vhost_user_read(dev, &msg) < 0) { - return 0; + return -1; } if (msg.request != VHOST_USER_GET_VRING_BASE) { @@ -460,7 +460,7 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int request, uint64_t *u64) vhost_user_write(dev, &msg, NULL, 0); if (vhost_user_read(dev, &msg) < 0) { - return 0; + return -1; } if (msg.request != request) {