| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Sep 2012 01:11:11 +0300 From: "Michael S. Tsirkin" <mst@...hat.com> To: Rusty Russell <rusty@...tcorp.com.au> Cc: Sjur Brændeland <sjurbren@...il.com>, Amit Shah <amit.shah@...hat.com>, linux-kernel@...r.kernel.org, Ohad Ben-Cohen <ohad@...ery.com>, Linus Walleij <linus.walleij@...aro.org>, virtualization@...ts.linux-foundation.org Subject: Re: [RFC 1/2] virtio_console: Add support for DMA memory allocation On Thu, Sep 06, 2012 at 08:27:35AM +0300, Michael S. Tsirkin wrote: > On Thu, Sep 06, 2012 at 11:34:25AM +0930, Rusty Russell wrote: > > "Michael S. Tsirkin" <mst@...hat.com> writes: > > > On Tue, Sep 04, 2012 at 06:58:47PM +0200, Sjur Brændeland wrote: > > >> Hi Michael, > > >> > > >> > Exactly. Though if we just fail load it will be much less code. > > >> > > > >> > Generally, using a feature bit for this is a bit of a problem though: > > >> > normally driver is expected to be able to simply ignore > > >> > a feature bit. In this case driver is required to > > >> > do something so a feature bit is not a good fit. > > >> > I am not sure what the right thing to do is. > > >> > > >> I see - so in order to avoid the binding between driver and device > > >> there are two options I guess. Either make virtio_dev_match() or > > >> virtcons_probe() fail. Neither of them seems like the obvious choice. > > >> > > >> Maybe adding a check for VIRTIO_CONSOLE_F_DMA_MEM match > > >> between device and driver in virtcons_probe() is the lesser evil? > > >> > > >> Regards, > > >> Sjur > > > > > > A simplest thing to do is change dev id. rusty? > > > > For generic usage, this is correct. But my opinion is that fallback on > > feature non-ack is quality-of-implementation issue: great to have, but > > there are cases where you just want to fail with "you're too old". > > > > And in this case, an old system simply will never work. So it's a > > question of how graceful the failure is. > > > > Can your userspace loader can refuse to proceed if the driver doesn't > > ack the bits? If so, it's simpler than a whole new ID. > > > > Cheers, > > Rusty. > > Yes but how can it signal guest that it will never proceed? > > Also grep for BUG_ON in core found this: > > drv->remove(dev); > > /* Driver should have reset device. */ > BUG_ON(dev->config->get_status(dev)); > > I think below is what Sjur refers to. > I think below is a good idea for 3.6. Thoughts? > > ---> > > virtio: don't crash when device is buggy > > Because of a sanity check in virtio_dev_remove, a buggy device can crash > kernel. And in case of rproc it's userspace so it's not a good idea. > We are unloading a driver so how bad can it be? > Be less aggressive in handling this error: if it's a driver bug, > warning once should be enough. > > Signed-off-by: Michael S. Tsirkin <mst@...hat.com> > > -- Rusty? > diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c > index c3b3f7f..1e8659c 100644 > --- a/drivers/virtio/virtio.c > +++ b/drivers/virtio/virtio.c > @@ -159,7 +159,7 @@ static int virtio_dev_remove(struct device *_d) > drv->remove(dev); > > /* Driver should have reset device. */ > - BUG_ON(dev->config->get_status(dev)); > + WARN_ON_ONCE(dev->config->get_status(dev)); > > /* Acknowledge the device's existence again. */ > add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE); > > -- > MST -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists