lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170811003107-mutt-send-email-mst@kernel.org>
Date:   Fri, 11 Aug 2017 00:31:44 +0300
From:   "Michael S. Tsirkin" <mst@...hat.com>
To:     "Richard W.M. Jones" <rjones@...hat.com>
Cc:     jejb@...ux.vnet.ibm.com, martin.petersen@...cle.com,
        jasowang@...hat.com, linux-scsi@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        virtualization@...ts.linux-foundation.org, hch@....de,
        pbonzini@...hat.com
Subject: Re: [PATCH 1/2] virtio: Reduce BUG if total_sg > virtqueue size to
 WARN.

On Thu, Aug 10, 2017 at 10:30:38PM +0100, Richard W.M. Jones wrote:
> On Fri, Aug 11, 2017 at 12:21:16AM +0300, Michael S. Tsirkin wrote:
> > On Thu, Aug 10, 2017 at 05:40:34PM +0100, Richard W.M. Jones wrote:
> > > If using indirect descriptors, you can make the total_sg as large as
> > > you want.
> > 
> > That would be a spec violation though, even if it happens to
> > work on current QEMU.
> > 
> > The spec says:
> > 	A driver MUST NOT create a descriptor chain longer than the Queue Size of the device.
> > 
> > What prompted this patch?
> > Do we ever encounter this situation?
> 
> This patch is needed because the following (2/2) patch will trigger
> that BUG_ON if I set virtqueue_size=64 or any smaller value.
> 
> The precise backtrace is below.
> 
> Rich.
> 
> [    4.029510] ------------[ cut here ]------------
> [    4.030127] kernel BUG at drivers/virtio/virtio_ring.c:299!
> [    4.030834] invalid opcode: 0000 [#1] SMP
> [    4.031340] Modules linked in: libcrc32c crc8 crc7 crc4 crc_itu_t virtio_pci virtio_mmio virtio_input virtio_balloon virtio_scsi nd_pmem nd_btt virtio_net virtio_crypto crypto_engine virtio_console virtio_rng virtio_blk virtio_ring virtio nfit crc32_generic crct10dif_pclmul crc32c_intel crc32_pclmul
> [    4.034606] CPU: 0 PID: 1 Comm: init Not tainted 4.13.0-rc4+ #100
> [    4.035354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
> [    4.036770] task: ffff9a859e243300 task.stack: ffffa731c00cc000
> [    4.037506] RIP: 0010:virtqueue_add_sgs+0x23d/0x460 [virtio_ring]
> [    4.038250] RSP: 0000:ffffa731c00cf6e0 EFLAGS: 00010097
> [    4.038898] RAX: 0000000000000000 RBX: 0000000000000011 RCX: ffffdd0680646c40
> [    4.039762] RDX: 0000000000000000 RSI: ffffa731c00cf7b8 RDI: ffff9a85945c4d68
> [    4.040634] RBP: ffffa731c00cf748 R08: ffff9a85945c4a78 R09: 0000000001080020
> [    4.041508] R10: ffffa731c00cf788 R11: ffff9a859b3d3120 R12: ffffa731c00cf7d0
> [    4.042382] R13: ffffa731c00cf7d0 R14: 0000000000000001 R15: ffff9a859b3f8200
> [    4.043248] FS:  0000000000000000(0000) GS:ffff9a859e600000(0000) knlGS:0000000000000000
> [    4.044232] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [    4.044942] CR2: 00007fcff02e931c CR3: 000000001d23b000 CR4: 00000000003406f0
> [    4.045815] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [    4.046684] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [    4.047559] Call Trace:
> [    4.047876]  virtscsi_add_cmd+0x1c9/0x280 [virtio_scsi]
> [    4.048528]  virtscsi_kick_cmd+0x38/0x90 [virtio_scsi]
> [    4.049161]  virtscsi_queuecommand+0x104/0x280 [virtio_scsi]
> [    4.049875]  virtscsi_queuecommand_single+0x38/0x40 [virtio_scsi]
> [    4.050628]  scsi_dispatch_cmd+0xf9/0x390
> [    4.051128]  scsi_queue_rq+0x5e5/0x6f0
> [    4.051602]  blk_mq_dispatch_rq_list+0x1ff/0x3c0
> [    4.052175]  blk_mq_sched_dispatch_requests+0x199/0x1f0
> [    4.052824]  __blk_mq_run_hw_queue+0x11d/0x1b0
> [    4.053382]  __blk_mq_delay_run_hw_queue+0x8d/0xa0
> [    4.053972]  blk_mq_run_hw_queue+0x14/0x20
> [    4.054485]  blk_mq_sched_insert_requests+0x96/0x120
> [    4.055095]  blk_mq_flush_plug_list+0x19d/0x410
> [    4.055661]  blk_flush_plug_list+0xf9/0x2b0
> [    4.056182]  blk_finish_plug+0x2c/0x40
> [    4.056655]  __do_page_cache_readahead+0x32e/0x400
> [    4.057261]  filemap_fault+0x2fb/0x890
> [    4.057731]  ? filemap_fault+0x2fb/0x890
> [    4.058220]  ? find_held_lock+0x3c/0xb0
> [    4.058714]  ext4_filemap_fault+0x34/0x50
> [    4.059212]  __do_fault+0x1e/0x110
> [    4.059644]  __handle_mm_fault+0x6b2/0x1080
> [    4.060167]  handle_mm_fault+0x178/0x350
> [    4.060662]  __do_page_fault+0x26e/0x510
> [    4.061152]  trace_do_page_fault+0x9d/0x290
> [    4.061677]  do_async_page_fault+0x51/0xa0
> [    4.062189]  async_page_fault+0x28/0x30
> [    4.062667] RIP: 0033:0x7fcff030a24f
> [    4.063113] RSP: 002b:00007ffefc2ad078 EFLAGS: 00010206
> [    4.063760] RAX: 00007fcff02e931c RBX: 00007fcff050f660 RCX: 00007fcff02e935c
> [    4.064648] RDX: 0000000000000664 RSI: 0000000000000000 RDI: 00007fcff02e931c
> [    4.065519] RBP: 00007ffefc2ad320 R08: 00007fcff02e931c R09: 0000000000027000
> [    4.066392] R10: 00007fcff02e9980 R11: 0000000000000206 R12: 00007ffefc2ad0b0
> [    4.067263] R13: 00007ffefc2ad408 R14: 0000000000000002 R15: 00000000000087f0
> [    4.068135] Code: af 01 c7 45 c8 01 00 00 00 45 31 ed e9 9b fe ff ff 31 db 48 83 7d d0 00 0f 85 3f fe ff ff 0f 0b 48 8b 7d b8 e8 e5 fd 22 de eb 8b <0f> 0b 0f 0b 44 89 6d a8 45 89 f5 48 8b 45 a0 44 8d 70 01 48 83 
> [    4.070506] RIP: virtqueue_add_sgs+0x23d/0x460 [virtio_ring] RSP: ffffa731c00cf6e0
> [    4.071434] ---[ end trace 02532659840e2a64 ]---

Then we probably should fail probe if vq size is too small.

> 
> -- 
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> libguestfs lets you edit virtual machines.  Supports shell scripting,
> bindings from many languages.  http://libguestfs.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ