lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 13 Mar 2019 11:19:52 +0100
From:   Pierre Morel <pmorel@...ux.ibm.com>
To:     Tony Krowiak <akrowiak@...ux.ibm.com>,
        Halil Pasic <pasic@...ux.ibm.com>
Cc:     borntraeger@...ibm.com, alex.williamson@...hat.com,
        cohuck@...hat.com, linux-kernel@...r.kernel.org,
        linux-s390@...r.kernel.org, kvm@...r.kernel.org,
        frankja@...ux.ibm.com, david@...hat.com, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, freude@...ux.ibm.com, mimu@...ux.ibm.com
Subject: Re: [PATCH v4 3/7] s390: ap: associate a ap_vfio_queue and a matrix
 mdev

On 12/03/2019 22:39, Tony Krowiak wrote:
> On 3/3/19 9:09 PM, Halil Pasic wrote:
>> On Fri, 22 Feb 2019 16:29:56 +0100
>> Pierre Morel <pmorel@...ux.ibm.com> wrote:
>>
>>> We need to associate the ap_vfio_queue, which will hold the
>>> per queue information for interrupt with a matrix mediated device
>>> which hold the configuration and the way to the CRYCB.
>> [..]
>>> +static int vfio_ap_get_all_domains(struct ap_matrix_mdev 
>>> *matrix_mdev, int apid)
>>> +{
>>> +    int apqi, apqn;
>>> +    int ret = 0;
>>> +    struct vfio_ap_queue *q;
>>> +    struct list_head q_list;
>>> +
>>> +    INIT_LIST_HEAD(&q_list);
>>> +
>>> +    for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm, AP_DOMAINS) {
>>> +        apqn = AP_MKQID(apid, apqi);
>>> +        q = vfio_ap_get_queue(apqn, &matrix_dev->free_list);
>>> +        if (!q) {
>>> +            ret = -EADDRNOTAVAIL;
>>> +            goto rewind;
>>> +        }
>>> +        if (q->matrix_mdev) {
>>> +            ret = -EADDRINUSE;
>>
>> You tried to get the q from matrix_dev->free_list thus modulo races
>> q->matrix_mdev should be 0. This change breaks the error codes in a
>> sense that it becomes impossible to provoke EADDRINUSE (the proper
>> error code for taken by another matrix_mdev).
> 
> It is necessary to determine if the queue is in use by another mdev, so
> it will still be necessary to traverse all of the matrix_mdev structs to
> see if q is in matrix_mdev->qlist. It seems that maintaining the qlist
> does not buy us much.
> 

Tony, Halil already pointed out this issue and I already answered.
Please, no need to duplicate the remarks.

Pierre

-- 
Pierre Morel
Linux/KVM/QEMU in Böblingen - Germany

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ