lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <888255d7-e45b-44db-8561-5e9f386603c3@redhat.com>
Date: Fri, 5 Jan 2024 09:10:55 +0100
From: Maxime Coquelin <maxime.coquelin@...hat.com>
To: Jason Wang <jasowang@...hat.com>
Cc: mst@...hat.com, xuanzhuo@...ux.alibaba.com, xieyongji@...edance.com,
 virtualization@...ts.linux-foundation.org, linux-kernel@...r.kernel.org,
 david.marchand@...hat.com, lulu@...hat.com
Subject: Re: [PATCH v6 2/3] vduse: Temporarily fail if control queue features
 requested



On 1/5/24 03:45, Jason Wang wrote:
> On Thu, Jan 4, 2024 at 11:38 PM Maxime Coquelin
> <maxime.coquelin@...hat.com> wrote:
>>
>> Virtio-net driver control queue implementation is not safe
>> when used with VDUSE. If the VDUSE application does not
>> reply to control queue messages, it currently ends up
>> hanging the kernel thread sending this command.
>>
>> Some work is on-going to make the control queue
>> implementation robust with VDUSE. Until it is completed,
>> let's fail features check if any control-queue related
>> feature is requested.
>>
>> Signed-off-by: Maxime Coquelin <maxime.coquelin@...hat.com>
>> ---
>>   drivers/vdpa/vdpa_user/vduse_dev.c | 13 +++++++++++++
>>   1 file changed, 13 insertions(+)
>>
>> diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vduse_dev.c
>> index 0486ff672408..94f54ea2eb06 100644
>> --- a/drivers/vdpa/vdpa_user/vduse_dev.c
>> +++ b/drivers/vdpa/vdpa_user/vduse_dev.c
>> @@ -28,6 +28,7 @@
>>   #include <uapi/linux/virtio_config.h>
>>   #include <uapi/linux/virtio_ids.h>
>>   #include <uapi/linux/virtio_blk.h>
>> +#include <uapi/linux/virtio_ring.h>
>>   #include <linux/mod_devicetable.h>
>>
>>   #include "iova_domain.h"
>> @@ -46,6 +47,15 @@
>>
>>   #define IRQ_UNBOUND -1
>>
>> +#define VDUSE_NET_INVALID_FEATURES_MASK         \
>> +       (BIT_ULL(VIRTIO_NET_F_CTRL_VQ) |        \
>> +        BIT_ULL(VIRTIO_NET_F_CTRL_RX)   |      \
>> +        BIT_ULL(VIRTIO_NET_F_CTRL_VLAN) |      \
>> +        BIT_ULL(VIRTIO_NET_F_GUEST_ANNOUNCE) | \
>> +        BIT_ULL(VIRTIO_NET_F_MQ) |             \
>> +        BIT_ULL(VIRTIO_NET_F_CTRL_MAC_ADDR) |  \
>> +        BIT_ULL(VIRTIO_NET_F_RSS))
> 
> We need to make this as well:
> 
> VIRTIO_NET_F_CTRL_GUEST_OFFLOADS

I missed it, and see others have been added in the Virtio spec
repository (BTW, I see this specific one is missing in the dependency
list [0], I will submit a patch).

I wonder if it is not just simpler to just check for
VIRTIO_NET_F_CTRL_VQ is requested. As we fail instead of masking out,
the VDUSE driver won't be the one violating the spec so it should be
good?

It will avoid having to update the mask if new features depending on it
are added (or forgetting to update it).

WDYT?

Thanks,
Maxime

[0]: 
https://github.com/oasis-tcs/virtio-spec/blob/5fc35a7efb903fc352da81a6d2be5c01810b68d3/device-types/net/description.tex#L129
> Other than this,
> 
> Acked-by: Jason Wang <jasowang@...hat.com>
> 
> Thanks
> 
>> +
>>   struct vduse_virtqueue {
>>          u16 index;
>>          u16 num_max;
>> @@ -1680,6 +1690,9 @@ static bool features_is_valid(struct vduse_dev_config *config)
>>          if ((config->device_id == VIRTIO_ID_BLOCK) &&
>>                          (config->features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE)))
>>                  return false;
>> +       else if ((config->device_id == VIRTIO_ID_NET) &&
>> +                       (config->features & VDUSE_NET_INVALID_FEATURES_MASK))
>> +               return false;
>>
>>          return true;
>>   }
>> --
>> 2.43.0
>>
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ