lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Oct 2020 12:05:15 +0800 From: Jason Wang <jasowang@...hat.com> To: Stefano Garzarella <sgarzare@...hat.com>, mst@...hat.com Cc: kvm@...r.kernel.org, netdev@...r.kernel.org, virtualization@...ts.linux-foundation.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org, Rusty Russell <rusty@...tcorp.com.au> Subject: Re: [PATCH v2] vringh: fix __vringh_iov() when riov and wiov are different On 2020/10/9 上午4:42, Stefano Garzarella wrote: > If riov and wiov are both defined and they point to different > objects, only riov is initialized. If the wiov is not initialized > by the caller, the function fails returning -EINVAL and printing > "Readable desc 0x... after writable" error message. > > This issue happens when descriptors have both readable and writable > buffers (eg. virtio-blk devices has virtio_blk_outhdr in the readable > buffer and status as last byte of writable buffer) and we call > __vringh_iov() to get both type of buffers in two different iovecs. > > Let's replace the 'else if' clause with 'if' to initialize both > riov and wiov if they are not NULL. > > As checkpatch pointed out, we also avoid crashing the kernel > when riov and wiov are both NULL, replacing BUG() with WARN_ON() > and returning -EINVAL. It looks like I met the exact similar issue when developing ctrl vq support (which requires both READ and WRITE descriptor). While I was trying to fix the issue I found the following comment: * Note that you may need to clean up riov and wiov, even on error! */ int vringh_getdesc_iotlb(struct vringh *vrh, I saw some driver call vringh_kiov_cleanup(). So I just follow to use that. I'm not quite sure which one is better. Thanks > > Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.") > Cc: stable@...r.kernel.org > Signed-off-by: Stefano Garzarella <sgarzare@...hat.com> > --- > drivers/vhost/vringh.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c > index e059a9a47cdf..8bd8b403f087 100644 > --- a/drivers/vhost/vringh.c > +++ b/drivers/vhost/vringh.c > @@ -284,13 +284,14 @@ __vringh_iov(struct vringh *vrh, u16 i, > desc_max = vrh->vring.num; > up_next = -1; > > + /* You must want something! */ > + if (WARN_ON(!riov && !wiov)) > + return -EINVAL; > + > if (riov) > riov->i = riov->used = 0; > - else if (wiov) > + if (wiov) > wiov->i = wiov->used = 0; > - else > - /* You must want something! */ > - BUG(); > > for (;;) { > void *addr;
Powered by blists - more mailing lists