| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Oct 2020 12:05:15 +0800
From: Jason Wang <jasowang@...hat.com>
To: Stefano Garzarella <sgarzare@...hat.com>, mst@...hat.com
Cc: kvm@...r.kernel.org, netdev@...r.kernel.org,
virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Rusty Russell <rusty@...tcorp.com.au>
Subject: Re: [PATCH v2] vringh: fix __vringh_iov() when riov and wiov are
different
On 2020/10/9 上午4:42, Stefano Garzarella wrote:
> If riov and wiov are both defined and they point to different
> objects, only riov is initialized. If the wiov is not initialized
> by the caller, the function fails returning -EINVAL and printing
> "Readable desc 0x... after writable" error message.
>
> This issue happens when descriptors have both readable and writable
> buffers (eg. virtio-blk devices has virtio_blk_outhdr in the readable
> buffer and status as last byte of writable buffer) and we call
> __vringh_iov() to get both type of buffers in two different iovecs.
>
> Let's replace the 'else if' clause with 'if' to initialize both
> riov and wiov if they are not NULL.
>
> As checkpatch pointed out, we also avoid crashing the kernel
> when riov and wiov are both NULL, replacing BUG() with WARN_ON()
> and returning -EINVAL.
It looks like I met the exact similar issue when developing ctrl vq
support (which requires both READ and WRITE descriptor).
While I was trying to fix the issue I found the following comment:
* Note that you may need to clean up riov and wiov, even on error!
*/
int vringh_getdesc_iotlb(struct vringh *vrh,
I saw some driver call vringh_kiov_cleanup().
So I just follow to use that.
I'm not quite sure which one is better.
Thanks
>
> Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.")
> Cc: stable@...r.kernel.org
> Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
> ---
> drivers/vhost/vringh.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
> index e059a9a47cdf..8bd8b403f087 100644
> --- a/drivers/vhost/vringh.c
> +++ b/drivers/vhost/vringh.c
> @@ -284,13 +284,14 @@ __vringh_iov(struct vringh *vrh, u16 i,
> desc_max = vrh->vring.num;
> up_next = -1;
>
> + /* You must want something! */
> + if (WARN_ON(!riov && !wiov))
> + return -EINVAL;
> +
> if (riov)
> riov->i = riov->used = 0;
> - else if (wiov)
> + if (wiov)
> wiov->i = wiov->used = 0;
> - else
> - /* You must want something! */
> - BUG();
>
> for (;;) {
> void *addr;
Powered by blists - more mailing lists