| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Jun 2023 17:00:00 +0800 From: Jason Wang <jasowang@...hat.com> To: Stefano Garzarella <sgarzare@...hat.com> Cc: "Michael S. Tsirkin" <mst@...hat.com>, Shannon Nelson <shannon.nelson@....com>, virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org, Eugenio Pérez <eperezma@...hat.com>, Tiwei Bie <tiwei.bie@...el.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] vhost-vdpa: filter VIRTIO_F_RING_PACKED feature On Thu, Jun 8, 2023 at 4:00 PM Stefano Garzarella <sgarzare@...hat.com> wrote: > > On Thu, Jun 08, 2023 at 03:46:00PM +0800, Jason Wang wrote: > > [...] > > >> > > > > I have a question though, what if down the road there > >> > > > > is a new feature that needs more changes? It will be > >> > > > > broken too just like PACKED no? > >> > > > > Shouldn't vdpa have an allowlist of features it knows how > >> > > > > to support? > >> > > > > >> > > > It looks like we had it, but we took it out (by the way, we were > >> > > > enabling packed even though we didn't support it): > >> > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6234f80574d7569444d8718355fa2838e92b158b > >> > > > > >> > > > The only problem I see is that for each new feature we have to modify > >> > > > the kernel. > >> > > > Could we have new features that don't require handling by vhost-vdpa? > >> > > > > >> > > > Thanks, > >> > > > Stefano > >> > > > >> > > Jason what do you say to reverting this? > >> > > >> > I may miss something but I don't see any problem with vDPA core. > >> > > >> > It's the duty of the parents to advertise the features it has. For example, > >> > > >> > 1) If some kernel version that is packed is not supported via > >> > set_vq_state, parents should not advertise PACKED features in this > >> > case. > >> > 2) If the kernel has support packed set_vq_state(), but it's emulated > >> > cvq doesn't support, parents should not advertise PACKED as well > >> > > >> > If a parent violates the above 2, it looks like a bug of the parents. > >> > > >> > Thanks > >> > >> Yes but what about vhost_vdpa? Talking about that not the core. > > > >Not sure it's a good idea to workaround parent bugs via vhost-vDPA. > > Sorry, I'm getting lost... > We were talking about the fact that vhost-vdpa doesn't handle > SET_VRING_BASE/GET_VRING_BASE ioctls well for packed virtqueue before > that series [1], no? > > The parents seem okay, but maybe I missed a few things. > > [1] https://lore.kernel.org/virtualization/20230424225031.18947-1-shannon.nelson@amd.com/ Yes, more below. > > > > >> Should that not have a whitelist of features > >> since it interprets ioctls differently depending on this? > > > >If there's a bug, it might only matter the following setup: > > > >SET_VRING_BASE/GET_VRING_BASE + VDUSE. > > > >This seems to be broken since VDUSE was introduced. If we really want > >to backport something, it could be a fix to filter out PACKED in > >VDUSE? > > mmm it doesn't seem to be a problem in VDUSE, but in vhost-vdpa. > I think VDUSE works fine with packed virtqueue using virtio-vdpa > (I haven't tried), so why should we filter PACKED in VDUSE? I don't think we need any filtering since: PACKED features has been advertised to userspace via uAPI since 6234f80574d7569444d8718355fa2838e92b158b. Once we relax in uAPI, it would be very hard to restrict it again. For the userspace that tries to negotiate PACKED: 1) if it doesn't use SET_VRING_BASE/GET_VRING_BASE, everything works well 2) if it uses SET_VRING_BASE/GET_VRING_BASE. it might fail or break silently If we backport the fixes to -stable, we may break the application at least in the case 1). Thanks > > Thanks, > Stefano >
Powered by blists - more mailing lists