From: Greg Kurz <groug@kaod.org>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON()
Date: Thu, 8 Sep 2016 11:05:22 +0200 [thread overview]
Message-ID: <20160908110522.097ab135@bahia> (raw)
In-Reply-To: <87eg4uyibm.fsf@dusky.pond.sub.org>
On Thu, 08 Sep 2016 09:14:05 +0200
Markus Armbruster <armbru@redhat.com> wrote:
> Greg Kurz <groug@kaod.org> writes:
>
> > Calling assert() really makes sense when hitting a genuine bug, which calls
> > for a fix in QEMU. However, when something goes wrong because the guest
> > sends a malformed message, it is better to write down a more meaningul
> > error message and exit.
> >
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> > ---
> > hw/9pfs/virtio-9p-device.c | 20 ++++++++++++++++++--
> > 1 file changed, 18 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
> > index 009b43f6d045..67059182645a 100644
> > --- a/hw/9pfs/virtio-9p-device.c
> > +++ b/hw/9pfs/virtio-9p-device.c
> > @@ -19,6 +19,7 @@
> > #include "coth.h"
> > #include "hw/virtio/virtio-access.h"
> > #include "qemu/iov.h"
> > +#include "qemu/error-report.h"
> >
> > void virtio_9p_push_and_notify(V9fsPDU *pdu)
> > {
> > @@ -35,6 +36,11 @@ void virtio_9p_push_and_notify(V9fsPDU *pdu)
> > virtio_notify(VIRTIO_DEVICE(v), v->vq);
> > }
> >
> > +static void virtio_9p_error(const char *msg)
> > +{
> > + error_report("The virtio-9p driver in the guest has an issue: %s", msg);
> > +}
> > +
> > static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
> > {
> > V9fsVirtioState *v = (V9fsVirtioState *)vdev;
> > @@ -56,13 +62,23 @@ static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
> > break;
> > }
> >
> > - BUG_ON(elem->out_num == 0 || elem->in_num == 0);
> > + if (elem->out_num == 0) {
> > + virtio_9p_error("missing VirtFS request's header");
> > + exit(1);
> > + }
>
> Can the guest trigger this?
>
Yes it can in theory if it pushes an empty buffer... but this "recent"
commit changed the outcome:
commit 1e7aed70144b4673fc26e73062064b6724795e5f
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed Jul 27 21:07:56 2016 +0530
virtio: check vring descriptor buffer length
And now, the error is caught in virtqueue_map_desc():
if (!sz) {
error_report("virtio: zero sized buffers are not allowed");
exit(1);
}
So I guess we should keep the BUG_ON() then.
BTW, there are similar checks in virtio-blk and virtio-net leading to a QEMU
exit... which seem to be obsoleted by the above commit. I'll have a closer
look.
> > + if (elem->in_num == 0) {
> > + virtio_9p_error("missing VirtFS reply's header");
> > + exit(1);
> > + }
>
> Same question.
>
Same answer. :)
> > QEMU_BUILD_BUG_ON(sizeof out != 7);
> >
> > v->elems[pdu->idx] = elem;
> > len = iov_to_buf(elem->out_sg, elem->out_num, 0,
> > &out, sizeof out);
> > - BUG_ON(len != sizeof out);
> > + if (len != sizeof out) {
> > + virtio_9p_error("malformed VirtFS request");
> > + exit(1);
> > + }
>
> Same question.
>
Here this is different: the guest can put a bogus len in the vring_desc
structure, and this doesn't get checked earlier.
> >
> > pdu->size = le32_to_cpu(out.size_le);
> >
Cheers.
--
Greg
next prev parent reply other threads:[~2016-09-08 9:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-07 17:19 [Qemu-devel] [PATCH 0/2] virtio: error report fixes in 9P and PCI Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON() Greg Kurz
2016-09-08 7:14 ` Markus Armbruster
2016-09-08 9:05 ` Greg Kurz [this message]
2016-09-08 8:59 ` Cornelia Huck
2016-09-08 9:12 ` Greg Kurz
2016-09-08 15:00 ` Michael S. Tsirkin
2016-09-08 15:04 ` Cornelia Huck
2016-09-08 15:19 ` Michael S. Tsirkin
2016-09-08 16:26 ` Greg Kurz
2016-09-08 16:55 ` Michael S. Tsirkin
2016-09-09 8:30 ` Cornelia Huck
2016-09-09 8:46 ` Greg Kurz
2016-09-09 8:53 ` Cornelia Huck
2016-09-09 9:26 ` Greg Kurz
2016-09-09 9:37 ` Greg Kurz
2016-09-09 6:38 ` Markus Armbruster
2016-09-09 7:30 ` Greg Kurz
2016-09-09 9:08 ` Markus Armbruster
2016-09-09 9:54 ` Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 2/2] virtio-pci: error out when both legacy and modern modes are disabled Greg Kurz
2016-09-08 7:15 ` Markus Armbruster
2016-09-08 9:52 ` Greg Kurz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160908110522.097ab135@bahia \
--to=groug@kaod.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=armbru@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.