From: "Michael S. Tsirkin" <mst@redhat.com>
To: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org,
kvmarm@lists.cs.columbia.edu, christoffer.dall@linaro.org,
marc.zyngier@arm.com, linux-kernel@vger.kernel.org,
kristina.martsenko@arm.com, peter.maydell@linaro.org,
pbonzini@redhat.com, rkrcmar@redhat.com, will.deacon@arm.com,
ard.biesheuvel@linaro.org, mark.rutland@arm.com,
catalin.marinas@arm.com, Jason Wang <jasowang@redhat.com>,
Christoffer Dall <cdall@linaro.org>
Subject: Re: [PATCH v1 01/16] virtio: Validate queue pfn for 32bit transports
Date: Wed, 10 Jan 2018 01:29:31 +0200 [thread overview]
Message-ID: <20180110012429-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20180109190414.4017-2-suzuki.poulose@arm.com>
On Tue, Jan 09, 2018 at 07:03:56PM +0000, Suzuki K Poulose wrote:
> virtio-mmio using virtio-v1 and virtio legacy pci use a 32bit PFN
> for the queue. If the queue pfn is too large to fit in 32bits, which
> we could hit on arm64 systems with 52bit physical addresses (even with
> 64K page size), we simply miss out a proper link to the other side of
> the queue.
>
> Add a check to validate the PFN, rather than silently breaking
> the devices.
>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Christoffer Dall <cdall@linaro.org>
> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Could you guys please work on virtio 1 support in
for virtio mmio in qemu though?
It's not a lot of code.
> ---
> drivers/virtio/virtio_mmio.c | 19 ++++++++++++++++---
> drivers/virtio/virtio_pci_legacy.c | 11 +++++++++--
> 2 files changed, 25 insertions(+), 5 deletions(-)
I'd rather see this as 2 patches.
> diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c
> index a9192fe4f345..47109baf37f7 100644
> --- a/drivers/virtio/virtio_mmio.c
> +++ b/drivers/virtio/virtio_mmio.c
> @@ -358,6 +358,7 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
> struct virtqueue *vq;
> unsigned long flags;
> unsigned int num;
> + u64 addr;
> int err;
>
> if (!name)
> @@ -394,16 +395,26 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
> goto error_new_virtqueue;
> }
>
> + addr = virtqueue_get_desc_addr(vq);
> + /*
> + * virtio-mmio v1 uses a 32bit QUEUE PFN. If we have something that
> + * doesn't fit in 32bit, fail the setup rather than pretending to
> + * be successful.
> + */
> + if (vm_dev->version == 1 && (addr >> (PAGE_SHIFT + 32))) {
> + dev_err(&vdev->dev, "virtio-mmio: queue address too large\n");
> + err = -ENOMEM;
> + goto error_bad_pfn;
> + }
> +
Can you please move this below to where it's actually used?
> /* Activate the queue */
> writel(virtqueue_get_vring_size(vq), vm_dev->base + VIRTIO_MMIO_QUEUE_NUM);
> if (vm_dev->version == 1) {
> writel(PAGE_SIZE, vm_dev->base + VIRTIO_MMIO_QUEUE_ALIGN);
> - writel(virtqueue_get_desc_addr(vq) >> PAGE_SHIFT,
> + writel(addr >> PAGE_SHIFT,
> vm_dev->base + VIRTIO_MMIO_QUEUE_PFN);
> } else {
> - u64 addr;
>
> - addr = virtqueue_get_desc_addr(vq);
> writel((u32)addr, vm_dev->base + VIRTIO_MMIO_QUEUE_DESC_LOW);
> writel((u32)(addr >> 32),
> vm_dev->base + VIRTIO_MMIO_QUEUE_DESC_HIGH);
> @@ -430,6 +441,8 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
>
> return vq;
>
> +error_bad_pfn:
> + vring_del_virtqueue(vq);
> error_new_virtqueue:
> if (vm_dev->version == 1) {
> writel(0, vm_dev->base + VIRTIO_MMIO_QUEUE_PFN);
> diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c
> index 2780886e8ba3..099d2cfb47b3 100644
> --- a/drivers/virtio/virtio_pci_legacy.c
> +++ b/drivers/virtio/virtio_pci_legacy.c
> @@ -122,6 +122,7 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
> struct virtqueue *vq;
> u16 num;
> int err;
> + u64 q_pfn;
>
> /* Select the queue we're interested in */
> iowrite16(index, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_SEL);
> @@ -141,9 +142,15 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
> if (!vq)
> return ERR_PTR(-ENOMEM);
>
> + q_pfn = virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT;
> + if (q_pfn >> 32) {
> + dev_err(&vp_dev->pci_dev->dev, "virtio-pci queue PFN too large\n");
> + err = -ENOMEM;
> + goto out_deactivate;
You never set up the address, it's cleaner to add another target
and not reset it.
> + }
> +
> /* activate the queue */
> - iowrite32(virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT,
> - vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
> + iowrite32((u32)q_pfn, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
>
> vq->priv = (void __force *)vp_dev->ioaddr + VIRTIO_PCI_QUEUE_NOTIFY;
>
> --
> 2.13.6
WARNING: multiple messages have this Message-ID (diff)
From: mst@redhat.com (Michael S. Tsirkin)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v1 01/16] virtio: Validate queue pfn for 32bit transports
Date: Wed, 10 Jan 2018 01:29:31 +0200 [thread overview]
Message-ID: <20180110012429-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20180109190414.4017-2-suzuki.poulose@arm.com>
On Tue, Jan 09, 2018 at 07:03:56PM +0000, Suzuki K Poulose wrote:
> virtio-mmio using virtio-v1 and virtio legacy pci use a 32bit PFN
> for the queue. If the queue pfn is too large to fit in 32bits, which
> we could hit on arm64 systems with 52bit physical addresses (even with
> 64K page size), we simply miss out a proper link to the other side of
> the queue.
>
> Add a check to validate the PFN, rather than silently breaking
> the devices.
>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>
> Cc: Marc Zyngier <marc.zyngier@arm.com>
> Cc: Christoffer Dall <cdall@linaro.org>
> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Could you guys please work on virtio 1 support in
for virtio mmio in qemu though?
It's not a lot of code.
> ---
> drivers/virtio/virtio_mmio.c | 19 ++++++++++++++++---
> drivers/virtio/virtio_pci_legacy.c | 11 +++++++++--
> 2 files changed, 25 insertions(+), 5 deletions(-)
I'd rather see this as 2 patches.
> diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c
> index a9192fe4f345..47109baf37f7 100644
> --- a/drivers/virtio/virtio_mmio.c
> +++ b/drivers/virtio/virtio_mmio.c
> @@ -358,6 +358,7 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
> struct virtqueue *vq;
> unsigned long flags;
> unsigned int num;
> + u64 addr;
> int err;
>
> if (!name)
> @@ -394,16 +395,26 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
> goto error_new_virtqueue;
> }
>
> + addr = virtqueue_get_desc_addr(vq);
> + /*
> + * virtio-mmio v1 uses a 32bit QUEUE PFN. If we have something that
> + * doesn't fit in 32bit, fail the setup rather than pretending to
> + * be successful.
> + */
> + if (vm_dev->version == 1 && (addr >> (PAGE_SHIFT + 32))) {
> + dev_err(&vdev->dev, "virtio-mmio: queue address too large\n");
> + err = -ENOMEM;
> + goto error_bad_pfn;
> + }
> +
Can you please move this below to where it's actually used?
> /* Activate the queue */
> writel(virtqueue_get_vring_size(vq), vm_dev->base + VIRTIO_MMIO_QUEUE_NUM);
> if (vm_dev->version == 1) {
> writel(PAGE_SIZE, vm_dev->base + VIRTIO_MMIO_QUEUE_ALIGN);
> - writel(virtqueue_get_desc_addr(vq) >> PAGE_SHIFT,
> + writel(addr >> PAGE_SHIFT,
> vm_dev->base + VIRTIO_MMIO_QUEUE_PFN);
> } else {
> - u64 addr;
>
> - addr = virtqueue_get_desc_addr(vq);
> writel((u32)addr, vm_dev->base + VIRTIO_MMIO_QUEUE_DESC_LOW);
> writel((u32)(addr >> 32),
> vm_dev->base + VIRTIO_MMIO_QUEUE_DESC_HIGH);
> @@ -430,6 +441,8 @@ static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index,
>
> return vq;
>
> +error_bad_pfn:
> + vring_del_virtqueue(vq);
> error_new_virtqueue:
> if (vm_dev->version == 1) {
> writel(0, vm_dev->base + VIRTIO_MMIO_QUEUE_PFN);
> diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c
> index 2780886e8ba3..099d2cfb47b3 100644
> --- a/drivers/virtio/virtio_pci_legacy.c
> +++ b/drivers/virtio/virtio_pci_legacy.c
> @@ -122,6 +122,7 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
> struct virtqueue *vq;
> u16 num;
> int err;
> + u64 q_pfn;
>
> /* Select the queue we're interested in */
> iowrite16(index, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_SEL);
> @@ -141,9 +142,15 @@ static struct virtqueue *setup_vq(struct virtio_pci_device *vp_dev,
> if (!vq)
> return ERR_PTR(-ENOMEM);
>
> + q_pfn = virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT;
> + if (q_pfn >> 32) {
> + dev_err(&vp_dev->pci_dev->dev, "virtio-pci queue PFN too large\n");
> + err = -ENOMEM;
> + goto out_deactivate;
You never set up the address, it's cleaner to add another target
and not reset it.
> + }
> +
> /* activate the queue */
> - iowrite32(virtqueue_get_desc_addr(vq) >> VIRTIO_PCI_QUEUE_ADDR_SHIFT,
> - vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
> + iowrite32((u32)q_pfn, vp_dev->ioaddr + VIRTIO_PCI_QUEUE_PFN);
>
> vq->priv = (void __force *)vp_dev->ioaddr + VIRTIO_PCI_QUEUE_NOTIFY;
>
> --
> 2.13.6
next prev parent reply other threads:[~2018-01-09 23:29 UTC|newest]
Thread overview: 132+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-09 19:03 [PATCH 00/16] kvm: arm64: Support for dynamic IPA size Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-01-09 19:03 ` [PATCH v1 01/16] virtio: Validate queue pfn for 32bit transports Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-01-09 23:29 ` Michael S. Tsirkin [this message]
2018-01-09 23:29 ` Michael S. Tsirkin
2018-01-10 10:54 ` Suzuki K Poulose
2018-01-10 10:54 ` Suzuki K Poulose
2018-01-10 10:54 ` Suzuki K Poulose
2018-01-10 11:06 ` Michael S. Tsirkin
2018-01-10 11:06 ` Michael S. Tsirkin
2018-01-10 11:06 ` Michael S. Tsirkin
2018-01-10 11:18 ` Suzuki K Poulose
2018-01-10 11:18 ` Suzuki K Poulose
2018-01-10 11:19 ` Peter Maydell
2018-01-10 11:19 ` Peter Maydell
2018-01-10 11:19 ` Peter Maydell
2018-01-10 11:25 ` Jean-Philippe Brucker
2018-01-10 11:25 ` Jean-Philippe Brucker
2018-01-12 10:21 ` Peter Maydell
2018-01-12 10:21 ` Peter Maydell
2018-01-12 10:21 ` Peter Maydell
2018-01-12 11:01 ` Jean-Philippe Brucker
2018-01-12 11:01 ` Jean-Philippe Brucker
2018-01-10 11:30 ` Michael S. Tsirkin
2018-01-10 11:30 ` Michael S. Tsirkin
2018-01-09 19:03 ` [PATCH v1 02/16] irqchip: gicv3-its: Add helpers for handling 52bit address Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-02-07 15:10 ` Christoffer Dall
2018-02-07 15:10 ` Christoffer Dall
2018-02-08 11:20 ` Suzuki K Poulose
2018-02-08 11:20 ` Suzuki K Poulose
2018-02-08 11:36 ` Robin Murphy
2018-02-08 11:36 ` Robin Murphy
2018-02-08 13:45 ` Christoffer Dall
2018-02-08 13:45 ` Christoffer Dall
2018-02-08 13:45 ` Christoffer Dall
2018-01-09 19:03 ` [PATCH v1 03/16] arm64: Make page table helpers reusable Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-01-09 19:03 ` [PATCH v1 04/16] arm64: Refactor pud_huge for reusability Suzuki K Poulose
2018-01-09 19:03 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 05/16] arm64: Helper for parange to PASize Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 11:08 ` Suzuki K Poulose
2018-02-08 11:08 ` Suzuki K Poulose
2018-02-08 11:21 ` Christoffer Dall
2018-02-08 11:21 ` Christoffer Dall
2018-01-09 19:04 ` [PATCH v1 06/16] kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 11:00 ` Christoffer Dall
2018-01-09 19:04 ` [PATCH v1 07/16] kvm: arm/arm64: Remove spurious WARN_ON Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 11:00 ` Christoffer Dall
2018-01-09 19:04 ` [PATCH v1 08/16] kvm: arm/arm64: Clean up stage2 pgd life time Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 17:19 ` Suzuki K Poulose
2018-02-08 17:19 ` Suzuki K Poulose
2018-02-09 8:11 ` Christoffer Dall
2018-02-09 8:11 ` Christoffer Dall
2018-01-09 19:04 ` [PATCH v1 09/16] kvm: arm/arm64: Delay stage2 page table allocation Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:01 ` Christoffer Dall
2018-02-08 11:01 ` Christoffer Dall
2018-02-08 17:20 ` Suzuki K Poulose
2018-02-08 17:20 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 10/16] kvm: arm/arm64: Prepare for VM specific stage2 translations Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 11/16] kvm: arm64: Make stage2 page table layout dynamic Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 12/16] kvm: arm64: Dynamic configuration of VTCR and VTTBR mask Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 13/16] kvm: arm64: Configure VTCR per VM Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 18:04 ` Christoffer Dall
2018-02-08 18:04 ` Christoffer Dall
2018-03-15 15:24 ` Suzuki K Poulose
2018-03-15 15:24 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 14/16] kvm: arm64: Switch to per VM IPA Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 11:00 ` Christoffer Dall
2018-02-08 17:22 ` Suzuki K Poulose
2018-02-08 17:22 ` Suzuki K Poulose
2018-02-08 17:22 ` Suzuki K Poulose
2018-02-09 8:12 ` Christoffer Dall
2018-02-09 8:12 ` Christoffer Dall
2018-01-09 19:04 ` [PATCH v1 15/16] kvm: arm64: Allow configuring physical address space size Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:14 ` Christoffer Dall
2018-02-08 11:14 ` Christoffer Dall
2018-02-08 17:53 ` Suzuki K Poulose
2018-02-08 17:53 ` Suzuki K Poulose
2018-02-09 8:16 ` Christoffer Dall
2018-02-09 8:16 ` Christoffer Dall
2018-02-09 9:27 ` Andrew Jones
2018-02-09 9:27 ` Andrew Jones
2018-02-09 9:27 ` Andrew Jones
2018-03-15 11:06 ` Suzuki K Poulose
2018-03-15 11:06 ` Suzuki K Poulose
2018-01-09 19:04 ` [PATCH v1 16/16] vgic: its: Add support for 52bit guest physical address Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` [kvmtool hack 1/3] virtio: Handle aborts using invalid PFN Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` [kvmtool hack 2/3] kvmtool: arm64: Add support for guest physical address size Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-01-09 19:04 ` [kvmtool hack 3/3] kvmtool: arm64: Switch memory layout Suzuki K Poulose
2018-01-09 19:04 ` Suzuki K Poulose
2018-02-08 11:18 ` [PATCH 00/16] kvm: arm64: Support for dynamic IPA size Christoffer Dall
2018-02-08 11:18 ` Christoffer Dall
2018-02-08 11:25 ` Will Deacon
2018-02-08 11:25 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110012429-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=cdall@linaro.org \
--cc=christoffer.dall@linaro.org \
--cc=jasowang@redhat.com \
--cc=kristina.martsenko@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mark.rutland@arm.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=rkrcmar@redhat.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.