From: Cornelia Huck <cohuck@redhat.com>
To: Eric Farman <farman@linux.ibm.com>
Cc: linux-s390@vger.kernel.org,
Alex Williamson <alex.williamson@redhat.com>,
Pierre Morel <pmorel@linux.ibm.com>,
kvm@vger.kernel.org, Farhan Ali <alifm@linux.ibm.com>,
qemu-devel@nongnu.org, Halil Pasic <pasic@linux.ibm.com>,
qemu-s390x@nongnu.org
Subject: Re: [PATCH v3 1/6] vfio-ccw: make it safe to access channel programs
Date: Tue, 5 Feb 2019 17:29:59 +0100 [thread overview]
Message-ID: <20190205172959.29868870.cohuck@redhat.com> (raw)
In-Reply-To: <34836353-1c5b-4013-f0ff-6172bf493618@linux.ibm.com>
On Tue, 5 Feb 2019 09:41:15 -0500
Eric Farman <farman@linux.ibm.com> wrote:
> On 02/05/2019 07:03 AM, Cornelia Huck wrote:
> > On Mon, 4 Feb 2019 14:25:34 -0500
> > Eric Farman <farman@linux.ibm.com> wrote:
> >
> >> On 01/30/2019 08:22 AM, Cornelia Huck wrote:
> >>> @@ -760,6 +764,10 @@ int cp_prefetch(struct channel_program *cp)
> >>> struct ccwchain *chain;
> >>> int len, idx, ret;
> >>>
> >>> + /* this is an error in the caller */
> >>> + if (!cp || !cp->initialized)
> >>> + return -EINVAL;
> >>> +
> >>> list_for_each_entry(chain, &cp->ccwchain_list, next) {
> >>> len = chain->ch_len;
> >>> for (idx = 0; idx < len; idx++) {
> >>> @@ -795,6 +803,10 @@ union orb *cp_get_orb(struct channel_program *cp, u32 intparm, u8 lpm)
> >>> struct ccwchain *chain;
> >>> struct ccw1 *cpa;
> >>>
> >>> + /* this is an error in the caller */
> >>> + if (!cp || !cp->initialized)
> >>> + return NULL;
> >>> +
> >>> orb = &cp->orb;
> >>>
> >>> orb->cmd.intparm = intparm;
> >>> @@ -831,6 +843,9 @@ void cp_update_scsw(struct channel_program *cp, union scsw *scsw)
> >>> u32 cpa = scsw->cmd.cpa;
> >>> u32 ccw_head, ccw_tail;
> >>>
> >>> + if (!cp->initialized)
> >>> + return;
> >>> +
> >>> /*
> >>> * LATER:
> >>> * For now, only update the cmd.cpa part. We may need to deal with
> >>> @@ -869,6 +884,9 @@ bool cp_iova_pinned(struct channel_program *cp, u64 iova)
> >>> struct ccwchain *chain;
> >>> int i;
> >>>
> >>> + if (!cp->initialized)
> >>
> >> So, two of the checks added above look for a nonzero cp pointer prior to
> >> checking initialized, while two don't. I guess cp can't be NULL, since
> >> it's embedded in the private struct directly and that's only free'd when
> >> we do vfio_ccw_sch_remove() ... But I guess some consistency in how we
> >> look would be nice.
> >
> > The idea was: In which context is this called? Is there a legitimate
> > reason for the caller to pass in an uninitialized cp, or would that
> > mean the caller had messed up (and we should not trust cp to be !NULL
> > either?)
> >
> > But you're right, that does look inconsistent. Always checking for
> > cp != NULL probably looks least odd, although it is overkill. Opinions?
>
> My opinion? Since cp is embedded in vfio_ccw_private, rather than a
> pointer to a separately malloc'd struct, we pass &private->cp to those
> functions. So a check for !cp doesn't really buy us anything because
> what we are actually concerned about is whether or not private is NULL,
> which only changes on the probe/remove boundaries.
I guess if we pass in crap (or NULL) instead of &private->cp, it's our
own fault and we can disregard fencing that case. The probe/remove path
does not really bother me, for the reasons you said.
WARNING: multiple messages have this Message-ID (diff)
From: Cornelia Huck <cohuck@redhat.com>
To: Eric Farman <farman@linux.ibm.com>
Cc: Halil Pasic <pasic@linux.ibm.com>,
Farhan Ali <alifm@linux.ibm.com>,
Pierre Morel <pmorel@linux.ibm.com>,
linux-s390@vger.kernel.org, kvm@vger.kernel.org,
qemu-devel@nongnu.org, qemu-s390x@nongnu.org,
Alex Williamson <alex.williamson@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v3 1/6] vfio-ccw: make it safe to access channel programs
Date: Tue, 5 Feb 2019 17:29:59 +0100 [thread overview]
Message-ID: <20190205172959.29868870.cohuck@redhat.com> (raw)
In-Reply-To: <34836353-1c5b-4013-f0ff-6172bf493618@linux.ibm.com>
On Tue, 5 Feb 2019 09:41:15 -0500
Eric Farman <farman@linux.ibm.com> wrote:
> On 02/05/2019 07:03 AM, Cornelia Huck wrote:
> > On Mon, 4 Feb 2019 14:25:34 -0500
> > Eric Farman <farman@linux.ibm.com> wrote:
> >
> >> On 01/30/2019 08:22 AM, Cornelia Huck wrote:
> >>> @@ -760,6 +764,10 @@ int cp_prefetch(struct channel_program *cp)
> >>> struct ccwchain *chain;
> >>> int len, idx, ret;
> >>>
> >>> + /* this is an error in the caller */
> >>> + if (!cp || !cp->initialized)
> >>> + return -EINVAL;
> >>> +
> >>> list_for_each_entry(chain, &cp->ccwchain_list, next) {
> >>> len = chain->ch_len;
> >>> for (idx = 0; idx < len; idx++) {
> >>> @@ -795,6 +803,10 @@ union orb *cp_get_orb(struct channel_program *cp, u32 intparm, u8 lpm)
> >>> struct ccwchain *chain;
> >>> struct ccw1 *cpa;
> >>>
> >>> + /* this is an error in the caller */
> >>> + if (!cp || !cp->initialized)
> >>> + return NULL;
> >>> +
> >>> orb = &cp->orb;
> >>>
> >>> orb->cmd.intparm = intparm;
> >>> @@ -831,6 +843,9 @@ void cp_update_scsw(struct channel_program *cp, union scsw *scsw)
> >>> u32 cpa = scsw->cmd.cpa;
> >>> u32 ccw_head, ccw_tail;
> >>>
> >>> + if (!cp->initialized)
> >>> + return;
> >>> +
> >>> /*
> >>> * LATER:
> >>> * For now, only update the cmd.cpa part. We may need to deal with
> >>> @@ -869,6 +884,9 @@ bool cp_iova_pinned(struct channel_program *cp, u64 iova)
> >>> struct ccwchain *chain;
> >>> int i;
> >>>
> >>> + if (!cp->initialized)
> >>
> >> So, two of the checks added above look for a nonzero cp pointer prior to
> >> checking initialized, while two don't. I guess cp can't be NULL, since
> >> it's embedded in the private struct directly and that's only free'd when
> >> we do vfio_ccw_sch_remove() ... But I guess some consistency in how we
> >> look would be nice.
> >
> > The idea was: In which context is this called? Is there a legitimate
> > reason for the caller to pass in an uninitialized cp, or would that
> > mean the caller had messed up (and we should not trust cp to be !NULL
> > either?)
> >
> > But you're right, that does look inconsistent. Always checking for
> > cp != NULL probably looks least odd, although it is overkill. Opinions?
>
> My opinion? Since cp is embedded in vfio_ccw_private, rather than a
> pointer to a separately malloc'd struct, we pass &private->cp to those
> functions. So a check for !cp doesn't really buy us anything because
> what we are actually concerned about is whether or not private is NULL,
> which only changes on the probe/remove boundaries.
I guess if we pass in crap (or NULL) instead of &private->cp, it's our
own fault and we can disregard fencing that case. The probe/remove path
does not really bother me, for the reasons you said.
next prev parent reply other threads:[~2019-02-05 16:29 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-30 13:22 [PATCH v3 0/6] vfio-ccw: support hsch/csch (kernel part) Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-01-30 13:22 ` [PATCH v3 1/6] vfio-ccw: make it safe to access channel programs Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-01-30 18:51 ` Halil Pasic
2019-01-30 18:51 ` [Qemu-devel] " Halil Pasic
2019-01-31 11:52 ` Cornelia Huck
2019-01-31 11:52 ` [Qemu-devel] " Cornelia Huck
2019-01-31 12:34 ` Halil Pasic
2019-01-31 12:34 ` [Qemu-devel] " Halil Pasic
2019-02-04 15:31 ` Cornelia Huck
2019-02-04 15:31 ` [Qemu-devel] " Cornelia Huck
2019-02-05 11:52 ` Halil Pasic
2019-02-05 11:52 ` [Qemu-devel] " Halil Pasic
2019-02-05 12:35 ` Cornelia Huck
2019-02-05 12:35 ` [Qemu-devel] " Cornelia Huck
2019-02-05 14:48 ` Eric Farman
2019-02-05 14:48 ` [Qemu-devel] " Eric Farman
2019-02-05 15:14 ` Farhan Ali
2019-02-05 15:14 ` [Qemu-devel] " Farhan Ali
2019-02-05 16:13 ` Cornelia Huck
2019-02-05 16:13 ` [Qemu-devel] " Cornelia Huck
2019-02-04 19:25 ` Eric Farman
2019-02-04 19:25 ` [Qemu-devel] " Eric Farman
2019-02-05 12:03 ` Cornelia Huck
2019-02-05 12:03 ` [Qemu-devel] " Cornelia Huck
2019-02-05 14:41 ` Eric Farman
2019-02-05 14:41 ` [Qemu-devel] " Eric Farman
2019-02-05 16:29 ` Cornelia Huck [this message]
2019-02-05 16:29 ` Cornelia Huck
2019-01-30 13:22 ` [PATCH v3 2/6] vfio-ccw: rework ssch state handling Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-02-04 21:29 ` Eric Farman
2019-02-04 21:29 ` [Qemu-devel] " Eric Farman
2019-02-05 12:10 ` Cornelia Huck
2019-02-05 12:10 ` [Qemu-devel] " Cornelia Huck
2019-02-05 14:31 ` Eric Farman
2019-02-05 14:31 ` [Qemu-devel] " Eric Farman
2019-02-05 16:32 ` Cornelia Huck
2019-02-05 16:32 ` [Qemu-devel] " Cornelia Huck
2019-01-30 13:22 ` [PATCH v3 3/6] vfio-ccw: protect the I/O region Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-02-08 21:26 ` Eric Farman
2019-02-08 21:26 ` [Qemu-devel] " Eric Farman
2019-02-11 15:57 ` Cornelia Huck
2019-02-11 15:57 ` [Qemu-devel] " Cornelia Huck
2019-01-30 13:22 ` [PATCH v3 4/6] vfio-ccw: add capabilities chain Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-02-15 15:46 ` Eric Farman
2019-02-15 15:46 ` [Qemu-devel] " Eric Farman
2019-02-19 11:06 ` Cornelia Huck
2019-02-19 11:06 ` [Qemu-devel] " Cornelia Huck
2019-01-30 13:22 ` [PATCH v3 5/6] s390/cio: export hsch to modules Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-01-30 13:22 ` [PATCH v3 6/6] vfio-ccw: add handling for async channel instructions Cornelia Huck
2019-01-30 13:22 ` [Qemu-devel] " Cornelia Huck
2019-01-30 17:00 ` Halil Pasic
2019-01-30 17:00 ` [Qemu-devel] " Halil Pasic
2019-01-30 17:09 ` Halil Pasic
2019-01-30 17:09 ` [Qemu-devel] " Halil Pasic
2019-01-31 11:53 ` Cornelia Huck
2019-01-31 11:53 ` [Qemu-devel] " Cornelia Huck
2019-02-06 14:00 ` [PATCH v3 0/6] vfio-ccw: support hsch/csch (kernel part) Cornelia Huck
2019-02-06 14:00 ` [Qemu-devel] " Cornelia Huck
2019-02-08 21:19 ` Eric Farman
2019-02-08 21:19 ` [Qemu-devel] " Eric Farman
2019-02-11 16:13 ` Cornelia Huck
2019-02-11 16:13 ` [Qemu-devel] " Cornelia Huck
2019-02-11 17:37 ` Eric Farman
2019-02-11 17:37 ` [Qemu-devel] " Eric Farman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190205172959.29868870.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=alifm@linux.ibm.com \
--cc=farman@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=pasic@linux.ibm.com \
--cc=pmorel@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.