From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH RFC] uaccess: user_access_begin_after_access_ok()
Date: Thu, 4 Jun 2020 12:49:19 -0400 [thread overview]
Message-ID: <20200604124759-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <f0573536-e6cc-3f68-5beb-a53c8e1d0620@redhat.com>
On Wed, Jun 03, 2020 at 02:36:46PM +0800, Jason Wang wrote:
>
> On 2020/6/3 下午2:30, Michael S. Tsirkin wrote:
> > On Wed, Jun 03, 2020 at 02:23:08PM +0800, Jason Wang wrote:
> > > > BTW now I re-read it I don't understand __vhost_get_user_slow:
> > > >
> > > >
> > > > static void __user *__vhost_get_user_slow(struct vhost_virtqueue *vq,
> > > > void __user *addr, unsigned int size,
> > > > int type)
> > > > {
> > > > int ret;
> > > >
> > > > ret = translate_desc(vq, (u64)(uintptr_t)addr, size, vq->iotlb_iov,
> > > > ARRAY_SIZE(vq->iotlb_iov),
> > > > VHOST_ACCESS_RO);
> > > >
> > > > ..
> > > > }
> > > >
> > > > how does this work? how can we cast a pointer to guest address without
> > > > adding any offsets?
> > >
> > > I'm not sure I get you here. What kind of offset did you mean?
> > >
> > > Thanks
> > OK so points:
> >
> > 1. type argument seems unused. Right?
>
>
> Yes, we can remove that.
>
>
> > 2. Second argument to translate_desc is a GPA, isn't it?
>
>
> No, it's IOVA, this function will be called only when IOTLB is enabled.
>
> Thanks
Right IOVA. Point stands how does it make sense to cast
a userspace pointer to an IOVA? I guess it's just
because it's talking to qemu actually, so it's abusing
the notation a bit ...
>
> > Here we cast a userspace address to this type. What if it
> > matches a valid GPA by mistake?
> >
next prev parent reply other threads:[~2020-06-04 16:49 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-02 8:45 [PATCH RFC] uaccess: user_access_begin_after_access_ok() Michael S. Tsirkin
2020-06-02 10:15 ` Jason Wang
2020-06-02 16:33 ` Al Viro
2020-06-02 17:18 ` Linus Torvalds
2020-06-02 17:44 ` Al Viro
2020-06-02 17:46 ` Al Viro
2020-06-02 20:32 ` Michael S. Tsirkin
2020-06-02 20:41 ` David Laight
2020-06-02 21:58 ` Al Viro
2020-06-03 8:08 ` David Laight
2020-06-02 20:43 ` Linus Torvalds
2020-06-03 6:01 ` Michael S. Tsirkin
[not found] ` <CAHk-=wi3=QuD30fRq8fYYTj9WmkgeZ0VR_Sh3DQHU+nmwj-jMg@mail.gmail.com>
2020-06-03 16:59 ` Linus Torvalds
2020-06-02 16:30 ` Al Viro
2020-06-02 20:42 ` Michael S. Tsirkin
2020-06-02 22:10 ` Al Viro
2020-06-03 5:17 ` Michael S. Tsirkin
2020-06-03 1:48 ` Al Viro
2020-06-03 3:57 ` Jason Wang
2020-06-03 4:18 ` Al Viro
2020-06-03 5:18 ` Jason Wang
2020-06-03 5:46 ` Michael S. Tsirkin
2020-06-03 6:23 ` Jason Wang
2020-06-03 6:30 ` Michael S. Tsirkin
2020-06-03 6:36 ` Jason Wang
2020-06-04 16:49 ` Michael S. Tsirkin [this message]
2020-06-05 10:03 ` Jason Wang
2020-06-06 20:08 ` Michael S. Tsirkin
2020-06-03 6:25 ` Michael S. Tsirkin
2020-06-03 5:29 ` Michael S. Tsirkin
2020-06-03 16:52 ` Al Viro
2020-06-04 6:10 ` Jason Wang
2020-06-04 14:59 ` Al Viro
2020-06-04 16:46 ` Michael S. Tsirkin
2020-06-04 10:10 ` Michael S. Tsirkin
2020-06-04 15:03 ` Al Viro
2020-06-04 16:47 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200604124759-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.