From: Avi Kivity <avi@redhat.com>
To: Alexander Graf <agraf@suse.de>
Cc: Paul Mackerras <paulus@samba.org>,
"linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"kvm-ppc@vger.kernel.org" <kvm-ppc@vger.kernel.org>,
Scott Wood <scottwood@freescale.com>
Subject: Re: [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select
Date: Sun, 03 Jul 2011 08:56:46 +0000 [thread overview]
Message-ID: <4E102ECE.1060004@redhat.com> (raw)
In-Reply-To: <70A08140-B592-4B2F-985B-D8E5C78C743B@suse.de>
On 07/03/2011 11:34 AM, Alexander Graf wrote:
> >>
> >> Yup, which requires knowledge in the code on what actually fits :). Logic we don't have today.
> >
> > I don't follow. What knowledge is required? Please give an example.
>
> Sure. Let's take an easy example Currently we have for get_pvinfo:
>
<snip>
> The padding would not be there with your idea. An updated version could look like this:
>
> /* for KVM_PPC_GET_PVINFO */
> struct kvm_ppc_pvinfo {
> /* out */
> __u32 flags;
> __u32 hcall[4];
> __u64 features; /* only there with PVINFO_FLAGS_FEATURES */
> };
>
> Now, your idea was to not use copy_from/to_user directly, but instead some wrapper that could pad with zeros on read or truncate on write. So instead we would essentially get:
>
> int kvm_vm_ioctl_get_pvinfo(struct kvm_ppc_pvinfo *pvinfo, int *required_size)
> {
> [...]
> if (pvinfo_flags& PVINFO_FLAGS_FEATURES) {
> *required_size = 16;
> } else {
> *required_size = 8;
> }
> [...]
> }
Why? Kernel code would only consider the full structure.
> case KVM_PPC_GET_PVINFO: {
> struct kvm_ppc_pvinfo pvinfo;
> int required_size = 0;
> memset(&pvinfo, 0, sizeof(pvinfo));
> r = kvm_vm_ioctl_get_pvinfo(&pvinfo,&required_size);
> if (copy_to_user(argp,&pvinfo, required_size) {
> r = -EFAULT;
> goto out;
> }
required_size would come from the size encoded in the ioctl number, no
need to calculate it separately.
> break;
> }
>
> Otherwise we might write over data the user expected. And that logic that tells to copy_to_user how much data it actually takes to put all the information in is not there today and would have to be added. You can even verify that required_size with the ioctl passed size to make 100% sure user space is sane, but I'd claim that a feature bitmap is plenty of information to ensure that we're not doing something stupid.
I don't see why we have to caclulate something, then verify it against
the correct answer.
--
error compiling committee.c: too many arguments to function
WARNING: multiple messages have this Message-ID (diff)
From: Avi Kivity <avi@redhat.com>
To: Alexander Graf <agraf@suse.de>
Cc: Scott Wood <scottwood@freescale.com>,
"linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
Paul Mackerras <paulus@samba.org>,
"kvm-ppc@vger.kernel.org" <kvm-ppc@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: Re: [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate
Date: Sun, 03 Jul 2011 11:56:46 +0300 [thread overview]
Message-ID: <4E102ECE.1060004@redhat.com> (raw)
In-Reply-To: <70A08140-B592-4B2F-985B-D8E5C78C743B@suse.de>
On 07/03/2011 11:34 AM, Alexander Graf wrote:
> >>
> >> Yup, which requires knowledge in the code on what actually fits :). Logic we don't have today.
> >
> > I don't follow. What knowledge is required? Please give an example.
>
> Sure. Let's take an easy example Currently we have for get_pvinfo:
>
<snip>
> The padding would not be there with your idea. An updated version could look like this:
>
> /* for KVM_PPC_GET_PVINFO */
> struct kvm_ppc_pvinfo {
> /* out */
> __u32 flags;
> __u32 hcall[4];
> __u64 features; /* only there with PVINFO_FLAGS_FEATURES */
> };
>
> Now, your idea was to not use copy_from/to_user directly, but instead some wrapper that could pad with zeros on read or truncate on write. So instead we would essentially get:
>
> int kvm_vm_ioctl_get_pvinfo(struct kvm_ppc_pvinfo *pvinfo, int *required_size)
> {
> [...]
> if (pvinfo_flags& PVINFO_FLAGS_FEATURES) {
> *required_size = 16;
> } else {
> *required_size = 8;
> }
> [...]
> }
Why? Kernel code would only consider the full structure.
> case KVM_PPC_GET_PVINFO: {
> struct kvm_ppc_pvinfo pvinfo;
> int required_size = 0;
> memset(&pvinfo, 0, sizeof(pvinfo));
> r = kvm_vm_ioctl_get_pvinfo(&pvinfo,&required_size);
> if (copy_to_user(argp,&pvinfo, required_size) {
> r = -EFAULT;
> goto out;
> }
required_size would come from the size encoded in the ioctl number, no
need to calculate it separately.
> break;
> }
>
> Otherwise we might write over data the user expected. And that logic that tells to copy_to_user how much data it actually takes to put all the information in is not there today and would have to be added. You can even verify that required_size with the ioctl passed size to make 100% sure user space is sane, but I'd claim that a feature bitmap is plenty of information to ensure that we're not doing something stupid.
I don't see why we have to caclulate something, then verify it against
the correct answer.
--
error compiling committee.c: too many arguments to function
WARNING: multiple messages have this Message-ID (diff)
From: Avi Kivity <avi@redhat.com>
To: Alexander Graf <agraf@suse.de>
Cc: Paul Mackerras <paulus@samba.org>,
"linuxppc-dev@ozlabs.org" <linuxppc-dev@ozlabs.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"kvm-ppc@vger.kernel.org" <kvm-ppc@vger.kernel.org>,
Scott Wood <scottwood@freescale.com>
Subject: Re: [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate
Date: Sun, 03 Jul 2011 11:56:46 +0300 [thread overview]
Message-ID: <4E102ECE.1060004@redhat.com> (raw)
In-Reply-To: <70A08140-B592-4B2F-985B-D8E5C78C743B@suse.de>
On 07/03/2011 11:34 AM, Alexander Graf wrote:
> >>
> >> Yup, which requires knowledge in the code on what actually fits :). Logic we don't have today.
> >
> > I don't follow. What knowledge is required? Please give an example.
>
> Sure. Let's take an easy example Currently we have for get_pvinfo:
>
<snip>
> The padding would not be there with your idea. An updated version could look like this:
>
> /* for KVM_PPC_GET_PVINFO */
> struct kvm_ppc_pvinfo {
> /* out */
> __u32 flags;
> __u32 hcall[4];
> __u64 features; /* only there with PVINFO_FLAGS_FEATURES */
> };
>
> Now, your idea was to not use copy_from/to_user directly, but instead some wrapper that could pad with zeros on read or truncate on write. So instead we would essentially get:
>
> int kvm_vm_ioctl_get_pvinfo(struct kvm_ppc_pvinfo *pvinfo, int *required_size)
> {
> [...]
> if (pvinfo_flags& PVINFO_FLAGS_FEATURES) {
> *required_size = 16;
> } else {
> *required_size = 8;
> }
> [...]
> }
Why? Kernel code would only consider the full structure.
> case KVM_PPC_GET_PVINFO: {
> struct kvm_ppc_pvinfo pvinfo;
> int required_size = 0;
> memset(&pvinfo, 0, sizeof(pvinfo));
> r = kvm_vm_ioctl_get_pvinfo(&pvinfo,&required_size);
> if (copy_to_user(argp,&pvinfo, required_size) {
> r = -EFAULT;
> goto out;
> }
required_size would come from the size encoded in the ioctl number, no
need to calculate it separately.
> break;
> }
>
> Otherwise we might write over data the user expected. And that logic that tells to copy_to_user how much data it actually takes to put all the information in is not there today and would have to be added. You can even verify that required_size with the ioctl passed size to make 100% sure user space is sane, but I'd claim that a feature bitmap is plenty of information to ensure that we're not doing something stupid.
I don't see why we have to caclulate something, then verify it against
the correct answer.
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2011-07-03 8:56 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-29 10:15 [PATCH 0/17] Hypervisor-mode KVM on POWER7 and PPC970 Paul Mackerras
2011-06-29 10:15 ` Paul Mackerras
2011-06-29 10:16 ` [PATCH 01/17] KVM: PPC: Fix machine checks on 32-bit Book3S Paul Mackerras
2011-06-29 10:16 ` Paul Mackerras
2011-07-01 10:08 ` Alexander Graf
2011-07-01 10:08 ` Alexander Graf
2011-07-01 10:08 ` Alexander Graf
2011-06-29 10:17 ` [PATCH 02/17] KVM: PPC: Move fields between struct kvm_vcpu_arch and Paul Mackerras
2011-06-29 10:17 ` [PATCH 02/17] KVM: PPC: Move fields between struct kvm_vcpu_arch and kvmppc_vcpu_book3s Paul Mackerras
2011-06-29 10:17 ` [PATCH 03/17] KVM: PPC: Split out code from book3s.c into book3s_pr.c Paul Mackerras
2011-06-29 10:17 ` Paul Mackerras
2011-06-29 10:18 ` [PATCH 04/17] powerpc, KVM: Rework KVM checks in first-level Paul Mackerras
2011-06-29 10:18 ` [PATCH 04/17] powerpc, KVM: Rework KVM checks in first-level interrupt handlers Paul Mackerras
2011-06-29 10:18 ` [PATCH 05/17] KVM: PPC: Deliver program interrupts right away Paul Mackerras
2011-06-29 10:18 ` [PATCH 05/17] KVM: PPC: Deliver program interrupts right away instead of queueing them Paul Mackerras
2011-07-01 11:47 ` Alexander Graf
2011-07-01 11:47 ` Alexander Graf
2011-07-01 11:47 ` Alexander Graf
2011-06-29 10:19 ` [PATCH 06/17] KVM: PPC: Pass init/destroy vm and prepare/commit Paul Mackerras
2011-06-29 10:19 ` [PATCH 06/17] KVM: PPC: Pass init/destroy vm and prepare/commit memory region ops down Paul Mackerras
2011-06-29 10:19 ` [PATCH 07/17] KVM: PPC: Move guest enter/exit down into Paul Mackerras
2011-06-29 10:19 ` [PATCH 07/17] KVM: PPC: Move guest enter/exit down into subarch-specific code Paul Mackerras
2011-06-29 10:20 ` [PATCH 08/17] powerpc: Set up LPCR for running guest partitions Paul Mackerras
2011-06-29 10:20 ` Paul Mackerras
2011-06-29 10:20 ` [PATCH 09/17] KVM: PPC: Split host-state fields out of Paul Mackerras
2011-06-29 10:20 ` [PATCH 09/17] KVM: PPC: Split host-state fields out of kvmppc_book3s_shadow_vcpu Paul Mackerras
2011-06-29 10:21 ` [PATCH 10/17] KVM: PPC: Add support for Book3S processors in Paul Mackerras
2011-06-29 10:21 ` [PATCH 10/17] KVM: PPC: Add support for Book3S processors in hypervisor mode Paul Mackerras
2011-07-01 18:37 ` [PATCH 10/17] KVM: PPC: Add support for Book3S processors in Dave Hansen
2011-07-01 18:37 ` [PATCH 10/17] KVM: PPC: Add support for Book3S processors in hypervisor mode Dave Hansen
2011-07-01 18:37 ` Dave Hansen
2011-07-01 19:12 ` Alexander Graf
2011-07-01 19:12 ` Alexander Graf
2011-07-01 19:12 ` Alexander Graf
2011-07-04 11:51 ` [PATCH 10/17] KVM: PPC: Add support for Book3S processors in Paul Mackerras
2011-07-04 11:51 ` [PATCH 10/17] KVM: PPC: Add support for Book3S processors in hypervisor mode Paul Mackerras
2011-07-04 11:51 ` Paul Mackerras
2011-06-29 10:22 ` [PATCH 11/17] KVM: PPC: Handle some PAPR hcalls in the kernel Paul Mackerras
2011-06-29 10:22 ` Paul Mackerras
2011-06-29 10:22 ` [PATCH 12/17] KVM: PPC: Accelerate H_PUT_TCE by implementing it in Paul Mackerras
2011-06-29 10:22 ` [PATCH 12/17] KVM: PPC: Accelerate H_PUT_TCE by implementing it in real mode Paul Mackerras
2011-06-29 10:23 ` [PATCH 13/17] KVM: PPC: Allow book3s_hv guests to use SMT processor Paul Mackerras
2011-06-29 10:23 ` [PATCH 13/17] KVM: PPC: Allow book3s_hv guests to use SMT processor modes Paul Mackerras
2012-04-16 9:45 ` Alexander Graf
2012-04-16 9:45 ` Alexander Graf
2012-04-16 9:45 ` Alexander Graf
2012-04-16 12:13 ` Paul Mackerras
2012-04-16 12:13 ` Paul Mackerras
2012-04-16 12:13 ` Paul Mackerras
2012-04-16 13:01 ` Alexander Graf
2012-04-16 13:01 ` Alexander Graf
2012-04-16 13:01 ` Alexander Graf
2011-06-29 10:25 ` [PATCH 14/17] KVM: PPC: Allocate RMAs (Real Mode Areas) at boot for Paul Mackerras
2011-06-29 10:25 ` [PATCH 14/17] KVM: PPC: Allocate RMAs (Real Mode Areas) at boot for use by guests Paul Mackerras
2011-06-29 10:26 ` [PATCH 15/17] powerpc, KVM: Split HVMODE_206 cpu feature bit into Paul Mackerras
2011-06-29 10:26 ` [PATCH 15/17] powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits Paul Mackerras
2011-06-29 10:40 ` [PATCH 16/17] KVM: PPC: book3s_hv: Add support for PPC970-family Paul Mackerras
2011-06-29 10:40 ` [PATCH 16/17] KVM: PPC: book3s_hv: Add support for PPC970-family processors Paul Mackerras
2011-06-29 10:41 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Paul Mackerras
2011-06-29 10:41 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Paul Mackerras
2011-06-29 11:53 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Josh Boyer
2011-06-29 11:53 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Josh Boyer
2011-06-29 11:53 ` Josh Boyer
2011-06-29 11:56 ` Alexander Graf
2011-06-29 11:56 ` Alexander Graf
2011-06-29 11:56 ` Alexander Graf
2011-06-29 11:58 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Josh Boyer
2011-06-29 11:58 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Josh Boyer
2011-06-29 11:58 ` Josh Boyer
2011-06-30 8:34 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-06-30 8:34 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-06-30 8:34 ` Avi Kivity
2011-06-30 15:04 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Alexander Graf
2011-06-30 15:04 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Alexander Graf
2011-06-30 15:04 ` Alexander Graf
2011-06-30 15:16 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-06-30 15:16 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-06-30 15:16 ` Avi Kivity
2011-06-30 15:22 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Alexander Graf
2011-06-30 15:22 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Alexander Graf
2011-06-30 15:22 ` Alexander Graf
2011-06-30 16:00 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-06-30 16:00 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-06-30 16:00 ` Avi Kivity
2011-06-30 16:33 ` Alexander Graf
2011-06-30 16:33 ` Alexander Graf
2011-06-30 16:33 ` Alexander Graf
2011-07-03 8:15 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-07-03 8:15 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-07-03 8:15 ` Avi Kivity
2011-07-03 8:34 ` Alexander Graf
2011-07-03 8:34 ` Alexander Graf
2011-07-03 8:34 ` Alexander Graf
2011-07-03 8:56 ` Avi Kivity [this message]
2011-07-03 8:56 ` Avi Kivity
2011-07-03 8:56 ` Avi Kivity
2011-07-03 9:00 ` Alexander Graf
2011-07-03 9:00 ` Alexander Graf
2011-07-03 9:00 ` Alexander Graf
2011-07-03 9:05 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-07-03 9:05 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-07-03 9:05 ` Avi Kivity
2011-07-03 9:09 ` Alexander Graf
2011-07-03 9:09 ` Alexander Graf
2011-07-03 9:09 ` Alexander Graf
2011-07-03 9:12 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-07-03 9:12 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-07-03 9:12 ` Avi Kivity
2011-07-04 10:59 ` Alexander Graf
2011-07-04 10:59 ` Alexander Graf
2011-07-04 10:59 ` Alexander Graf
2011-07-04 11:22 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-07-04 11:22 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-07-04 11:22 ` Avi Kivity
2011-07-04 11:36 ` Alexander Graf
2011-07-04 11:36 ` Alexander Graf
2011-07-04 11:36 ` Alexander Graf
2011-07-04 11:37 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Avi Kivity
2011-07-04 11:37 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Avi Kivity
2011-07-04 11:37 ` Avi Kivity
2011-07-04 11:41 ` Alexander Graf
2011-07-04 11:41 ` Alexander Graf
2011-07-04 11:41 ` Alexander Graf
2011-06-30 23:13 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to Benjamin Herrenschmidt
2011-06-30 23:13 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Benjamin Herrenschmidt
2011-06-30 23:13 ` Benjamin Herrenschmidt
2011-07-01 10:09 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select Paul Mackerras
2011-07-01 10:09 ` [RFC PATCH 17/17] KVM: PPC: Add an ioctl for userspace to select which platform to emulate Paul Mackerras
2011-07-01 10:09 ` Paul Mackerras
2011-07-01 10:23 ` Alexander Graf
2011-07-01 10:23 ` Alexander Graf
2011-07-01 10:23 ` Alexander Graf
2011-07-01 18:24 ` [PATCH 0/17] Hypervisor-mode KVM on POWER7 and PPC970 Alexander Graf
2011-07-01 18:24 ` Alexander Graf
2011-07-01 18:24 ` Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E102ECE.1060004@redhat.com \
--to=avi@redhat.com \
--cc=agraf@suse.de \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=paulus@samba.org \
--cc=scottwood@freescale.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.