From: Paolo Bonzini <pbonzini@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: kwolf@redhat.com, famz@redhat.com,
zhang.zhanghailiang@huawei.com, qemu-devel@nongnu.org,
stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH v2 for-2.3] virtio-blk: correctly dirty guest memory
Date: Thu, 02 Apr 2015 20:53:04 +0200 [thread overview]
Message-ID: <551D9010.9070009@redhat.com> (raw)
In-Reply-To: <20150402203521-mutt-send-email-mst@redhat.com>
On 02/04/2015 20:46, Michael S. Tsirkin wrote:
> Oh, true in fact. It might be a good idea to add something like this to
> the commit log:
>
> Additionally, virtio spec requires that device writes at least
> len bytes to descriptor - so that driver can rely on
> bytes 0..len-1 being initialized by device. Specifically, it says
> len can be used as an optimization "for drivers using untrusted
> buffers: if you do not know exactly how much has been written by the
> device, you usually have to zero the buffer to ensure no data leakage
> occurs".
>
> We violated this rule in two cases: on write - len should be 0,
> request size was mistakenly used
Should be 1 due to the status byte.
> - and on read error - we don't
> know whether the whole request size was written, so again len
> should be set to 0.
Oh no wait... my patch does not handle the read error case.
The len argument to virtqueue_push is being overloaded with two meanings:
1) a value that is >= the actual count, used to set the dirty bitmap
2) a value that should be <= the actual count, used as mentioned in your
English text above.
This is a problem for read errors, because the status byte is at the end
of the input buffers. So (1) requires that you set len = size+1, while
(2) requires that you set len = 0.
My patch only deals with (1), which is a correctness problem for
migration, as Wen debugged. It is a 2.3 regression.
I don't think (2) is fixable without changing the virtqueue API, and it
is not a regression.
Paolo
next prev parent reply other threads:[~2015-04-02 18:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-02 17:50 [Qemu-devel] [PATCH v2 for-2.3] virtio-blk: correctly dirty guest memory Paolo Bonzini
2015-04-02 17:54 ` Michael S. Tsirkin
2015-04-02 17:57 ` Paolo Bonzini
2015-04-02 18:46 ` Michael S. Tsirkin
2015-04-02 18:53 ` Paolo Bonzini [this message]
2015-04-02 19:17 ` Michael S. Tsirkin
2015-04-03 4:13 ` Li Zhijian
2015-04-07 14:11 ` Stefan Hajnoczi
2015-04-08 9:38 ` Stefan Hajnoczi
2015-04-08 9:42 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=551D9010.9070009@redhat.com \
--to=pbonzini@redhat.com \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.