From: Xiao Guangrong <guangrong.xiao@linux.intel.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: pbonzini@redhat.com, imammedo@redhat.com, gleb@kernel.org,
mtosatti@redhat.com, stefanha@redhat.com, mst@redhat.com,
rth@twiddle.net, ehabkost@redhat.com, dan.j.williams@intel.com,
kvm@vger.kernel.org, qemu-devel@nongnu.org
Subject: Re: [PATCH 04/15] nvdimm: support nvdimm label
Date: Wed, 23 Mar 2016 11:40:57 +0800 [thread overview]
Message-ID: <56F21049.2080404@linux.intel.com> (raw)
In-Reply-To: <20160317102807.GB14062@stefanha-x1.localdomain>
On 03/17/2016 06:28 PM, Stefan Hajnoczi wrote:
> On Thu, Mar 17, 2016 at 04:32:50PM +0800, Xiao Guangrong wrote:
>> +static void nvdimm_init(Object *obj)
>> +{
>> + object_property_add_bool(obj, "reserve-label", nvdimm_get_reserve_label,
>> + nvdimm_set_reserve_label, NULL);
>
> In the future users may wish for larger namespace label sizes. This
> bool option will not allow that.
>
> Perhaps the option should be an integer called "label-size"?
Yes, good to me.
>
>> +static void nvdimm_assert_rw_label_data(NVDIMMDevice *nvdimm, uint64_t size,
>> + uint64_t offset)
>> +{
>> + assert(nvdimm->reserve_label &&
>> + (nvdimm->label_size >= size + offset) && (offset + size > offset));
>> +}
>
> It's not clear from this patch alone, but QEMU is not allowed to assert
> due to invalid inputs from the guest. So if input validation is
> necessary here because the values may be invalid, please write if
> statements and error returns.
The caller should check it before calling these callbacks, in our case, we did
it in nvdimm_rw_label_data_check() in patch 13.
So if that happen, it is really a QEMU internal BUG.
>
> This is important so guests cannot cause QEMU to core dump (SIGABRT
> default behavior) and so that nested virtualization doesn't allow a
> nested guest to DoS its parent guest.
Yes, i understood it, but it is not the case in this patch as the assert()
can not be triggered by guest.
Maybe i should mention it in the changelog to make this fact more clean.
WARNING: multiple messages have this Message-ID (diff)
From: Xiao Guangrong <guangrong.xiao@linux.intel.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: ehabkost@redhat.com, kvm@vger.kernel.org, mst@redhat.com,
gleb@kernel.org, mtosatti@redhat.com, qemu-devel@nongnu.org,
stefanha@redhat.com, imammedo@redhat.com, pbonzini@redhat.com,
dan.j.williams@intel.com, rth@twiddle.net
Subject: Re: [Qemu-devel] [PATCH 04/15] nvdimm: support nvdimm label
Date: Wed, 23 Mar 2016 11:40:57 +0800 [thread overview]
Message-ID: <56F21049.2080404@linux.intel.com> (raw)
In-Reply-To: <20160317102807.GB14062@stefanha-x1.localdomain>
On 03/17/2016 06:28 PM, Stefan Hajnoczi wrote:
> On Thu, Mar 17, 2016 at 04:32:50PM +0800, Xiao Guangrong wrote:
>> +static void nvdimm_init(Object *obj)
>> +{
>> + object_property_add_bool(obj, "reserve-label", nvdimm_get_reserve_label,
>> + nvdimm_set_reserve_label, NULL);
>
> In the future users may wish for larger namespace label sizes. This
> bool option will not allow that.
>
> Perhaps the option should be an integer called "label-size"?
Yes, good to me.
>
>> +static void nvdimm_assert_rw_label_data(NVDIMMDevice *nvdimm, uint64_t size,
>> + uint64_t offset)
>> +{
>> + assert(nvdimm->reserve_label &&
>> + (nvdimm->label_size >= size + offset) && (offset + size > offset));
>> +}
>
> It's not clear from this patch alone, but QEMU is not allowed to assert
> due to invalid inputs from the guest. So if input validation is
> necessary here because the values may be invalid, please write if
> statements and error returns.
The caller should check it before calling these callbacks, in our case, we did
it in nvdimm_rw_label_data_check() in patch 13.
So if that happen, it is really a QEMU internal BUG.
>
> This is important so guests cannot cause QEMU to core dump (SIGABRT
> default behavior) and so that nested virtualization doesn't allow a
> nested guest to DoS its parent guest.
Yes, i understood it, but it is not the case in this patch as the assert()
can not be triggered by guest.
Maybe i should mention it in the changelog to make this fact more clean.
next prev parent reply other threads:[~2016-03-23 3:41 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-17 8:32 [PATCH 00/15] NVDIMM: introduce nvdimm label support Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 01/15] pc-dimm: get memory region from ->get_memory_region() Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 02/15] pc-dimm: introduce realize callback Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 03/15] pc-dimm: keep the state of the whole backend memory Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 04/15] nvdimm: support nvdimm label Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 10:28 ` Stefan Hajnoczi
2016-03-17 10:28 ` [Qemu-devel] " Stefan Hajnoczi
2016-03-23 3:40 ` Xiao Guangrong [this message]
2016-03-23 3:40 ` Xiao Guangrong
2016-03-17 8:32 ` [PATCH 05/15] acpi: add aml_object_type Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 06/15] acpi: add aml_call5 Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 07/15] nvdimm acpi: set HDLE properly Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 08/15] nvdimm acpi: save arg3 of _DSM method Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 09/15] nvdimm acpi: check UUID Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 10/15] nvdimm acpi: abstract the operations for root device and nvdimm devices Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 10:35 ` Stefan Hajnoczi
2016-03-17 10:35 ` [Qemu-devel] " Stefan Hajnoczi
2016-03-23 3:43 ` Xiao Guangrong
2016-03-23 3:43 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 11/15] nvdimm acpi: check revision Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 12/15] nvdimm acpi: support Get Namespace Label Size function Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 10:58 ` Stefan Hajnoczi
2016-03-17 10:58 ` [Qemu-devel] " Stefan Hajnoczi
2016-03-23 3:46 ` Xiao Guangrong
2016-03-23 3:46 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:32 ` [PATCH 13/15] nvdimm acpi: support Get Namespace Label Data function Xiao Guangrong
2016-03-17 8:32 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:33 ` [PATCH 14/15] nvdimm acpi: support Set " Xiao Guangrong
2016-03-17 8:33 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 8:33 ` [PATCH 15/15] docs: add NVDIMM ACPI documentation Xiao Guangrong
2016-03-17 8:33 ` [Qemu-devel] " Xiao Guangrong
2016-03-17 10:04 ` [PATCH 00/15] NVDIMM: introduce nvdimm label support Stefan Hajnoczi
2016-03-17 10:04 ` [Qemu-devel] " Stefan Hajnoczi
2016-03-22 15:37 ` Dan Williams
2016-03-22 15:37 ` [Qemu-devel] " Dan Williams
2016-03-22 20:30 ` Stefan Hajnoczi
2016-03-22 20:30 ` [Qemu-devel] " Stefan Hajnoczi
2016-03-23 2:46 ` Xiao Guangrong
2016-03-23 2:46 ` [Qemu-devel] " Xiao Guangrong
2016-03-23 16:48 ` Stefan Hajnoczi
2016-03-23 16:48 ` [Qemu-devel] " Stefan Hajnoczi
2016-03-22 11:17 ` Michael S. Tsirkin
2016-03-22 11:17 ` [Qemu-devel] " Michael S. Tsirkin
2016-03-23 3:47 ` Xiao Guangrong
2016-03-23 3:47 ` [Qemu-devel] " Xiao Guangrong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56F21049.2080404@linux.intel.com \
--to=guangrong.xiao@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=ehabkost@redhat.com \
--cc=gleb@kernel.org \
--cc=imammedo@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.