From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Avi Kivity <avi@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [RFC][PATCH 06/45] msix: Prevent bogus mask updates on MMIO accesses
Date: Mon, 17 Oct 2011 13:57:21 +0200 [thread overview]
Message-ID: <20111017115721.GF4537@redhat.com> (raw)
In-Reply-To: <4E9C1042.4040007@siemens.com>
On Mon, Oct 17, 2011 at 01:23:46PM +0200, Jan Kiszka wrote:
> On 2011-10-17 13:10, Michael S. Tsirkin wrote:
> > On Mon, Oct 17, 2011 at 11:27:40AM +0200, Jan Kiszka wrote:
> >> Only accesses to the MSI-X table must trigger a call to
> >> msix_handle_mask_update or a notifier invocation.
> >>
> >> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> >
> > Why would msix_mmio_write be called on an access
> > outside the table?
>
> Because it handles both the table and the PBA.
Hmm. Interesting. Is there a bug in how we handle PBA
updates then? If yes I'd like a separate patch for that
to apply to the stable tree.
BTW, this code will go away if PBA can get stored separately?
> >
> >> ---
> >> hw/msix.c | 16 ++++++++++------
> >> 1 files changed, 10 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/hw/msix.c b/hw/msix.c
> >> index 2c4de21..33cb716 100644
> >> --- a/hw/msix.c
> >> +++ b/hw/msix.c
> >> @@ -264,18 +264,22 @@ static void msix_mmio_write(void *opaque, target_phys_addr_t addr,
> >> {
> >> PCIDevice *dev = opaque;
> >> unsigned int offset = addr & (MSIX_PAGE_SIZE - 1) & ~0x3;
> >> - int vector = offset / PCI_MSIX_ENTRY_SIZE;
> >> + unsigned int vector = offset / PCI_MSIX_ENTRY_SIZE;
> >
> > Why the int/unsigned change? this has no chance to overflow, and using
> > unsigned causes signed/unsigned comparison below,
> > and unsigned/signed conversion on calls such as msix_is_masked.
>
> Vectors should be unsigned int, this is just one step in that direction
Not sure why, but if you want to rework this we
would be better off doing the conversion in one go. Making half the code
use unsigned and half signed is way worse.
> as we are at it.
Should be a separate patch.
> Even if the overflow is practically impossible, this
> remains cleaner.
I have to say this change if done throughout would introduce
a lot of code churn. The potential of introducing bugs
seems higher than the potential to find/fix them.
> >
> >> int was_masked = msix_is_masked(dev, vector);
> >> pci_set_long(dev->msix_table_page + offset, val);
> >> if (kvm_enabled() && kvm_irqchip_in_kernel()) {
> >> kvm_msix_update(dev, vector, was_masked, msix_is_masked(dev, vector));
> >> }
> >
> > I would say if we need to check the address, check it first thing
> > and return if the address is out of a sensible range.
>
> Will do that later when generalized MSI-X support.
But then do we need this patch at all?
> > For example, are you worried about kvm_msix_update calls with
> > a sensible mask?
>
> No, that kvm code will die anyway.
Yes but we care about stable too, if there's a bug there
we need to fix it.
> Jan
>
> --
> Siemens AG, Corporate Technology, CT T DE IT 1
> Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2011-10-17 11:56 UTC|newest]
Thread overview: 144+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-17 9:27 [Qemu-devel] [RFC][PATCH 00/45] qemu-kvm: MSI layer rework for in-kernel irqchip support Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 01/45] msi: Guard msi/msix_write_config with msi_present Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 02/45] msi: Guard msi_reset " Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 03/45] msi: Use msi/msix_present more consistently Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 04/45] msi: Invoke msi/msix_reset from PCI core Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 05/45] msi: Invoke msi/msix_write_config " Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 06/45] msix: Prevent bogus mask updates on MMIO accesses Jan Kiszka
2011-10-17 11:10 ` Michael S. Tsirkin
2011-10-17 11:23 ` Jan Kiszka
2011-10-17 11:57 ` Michael S. Tsirkin [this message]
2011-10-17 12:07 ` Jan Kiszka
2011-10-17 12:50 ` Michael S. Tsirkin
2011-10-17 19:11 ` Jan Kiszka
2011-10-17 19:43 ` Michael S. Tsirkin
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 07/45] msi: Generalize msix_supported to msi_supported Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 08/45] Introduce MSIMessage structure Jan Kiszka
2011-10-17 11:46 ` Michael S. Tsirkin
2011-10-17 11:51 ` Jan Kiszka
2011-10-17 12:04 ` Michael S. Tsirkin
2011-10-17 12:09 ` Jan Kiszka
2011-10-17 13:01 ` Michael S. Tsirkin
2011-10-17 19:14 ` Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 09/45] msi: Factor out msi_message_from_vector Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 10/45] msix: Factor out msix_message_from_vector Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 11/45] msi: Factor out delivery hook Jan Kiszka
2011-10-17 10:56 ` Avi Kivity
2011-10-17 11:15 ` Jan Kiszka
2011-10-17 11:22 ` Avi Kivity
2011-10-17 11:29 ` Jan Kiszka
2011-10-17 12:14 ` Avi Kivity
2011-10-17 18:59 ` Jan Kiszka
2011-10-17 13:41 ` Michael S. Tsirkin
2011-10-17 13:41 ` Avi Kivity
2011-10-17 13:48 ` Michael S. Tsirkin
2011-10-17 19:18 ` Jan Kiszka
2011-10-17 13:43 ` Michael S. Tsirkin
2011-10-17 19:15 ` Jan Kiszka
2011-10-18 12:05 ` Michael S. Tsirkin
2011-10-18 12:23 ` Jan Kiszka
2011-10-18 12:38 ` Michael S. Tsirkin
2011-10-18 12:41 ` Jan Kiszka
2011-10-18 12:44 ` malc
2011-10-18 12:49 ` Michael S. Tsirkin
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 12/45] msi: Introduce MSIRoutingCache Jan Kiszka
2011-10-17 11:06 ` Avi Kivity
2011-10-17 11:19 ` Jan Kiszka
2011-10-17 11:25 ` Avi Kivity
2011-10-17 11:31 ` Jan Kiszka
2011-10-17 12:17 ` Avi Kivity
2011-10-17 15:37 ` Michael S. Tsirkin
2011-10-17 19:19 ` Jan Kiszka
2011-10-18 12:17 ` Michael S. Tsirkin
2011-10-18 12:26 ` Jan Kiszka
2011-10-17 15:43 ` Michael S. Tsirkin
2011-10-17 19:23 ` Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 13/45] hpet: Use msi_deliver Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 14/45] qemu-kvm: Drop useless kvm_clear_gsi_routes Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 15/45] qemu-kvm: Drop unused kvm_del_irq_route Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 16/45] qemu-kvm: Use MSIMessage and MSIRoutingCache Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 17/45] qemu-kvm: Track MSIRoutingCache in KVM routing table Jan Kiszka
2011-10-17 11:13 ` Avi Kivity
2011-10-17 11:25 ` Jan Kiszka
2011-10-17 12:15 ` Avi Kivity
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 18/45] qemu-kvm: Hook into MSI delivery at APIC level Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 19/45] qemu-kvm: Factor out kvm_msi_irqfd_set Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 20/45] qemu-kvm: msix: Only invoke msix_handle_mask_update on changes Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 21/45] qemu-kvm: msix: Don't fire notifier spuriously on set/unset Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 22/45] qemu-kvm: msix: Fire mask notifier on global mask changes Jan Kiszka
2011-10-17 12:16 ` Michael S. Tsirkin
2011-10-17 19:00 ` Jan Kiszka
2011-10-18 12:40 ` Michael S. Tsirkin
2011-10-18 12:45 ` Jan Kiszka
2011-10-18 12:57 ` Michael S. Tsirkin
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 23/45] qemu-kvm: Rework MSI-X mask notifier to generic MSI config notifiers Jan Kiszka
2011-10-17 11:40 ` Michael S. Tsirkin
2011-10-17 11:45 ` Jan Kiszka
2011-10-17 12:39 ` Michael S. Tsirkin
2011-10-17 19:08 ` Jan Kiszka
2011-10-18 13:46 ` Michael S. Tsirkin
2011-10-18 13:49 ` Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 24/45] qemu-kvm: msix: Don't handle mask updated while disabled Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 25/45] qemu-kvm: Update MSI cache on kvm_msi_irqfd_set Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 26/45] qemu-kvm: Use g_realloc for irq_routes extension Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 27/45] qemu-kvm: Lazily update MSI caches Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 28/45] qemu-kvm: msix: Drop tracking of used vectors Jan Kiszka
2011-10-17 15:48 ` Michael S. Tsirkin
2011-10-17 19:28 ` Jan Kiszka
2011-10-18 11:58 ` Michael S. Tsirkin
2011-10-18 12:08 ` Jan Kiszka
2011-10-18 12:33 ` Michael S. Tsirkin
2011-10-18 12:38 ` Jan Kiszka
2011-10-18 12:48 ` Michael S. Tsirkin
2011-10-18 13:00 ` Jan Kiszka
2011-10-18 13:37 ` Michael S. Tsirkin
2011-10-18 13:46 ` Jan Kiszka
2011-10-18 14:01 ` Michael S. Tsirkin
2011-10-18 14:08 ` Jan Kiszka
2011-10-18 15:08 ` Michael S. Tsirkin
2011-10-18 15:22 ` Jan Kiszka
2011-10-18 15:55 ` Jan Kiszka
2011-10-18 17:06 ` Michael S. Tsirkin
2011-10-18 18:24 ` Jan Kiszka
2011-10-18 18:40 ` Michael S. Tsirkin
2011-10-18 19:37 ` Jan Kiszka
2011-10-18 21:40 ` Michael S. Tsirkin
2011-10-18 22:13 ` Jan Kiszka
2011-10-19 0:56 ` Michael S. Tsirkin
2011-10-19 6:41 ` Jan Kiszka
2011-10-19 9:03 ` Michael S. Tsirkin
2011-10-19 11:17 ` Jan Kiszka
2011-10-20 22:02 ` Michael S. Tsirkin
2011-10-21 7:09 ` Jan Kiszka
2011-10-21 7:54 ` Michael S. Tsirkin
2011-10-21 9:27 ` Jan Kiszka
2011-10-21 10:57 ` Michael S. Tsirkin
2011-10-18 18:26 ` Jan Kiszka
2011-10-18 15:56 ` Michael S. Tsirkin
2011-10-18 15:58 ` Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 29/45] pci-assign: Drop kvm_assigned_irq::host_irq initialization Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 30/45] pci-assign: Rename assign_irq to assign_intx Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 31/45] qemu-kvm: Refactor kvm_deassign_irq to kvm_device_irq_deassign Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 32/45] pci-assign: Factor out deassign_irq Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 33/45] qemu-kvm: Factor out kvm_device_intx_assign Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 34/45] qemu-kvm: Factor out kvm_device_msi_assign Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 35/45] pci-assign: Polish assigned_dev_update_msix_mmio Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 36/45] qemu-kvm: Factor out kvm_device_msix_* services Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 37/45] qemu-kvm: Clean up irqrouting API Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 38/45] msi: Implement config notifiers for legacy MSI Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 39/45] pci-assign: Use generic MSI support Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 40/45] qemu-kvm: msix: Drop check for preexisting cap from msix_add_config Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 41/45] msix: Drop unused msix_bar_size Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 42/45] msix: Introduce msix_init_simple Jan Kiszka
2011-10-17 11:22 ` Michael S. Tsirkin
2011-10-17 11:27 ` Jan Kiszka
2011-10-17 14:28 ` Michael S. Tsirkin
2011-10-17 19:21 ` Jan Kiszka
2011-10-18 10:52 ` Michael S. Tsirkin
2011-10-18 11:02 ` Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 43/45] msix: Allow to customize capability on init Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 44/45] pci-assign: Use generic MSI-X support Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 45/45] pci-assign: Fix coding style issues Jan Kiszka
2011-10-17 12:18 ` [Qemu-devel] [RFC][PATCH 00/45] qemu-kvm: MSI layer rework for in-kernel irqchip support Avi Kivity
2011-10-17 15:57 ` Michael S. Tsirkin
2011-10-17 19:35 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111017115721.GF4537@redhat.com \
--to=mst@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=avi@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).