From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Avi Kivity <avi@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [RFC][PATCH 06/45] msix: Prevent bogus mask updates on MMIO accesses
Date: Mon, 17 Oct 2011 21:43:31 +0200 [thread overview]
Message-ID: <20111017194330.GA10756@redhat.com> (raw)
In-Reply-To: <4E9C7DE1.3030706@web.de>
On Mon, Oct 17, 2011 at 09:11:29PM +0200, Jan Kiszka wrote:
> On 2011-10-17 14:50, Michael S. Tsirkin wrote:
> > On Mon, Oct 17, 2011 at 02:07:10PM +0200, Jan Kiszka wrote:
> >> On 2011-10-17 13:57, Michael S. Tsirkin wrote:
> >>> On Mon, Oct 17, 2011 at 01:23:46PM +0200, Jan Kiszka wrote:
> >>>> On 2011-10-17 13:10, Michael S. Tsirkin wrote:
> >>>>> On Mon, Oct 17, 2011 at 11:27:40AM +0200, Jan Kiszka wrote:
> >>>>>> Only accesses to the MSI-X table must trigger a call to
> >>>>>> msix_handle_mask_update or a notifier invocation.
> >>>>>>
> >>>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> >>>>>
> >>>>> Why would msix_mmio_write be called on an access
> >>>>> outside the table?
> >>>>
> >>>> Because it handles both the table and the PBA.
> >>>
> >>> Hmm. Interesting. Is there a bug in how we handle PBA
> >>> updates then? If yes I'd like a separate patch for that
> >>> to apply to the stable tree.
> >>
> >> I first thought it was a serious bug, but it just triggers if the guest
> >> write to PBA (which is very uncommon) and that actually triggers any
> >> spurious out-of-bounds vector injection. Highly unlikely.
> >
> > Yes guests don't really use PBA ATM. But is there something
> > bad a malicious guest can do? For example, what if
> > msix_clr_pending gets invoked with this huge vector value?
> >
> > It does seem serious ...
>
> I checked it before and I think it is harmless. The largest vector that
> can be miscalculated is 255. But bit 255 in the PBA is still safe inside
> our MMIO page.
>
> Jan
>
you are right. we got lucky.
next prev parent reply other threads:[~2011-10-17 19:42 UTC|newest]
Thread overview: 144+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-17 9:27 [Qemu-devel] [RFC][PATCH 00/45] qemu-kvm: MSI layer rework for in-kernel irqchip support Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 01/45] msi: Guard msi/msix_write_config with msi_present Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 02/45] msi: Guard msi_reset " Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 03/45] msi: Use msi/msix_present more consistently Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 04/45] msi: Invoke msi/msix_reset from PCI core Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 05/45] msi: Invoke msi/msix_write_config " Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 06/45] msix: Prevent bogus mask updates on MMIO accesses Jan Kiszka
2011-10-17 11:10 ` Michael S. Tsirkin
2011-10-17 11:23 ` Jan Kiszka
2011-10-17 11:57 ` Michael S. Tsirkin
2011-10-17 12:07 ` Jan Kiszka
2011-10-17 12:50 ` Michael S. Tsirkin
2011-10-17 19:11 ` Jan Kiszka
2011-10-17 19:43 ` Michael S. Tsirkin [this message]
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 07/45] msi: Generalize msix_supported to msi_supported Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 08/45] Introduce MSIMessage structure Jan Kiszka
2011-10-17 11:46 ` Michael S. Tsirkin
2011-10-17 11:51 ` Jan Kiszka
2011-10-17 12:04 ` Michael S. Tsirkin
2011-10-17 12:09 ` Jan Kiszka
2011-10-17 13:01 ` Michael S. Tsirkin
2011-10-17 19:14 ` Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 09/45] msi: Factor out msi_message_from_vector Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 10/45] msix: Factor out msix_message_from_vector Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 11/45] msi: Factor out delivery hook Jan Kiszka
2011-10-17 10:56 ` Avi Kivity
2011-10-17 11:15 ` Jan Kiszka
2011-10-17 11:22 ` Avi Kivity
2011-10-17 11:29 ` Jan Kiszka
2011-10-17 12:14 ` Avi Kivity
2011-10-17 18:59 ` Jan Kiszka
2011-10-17 13:41 ` Michael S. Tsirkin
2011-10-17 13:41 ` Avi Kivity
2011-10-17 13:48 ` Michael S. Tsirkin
2011-10-17 19:18 ` Jan Kiszka
2011-10-17 13:43 ` Michael S. Tsirkin
2011-10-17 19:15 ` Jan Kiszka
2011-10-18 12:05 ` Michael S. Tsirkin
2011-10-18 12:23 ` Jan Kiszka
2011-10-18 12:38 ` Michael S. Tsirkin
2011-10-18 12:41 ` Jan Kiszka
2011-10-18 12:44 ` malc
2011-10-18 12:49 ` Michael S. Tsirkin
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 12/45] msi: Introduce MSIRoutingCache Jan Kiszka
2011-10-17 11:06 ` Avi Kivity
2011-10-17 11:19 ` Jan Kiszka
2011-10-17 11:25 ` Avi Kivity
2011-10-17 11:31 ` Jan Kiszka
2011-10-17 12:17 ` Avi Kivity
2011-10-17 15:37 ` Michael S. Tsirkin
2011-10-17 19:19 ` Jan Kiszka
2011-10-18 12:17 ` Michael S. Tsirkin
2011-10-18 12:26 ` Jan Kiszka
2011-10-17 15:43 ` Michael S. Tsirkin
2011-10-17 19:23 ` Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 13/45] hpet: Use msi_deliver Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 14/45] qemu-kvm: Drop useless kvm_clear_gsi_routes Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 15/45] qemu-kvm: Drop unused kvm_del_irq_route Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 16/45] qemu-kvm: Use MSIMessage and MSIRoutingCache Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 17/45] qemu-kvm: Track MSIRoutingCache in KVM routing table Jan Kiszka
2011-10-17 11:13 ` Avi Kivity
2011-10-17 11:25 ` Jan Kiszka
2011-10-17 12:15 ` Avi Kivity
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 18/45] qemu-kvm: Hook into MSI delivery at APIC level Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 19/45] qemu-kvm: Factor out kvm_msi_irqfd_set Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 20/45] qemu-kvm: msix: Only invoke msix_handle_mask_update on changes Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 21/45] qemu-kvm: msix: Don't fire notifier spuriously on set/unset Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 22/45] qemu-kvm: msix: Fire mask notifier on global mask changes Jan Kiszka
2011-10-17 12:16 ` Michael S. Tsirkin
2011-10-17 19:00 ` Jan Kiszka
2011-10-18 12:40 ` Michael S. Tsirkin
2011-10-18 12:45 ` Jan Kiszka
2011-10-18 12:57 ` Michael S. Tsirkin
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 23/45] qemu-kvm: Rework MSI-X mask notifier to generic MSI config notifiers Jan Kiszka
2011-10-17 11:40 ` Michael S. Tsirkin
2011-10-17 11:45 ` Jan Kiszka
2011-10-17 12:39 ` Michael S. Tsirkin
2011-10-17 19:08 ` Jan Kiszka
2011-10-18 13:46 ` Michael S. Tsirkin
2011-10-18 13:49 ` Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 24/45] qemu-kvm: msix: Don't handle mask updated while disabled Jan Kiszka
2011-10-17 9:27 ` [Qemu-devel] [RFC][PATCH 25/45] qemu-kvm: Update MSI cache on kvm_msi_irqfd_set Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 26/45] qemu-kvm: Use g_realloc for irq_routes extension Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 27/45] qemu-kvm: Lazily update MSI caches Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 28/45] qemu-kvm: msix: Drop tracking of used vectors Jan Kiszka
2011-10-17 15:48 ` Michael S. Tsirkin
2011-10-17 19:28 ` Jan Kiszka
2011-10-18 11:58 ` Michael S. Tsirkin
2011-10-18 12:08 ` Jan Kiszka
2011-10-18 12:33 ` Michael S. Tsirkin
2011-10-18 12:38 ` Jan Kiszka
2011-10-18 12:48 ` Michael S. Tsirkin
2011-10-18 13:00 ` Jan Kiszka
2011-10-18 13:37 ` Michael S. Tsirkin
2011-10-18 13:46 ` Jan Kiszka
2011-10-18 14:01 ` Michael S. Tsirkin
2011-10-18 14:08 ` Jan Kiszka
2011-10-18 15:08 ` Michael S. Tsirkin
2011-10-18 15:22 ` Jan Kiszka
2011-10-18 15:55 ` Jan Kiszka
2011-10-18 17:06 ` Michael S. Tsirkin
2011-10-18 18:24 ` Jan Kiszka
2011-10-18 18:40 ` Michael S. Tsirkin
2011-10-18 19:37 ` Jan Kiszka
2011-10-18 21:40 ` Michael S. Tsirkin
2011-10-18 22:13 ` Jan Kiszka
2011-10-19 0:56 ` Michael S. Tsirkin
2011-10-19 6:41 ` Jan Kiszka
2011-10-19 9:03 ` Michael S. Tsirkin
2011-10-19 11:17 ` Jan Kiszka
2011-10-20 22:02 ` Michael S. Tsirkin
2011-10-21 7:09 ` Jan Kiszka
2011-10-21 7:54 ` Michael S. Tsirkin
2011-10-21 9:27 ` Jan Kiszka
2011-10-21 10:57 ` Michael S. Tsirkin
2011-10-18 18:26 ` Jan Kiszka
2011-10-18 15:56 ` Michael S. Tsirkin
2011-10-18 15:58 ` Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 29/45] pci-assign: Drop kvm_assigned_irq::host_irq initialization Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 30/45] pci-assign: Rename assign_irq to assign_intx Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 31/45] qemu-kvm: Refactor kvm_deassign_irq to kvm_device_irq_deassign Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 32/45] pci-assign: Factor out deassign_irq Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 33/45] qemu-kvm: Factor out kvm_device_intx_assign Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 34/45] qemu-kvm: Factor out kvm_device_msi_assign Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 35/45] pci-assign: Polish assigned_dev_update_msix_mmio Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 36/45] qemu-kvm: Factor out kvm_device_msix_* services Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 37/45] qemu-kvm: Clean up irqrouting API Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 38/45] msi: Implement config notifiers for legacy MSI Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 39/45] pci-assign: Use generic MSI support Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 40/45] qemu-kvm: msix: Drop check for preexisting cap from msix_add_config Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 41/45] msix: Drop unused msix_bar_size Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 42/45] msix: Introduce msix_init_simple Jan Kiszka
2011-10-17 11:22 ` Michael S. Tsirkin
2011-10-17 11:27 ` Jan Kiszka
2011-10-17 14:28 ` Michael S. Tsirkin
2011-10-17 19:21 ` Jan Kiszka
2011-10-18 10:52 ` Michael S. Tsirkin
2011-10-18 11:02 ` Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 43/45] msix: Allow to customize capability on init Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 44/45] pci-assign: Use generic MSI-X support Jan Kiszka
2011-10-17 9:28 ` [Qemu-devel] [RFC][PATCH 45/45] pci-assign: Fix coding style issues Jan Kiszka
2011-10-17 12:18 ` [Qemu-devel] [RFC][PATCH 00/45] qemu-kvm: MSI layer rework for in-kernel irqchip support Avi Kivity
2011-10-17 15:57 ` Michael S. Tsirkin
2011-10-17 19:35 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111017194330.GA10756@redhat.com \
--to=mst@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=avi@redhat.com \
--cc=jan.kiszka@web.de \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).