From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33731) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XlJQR-0004k3-5D for qemu-devel@nongnu.org; Mon, 03 Nov 2014 10:20:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XlJQF-0006NT-1V for qemu-devel@nongnu.org; Mon, 03 Nov 2014 10:20:11 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59691) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XlJQE-0006NN-OT for qemu-devel@nongnu.org; Mon, 03 Nov 2014 10:19:58 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sA3FJvPj025182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 3 Nov 2014 10:19:58 -0500 Date: Mon, 3 Nov 2014 17:19:55 +0200 From: "Michael S. Tsirkin" Message-ID: <20141103151955.GA14401@redhat.com> References: <1414947218-7618-1-git-send-email-mst@redhat.com> <87bnoouxqn.fsf@blackfin.pond.sub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87bnoouxqn.fsf@blackfin.pond.sub.org> Subject: Re: [Qemu-devel] [PATCH] qemu-char: fix tcp_get_fds List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: Paolo Bonzini , qemu-devel@nongnu.org On Mon, Nov 03, 2014 at 04:09:36PM +0100, Markus Armbruster wrote: > "Michael S. Tsirkin" writes: > > > tcp_get_fds API discards fds if there's more than 1 of these. > > s/tcp_get_fds/tcp_get_msgfds/ (subject as well) Right. Too late as I sent this upstream :( > What exactly doesn't work without this patch? It's only used by vhost test. It works by chance because it's only using 512m ram. I tweaked vhost user test to use more memory (3900 instead of 512 M) and it started failing because it needs 3 fds then. Not yet upstreaming the test change itself, looking for ways to avoid using huge pages for this. > > It's tricky to fix this without API changes in the generic case. > > > > However, this API is only used by tests ATM, and tests know how > > many fds they expect. > > > > So let's not waste cycles trying to fix this properly: > > simply assume at most 16 fds (tests use at most 8 now). > > assert if some test tries to get more. > > > > Signed-off-by: Michael S. Tsirkin > > --- > > qemu-char.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/qemu-char.c b/qemu-char.c > > index bd0709b..1c4004c 100644 > > --- a/qemu-char.c > > +++ b/qemu-char.c > > @@ -88,6 +88,7 @@ > > #define READ_BUF_LEN 4096 > > #define READ_RETRIES 10 > > #define CHR_MAX_FILENAME_SIZE 256 > > +#define TCP_MAX_FDS 16 > > > > /***********************************************************/ > > /* Socket address helpers */ > > @@ -2668,6 +2669,8 @@ static int tcp_get_msgfds(CharDriverState *chr, int *fds, int num) > > TCPCharDriver *s = chr->opaque; > > int to_copy = (s->read_msgfds_num < num) ? s->read_msgfds_num : num; > > > > + assert(num <= TCP_MAX_FDS); > > + > > if (to_copy) { > > int i; > > > > This where we copy received fds out of ->read_msgfds. If someone asks > for more than TCP_MAX_FDS, the buffer in the next hunk is insufficient. > > @@ -2762,7 +2765,7 @@ static ssize_t tcp_chr_recv(CharDriverState *chr, char *buf, size_t len) > > struct iovec iov[1]; > > union { > > struct cmsghdr cmsg; > > - char control[CMSG_SPACE(sizeof(int))]; > > + char control[CMSG_SPACE(sizeof(int) * TCP_MAX_FDS)]; > > } msg_control; > > int flags = 0; > > ssize_t ret; > > This is where we receive the fds into ->read_msgfds. How many depends > on sizeof(msg_control). One before your patch, TCP_MAX_FDS after. > > Reviewed-by: Markus Armbruster