From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53198)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Z6wYg-0004VR-Ol
	for qemu-devel@nongnu.org; Mon, 22 Jun 2015 03:54:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Z6wYd-0002B9-Gd
	for qemu-devel@nongnu.org; Mon, 22 Jun 2015 03:54:22 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51438)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Z6wYd-0002B1-9h
	for qemu-devel@nongnu.org; Mon, 22 Jun 2015 03:54:19 -0400
Date: Mon, 22 Jun 2015 09:54:15 +0200
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20150622095122-mutt-send-email-mst@redhat.com>
References: <1434945048-27958-1-git-send-email-mukawa@igel.co.jp>
	<1434945048-27958-4-git-send-email-mukawa@igel.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1434945048-27958-4-git-send-email-mukawa@igel.co.jp>
Subject: Re: [Qemu-devel] [PATCH v2 3/5] vhost-user: Shutdown vhost-user
 connection when wrong messages are passed
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Tetsuya Mukawa <mukawa@igel.co.jp>
Cc: jasowang@redhat.com, n.nikolaev@virtualopensystems.com, qemu-devel@nongnu.org, stefanha@redhat.com

On Mon, Jun 22, 2015 at 12:50:46PM +0900, Tetsuya Mukawa wrote:
> When wrong vhost-user message are passed, the connection should be shutdown.
> 
> Signed-off-by: Tetsuya Mukawa <mukawa@igel.co.jp>

This silently changes the protocol semantics: previously
unknown messages were ignored. We can't do this.
See email titled "vhost-user: protocol extensions" which relies on this
to detect protocol version.


> ---
>  hw/virtio/vhost-user.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index d6f2163..2215c39 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -183,6 +183,7 @@ static int vhost_user_write(struct vhost_dev *dev, VhostUserMsg *msg,
>  static int vhost_user_call(struct vhost_dev *dev, unsigned long int request,
>          void *arg)
>  {
> +    CharDriverState *chr = dev->opaque;
>      VhostUserMsg msg;
>      VhostUserRequest msg_request;
>      struct vhost_vring_file *file = 0;
> @@ -242,7 +243,7 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned long int request,
>          if (!fd_num) {
>              error_report("Failed initializing vhost-user memory map, "
>                      "consider using -object memory-backend-file share=on");
> -            return -1;
> +            goto close;
>          }
>  
>          msg.size = sizeof(m.memory.nregions);
> @@ -289,7 +290,7 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned long int request,
>          break;
>      default:
>          error_report("vhost-user trying to send unhandled ioctl");
> -        return -1;
> +        goto close;
>          break;
>      }
>  
> @@ -305,33 +306,36 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned long int request,
>          if (msg_request != msg.request) {
>              error_report("Received unexpected msg type."
>                      " Expected %d received %d", msg_request, msg.request);
> -            return -1;
> +            goto close;
>          }
>  
>          switch (msg_request) {
>          case VHOST_USER_GET_FEATURES:
>              if (msg.size != sizeof(m.u64)) {
>                  error_report("Received bad msg size.");
> -                return -1;
> +                goto close;
>              }
>              *((__u64 *) arg) = msg.u64;
>              break;
>          case VHOST_USER_GET_VRING_BASE:
>              if (msg.size != sizeof(m.state)) {
>                  error_report("Received bad msg size.");
> -                return -1;
> +                goto close;
>              }
>              msg.state.index -= dev->vq_index;
>              memcpy(arg, &msg.state, sizeof(struct vhost_vring_state));
>              break;
>          default:
>              error_report("Received unexpected msg type.");
> -            return -1;
> -            break;
> +            goto close;
>          }
>      }
>  
>      return 0;
> +
> +close:
> +    qemu_chr_disconnect(chr);
> +    return -1;
>  }
>  
>  static int vhost_user_init(struct vhost_dev *dev, void *opaque)
> -- 
> 2.1.4