From: Greg Kurz <groug@kaod.org>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON()
Date: Thu, 8 Sep 2016 11:05:22 +0200 [thread overview]
Message-ID: <20160908110522.097ab135@bahia> (raw)
In-Reply-To: <87eg4uyibm.fsf@dusky.pond.sub.org>
On Thu, 08 Sep 2016 09:14:05 +0200
Markus Armbruster <armbru@redhat.com> wrote:
> Greg Kurz <groug@kaod.org> writes:
>
> > Calling assert() really makes sense when hitting a genuine bug, which calls
> > for a fix in QEMU. However, when something goes wrong because the guest
> > sends a malformed message, it is better to write down a more meaningul
> > error message and exit.
> >
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> > ---
> > hw/9pfs/virtio-9p-device.c | 20 ++++++++++++++++++--
> > 1 file changed, 18 insertions(+), 2 deletions(-)
> >
> > diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
> > index 009b43f6d045..67059182645a 100644
> > --- a/hw/9pfs/virtio-9p-device.c
> > +++ b/hw/9pfs/virtio-9p-device.c
> > @@ -19,6 +19,7 @@
> > #include "coth.h"
> > #include "hw/virtio/virtio-access.h"
> > #include "qemu/iov.h"
> > +#include "qemu/error-report.h"
> >
> > void virtio_9p_push_and_notify(V9fsPDU *pdu)
> > {
> > @@ -35,6 +36,11 @@ void virtio_9p_push_and_notify(V9fsPDU *pdu)
> > virtio_notify(VIRTIO_DEVICE(v), v->vq);
> > }
> >
> > +static void virtio_9p_error(const char *msg)
> > +{
> > + error_report("The virtio-9p driver in the guest has an issue: %s", msg);
> > +}
> > +
> > static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
> > {
> > V9fsVirtioState *v = (V9fsVirtioState *)vdev;
> > @@ -56,13 +62,23 @@ static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
> > break;
> > }
> >
> > - BUG_ON(elem->out_num == 0 || elem->in_num == 0);
> > + if (elem->out_num == 0) {
> > + virtio_9p_error("missing VirtFS request's header");
> > + exit(1);
> > + }
>
> Can the guest trigger this?
>
Yes it can in theory if it pushes an empty buffer... but this "recent"
commit changed the outcome:
commit 1e7aed70144b4673fc26e73062064b6724795e5f
Author: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed Jul 27 21:07:56 2016 +0530
virtio: check vring descriptor buffer length
And now, the error is caught in virtqueue_map_desc():
if (!sz) {
error_report("virtio: zero sized buffers are not allowed");
exit(1);
}
So I guess we should keep the BUG_ON() then.
BTW, there are similar checks in virtio-blk and virtio-net leading to a QEMU
exit... which seem to be obsoleted by the above commit. I'll have a closer
look.
> > + if (elem->in_num == 0) {
> > + virtio_9p_error("missing VirtFS reply's header");
> > + exit(1);
> > + }
>
> Same question.
>
Same answer. :)
> > QEMU_BUILD_BUG_ON(sizeof out != 7);
> >
> > v->elems[pdu->idx] = elem;
> > len = iov_to_buf(elem->out_sg, elem->out_num, 0,
> > &out, sizeof out);
> > - BUG_ON(len != sizeof out);
> > + if (len != sizeof out) {
> > + virtio_9p_error("malformed VirtFS request");
> > + exit(1);
> > + }
>
> Same question.
>
Here this is different: the guest can put a bogus len in the vring_desc
structure, and this doesn't get checked earlier.
> >
> > pdu->size = le32_to_cpu(out.size_le);
> >
Cheers.
--
Greg
next prev parent reply other threads:[~2016-09-08 9:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-07 17:19 [Qemu-devel] [PATCH 0/2] virtio: error report fixes in 9P and PCI Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 1/2] virtio-9p: print error message and exit instead of BUG_ON() Greg Kurz
2016-09-08 7:14 ` Markus Armbruster
2016-09-08 9:05 ` Greg Kurz [this message]
2016-09-08 8:59 ` Cornelia Huck
2016-09-08 9:12 ` Greg Kurz
2016-09-08 15:00 ` Michael S. Tsirkin
2016-09-08 15:04 ` Cornelia Huck
2016-09-08 15:19 ` Michael S. Tsirkin
2016-09-08 16:26 ` Greg Kurz
2016-09-08 16:55 ` Michael S. Tsirkin
2016-09-09 8:30 ` Cornelia Huck
2016-09-09 8:46 ` Greg Kurz
2016-09-09 8:53 ` Cornelia Huck
2016-09-09 9:26 ` Greg Kurz
2016-09-09 9:37 ` Greg Kurz
2016-09-09 6:38 ` Markus Armbruster
2016-09-09 7:30 ` Greg Kurz
2016-09-09 9:08 ` Markus Armbruster
2016-09-09 9:54 ` Greg Kurz
2016-09-07 17:19 ` [Qemu-devel] [PATCH 2/2] virtio-pci: error out when both legacy and modern modes are disabled Greg Kurz
2016-09-08 7:15 ` Markus Armbruster
2016-09-08 9:52 ` Greg Kurz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160908110522.097ab135@bahia \
--to=groug@kaod.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=armbru@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).