From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50982) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn4GG-00021D-SQ for qemu-devel@nongnu.org; Thu, 22 Sep 2016 09:42:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bn4GB-00061l-QQ for qemu-devel@nongnu.org; Thu, 22 Sep 2016 09:41:59 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:58658 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bn4GB-00061Z-KA for qemu-devel@nongnu.org; Thu, 22 Sep 2016 09:41:55 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u8MDcnO7143500 for ; Thu, 22 Sep 2016 09:41:55 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 25me2gsx2k-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 22 Sep 2016 09:41:54 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 22 Sep 2016 14:41:52 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by d06dlp02.portsmouth.uk.ibm.com (Postfix) with ESMTP id 9355B219005F for ; Thu, 22 Sep 2016 14:41:09 +0100 (BST) Received: from d06av06.portsmouth.uk.ibm.com (d06av06.portsmouth.uk.ibm.com [9.149.37.217]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u8MDfnnv3998132 for ; Thu, 22 Sep 2016 13:41:49 GMT Received: from d06av06.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av06.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u8MDfm99025234 for ; Thu, 22 Sep 2016 09:41:49 -0400 Date: Thu, 22 Sep 2016 15:41:46 +0200 From: Cornelia Huck In-Reply-To: <147447703245.30952.11628276217402153393.stgit@bahia> References: <147447700612.30952.9420141963781948805.stgit@bahia> <147447703245.30952.11628276217402153393.stgit@bahia> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20160922154146.51932cd7.cornelia.huck@de.ibm.com> Subject: Re: [Qemu-devel] [PATCH v2 3/9] virtio-9p: handle handle_9p_output() error List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Greg Kurz Cc: qemu-devel@nongnu.org, Kevin Wolf , "Michael S. Tsirkin" , Jason Wang , Max Reitz , "Aneesh Kumar K.V" , Stefan Hajnoczi , Paolo Bonzini On Wed, 21 Sep 2016 18:57:12 +0200 Greg Kurz wrote: > A broken guest may send a request with only non-empty out buffers > or only non-empty in buffers, virtqueue_pop() will then return a > VirtQueueElement with out_num == 0 or in_num == 0 respectively. > > All 9P requests are expected to start with the following 7-byte header: > > uint32_t size_le; > uint8_t id; > uint16_t tag_le; > > If iov_to_buf() fails to return these 7 bytes, then something is wrong in > the guest. > > In both cases, it is wrong to crash QEMU, since the root cause lies in the > guest. Let's switch the device to the broken state instead. > > Signed-off-by: Greg Kurz > --- > v2: - added out_free_pdu: label for errors or when virtqueue is empty > --- > hw/9pfs/virtio-9p-device.c | 20 ++++++++++++++++---- > 1 file changed, 16 insertions(+), 4 deletions(-) Reviewed-by: Cornelia Huck