From: Igor Mammedov <imammedo@redhat.com>
To: Ani Sinha <ani@anisinha.ca>
Cc: philmd@redhat.com, qemu-devel@nongnu.org,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PATCH] hw/acpi/pcihp: validate bsel property of the bus before unplugging device
Date: Tue, 24 Aug 2021 13:22:11 +0200 [thread overview]
Message-ID: <20210824132211.3e8414d6@redhat.com> (raw)
In-Reply-To: <alpine.DEB.2.22.394.2108241603590.891355@anisinha-lenovo>
On Tue, 24 Aug 2021 16:07:30 +0530 (IST)
Ani Sinha <ani@anisinha.ca> wrote:
> On Tue, 24 Aug 2021, Igor Mammedov wrote:
>
> > On Mon, 23 Aug 2021 19:06:47 -0400
> > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> >
> > > On Sat, Aug 21, 2021 at 08:35:35PM +0530, Ani Sinha wrote:
> > > > Bsel property of the pci bus indicates whether the bus supports acpi hotplug.
> > > > We need to validate the presence of this property before performing any hotplug
> > > > related callback operations. Currently validation of the existence of this
> > > > property was absent from acpi_pcihp_device_unplug_cb() function but is present
> > > > in other hotplug/unplug callback functions. Hence, this change adds the missing
> > > > check for the above function.
> > > >
> > > > Signed-off-by: Ani Sinha <ani@anisinha.ca>
> > >
> > > I queued this but I have a general question:
> > I convinced myself that this patch is wrong, pls drop it.
> >
> > > are all these errors logged with LOG_GUEST_ERROR?
> > > Because if not we have a security problem.
> > > I also note that bsel is an internal property,
> > > I am not sure we should be printing this to users,
> > > it might just confuse them.
> > >
> > > Same question for all the other places validating bsel.
> >
> > Commit message misses reproducer/explanation about
> > how it could be triggered?
> >
> > If it's actually reachable, from my point of view
> > putting checks all through out call chain is not robust
> > and it's easy to miss issues caused by invalid bsel.
> > Instead of putting check all over the code, I'd
> > check value on entry points (pci_read/pci_write)
> > if code there is broken.
> >
> > >
> > > > ---
> > > > hw/acpi/pcihp.c | 10 ++++++++--
> > > > 1 file changed, 8 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> > > > index 0fd0c1d811..9982815a87 100644
> > > > --- a/hw/acpi/pcihp.c
> > > > +++ b/hw/acpi/pcihp.c
> > > > @@ -372,9 +372,15 @@ void acpi_pcihp_device_unplug_cb(HotplugHandler *hotplug_dev, AcpiPciHpState *s,
> > > > DeviceState *dev, Error **errp)
> > > > {
> > > > PCIDevice *pdev = PCI_DEVICE(dev);
> > > > + int bsel = acpi_pcihp_get_bsel(pci_get_bus(pdev));
> > > > +
> > > > + trace_acpi_pci_unplug(PCI_SLOT(pdev->devfn), bsel);
> > > >
> > > > - trace_acpi_pci_unplug(PCI_SLOT(pdev->devfn),
> > > > - acpi_pcihp_get_bsel(pci_get_bus(pdev)));
> > > > + if (bsel < 0) {
> > > > + error_setg(errp, "Unsupported bus. Bus doesn't have property '"
> > > > + ACPI_PCIHP_PROP_BSEL "' set");
> > > > + return;
> > > > + }
> >
> > 1st:
> > Error here is useless. this path is triggered on guest
> > MMIO write and there is no consumer for error whatsoever.
> > If I recall correctly, in such cases we in PCIHP code we make
> > such access a silent NOP. And tracing is there for a us
> > to help figure out what's going on.
> >
> > 2nd:
> > if it got this far, it means a device on a bus with bsel
> > was found and we are completing cleanup. Error-ing out at
> > this point will leak acpi_index.
>
> The above two points seems to apply in this case as well and so should we
> do this?
Please see where acpi_pcihp_device_unplug_request_cb() is called from,
that should answer your question.
> diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
> index 0fd0c1d811..c7692f5d5f 100644
> --- a/hw/acpi/pcihp.c
> +++ b/hw/acpi/pcihp.c
> @@ -400,12 +400,6 @@ void acpi_pcihp_device_unplug_request_cb(HotplugHandler *hotplug_dev,
>
> trace_acpi_pci_unplug_request(bsel, slot);
>
> - if (bsel < 0) {
> - error_setg(errp, "Unsupported bus. Bus doesn't have property '"
> - ACPI_PCIHP_PROP_BSEL "' set");
> - return;
> - }
> -
> s->acpi_pcihp_pci_status[bsel].down |= (1U << slot);
> acpi_send_event(DEVICE(hotplug_dev), ACPI_PCI_HOTPLUG_STATUS);
> }
>
>
> I wanted to check before sending out a formal patch. I like symmetric
> code.
prev parent reply other threads:[~2021-08-24 11:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-21 15:05 [PATCH] hw/acpi/pcihp: validate bsel property of the bus before unplugging device Ani Sinha
2021-08-23 23:06 ` Michael S. Tsirkin
2021-08-24 5:24 ` Ani Sinha
2021-08-24 8:56 ` Igor Mammedov
2021-08-24 9:30 ` Ani Sinha
2021-08-24 10:37 ` Ani Sinha
2021-08-24 11:06 ` Ani Sinha
2021-08-24 11:35 ` Philippe Mathieu-Daudé
2021-08-24 13:33 ` Ani Sinha
2021-08-24 11:22 ` Igor Mammedov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210824132211.3e8414d6@redhat.com \
--to=imammedo@redhat.com \
--cc=ani@anisinha.ca \
--cc=mst@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).