From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:33907) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SzOzW-0003no-Sh for qemu-devel@nongnu.org; Thu, 09 Aug 2012 05:25:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SzOzQ-0001dw-SQ for qemu-devel@nongnu.org; Thu, 09 Aug 2012 05:25:18 -0400 Received: from mail4.hitachi.co.jp ([133.145.228.5]:35333) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SzOzQ-0001dq-DL for qemu-devel@nongnu.org; Thu, 09 Aug 2012 05:25:12 -0400 Message-ID: <502381EA.80805@hitachi.com> Date: Thu, 09 Aug 2012 18:24:58 +0900 From: Masami Hiramatsu MIME-Version: 1.0 References: <20120724023657.6600.52706.stgit@ltc189.sdl.hitachi.co.jp> <20120724023718.6600.68836.stgit@ltc189.sdl.hitachi.co.jp> <20120809090312.GH3280@amit.redhat.com> In-Reply-To: <20120809090312.GH3280@amit.redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [RFC PATCH 2/6] virtio/console: Add a failback for unstealable pipe buffer List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Amit Shah Cc: Arnd Bergmann , qemu-devel@nongnu.org, Frederic Weisbecker , Yoshihiro YUNOMAE , yrl.pp-manager.tt@hitachi.com, linux-kernel@vger.kernel.org, Borislav Petkov , virtualization@lists.linux-foundation.org, Herbert Xu , "Franch Ch. Eigler" , Ingo Molnar , Mathieu Desnoyers , Steven Rostedt , Anthony Liguori , Greg Kroah-Hartman (2012/08/09 18:03), Amit Shah wrote: > On (Tue) 24 Jul 2012 [11:37:18], Yoshihiro YUNOMAE wrote: >> From: Masami Hiramatsu >> >> Add a failback memcpy path for unstealable pipe buffer. >> If buf->ops->steal() fails, virtio-serial tries to >> copy the page contents to an allocated page, instead >> of just failing splice(). >> >> Signed-off-by: Masami Hiramatsu >> Cc: Amit Shah >> Cc: Arnd Bergmann >> Cc: Greg Kroah-Hartman >> --- >> >> drivers/char/virtio_console.c | 28 +++++++++++++++++++++++++--- >> 1 files changed, 25 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c >> index fe31b2f..911cb3e 100644 >> --- a/drivers/char/virtio_console.c >> +++ b/drivers/char/virtio_console.c >> @@ -794,7 +794,7 @@ static int pipe_to_sg(struct pipe_inode_info *pipe, struct pipe_buffer *buf, >> struct splice_desc *sd) >> { >> struct sg_list *sgl = sd->u.data; >> - unsigned int len = 0; >> + unsigned int offset, len; >> >> if (sgl->n == MAX_SPLICE_PAGES) >> return 0; >> @@ -807,9 +807,31 @@ static int pipe_to_sg(struct pipe_inode_info *pipe, struct pipe_buffer *buf, >> >> len = min(buf->len, sd->len); >> sg_set_page(&(sgl->sg[sgl->n]), buf->page, len, buf->offset); >> - sgl->n++; >> - sgl->len += len; >> + } else { >> + /* Failback to copying a page */ >> + struct page *page = alloc_page(GFP_KERNEL); > > I prefer zeroing out the page. If there's not enough data to be > filled in the page, the remaining data can be leaked to the host. Yeah, it is really easy to fix that. But out of curiosity, would that be really a problem? I guess that host can access any guest page if need. If that is right, is that really insecure to leak randomly allocated unused page to the host? Thank you, -- Masami HIRAMATSU Software Platform Research Dept. Linux Technology Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: masami.hiramatsu.pt@hitachi.com