From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51180) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aiZg8-0005ye-IJ for qemu-devel@nongnu.org; Tue, 22 Mar 2016 23:41:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aiZg3-0005Ul-Ha for qemu-devel@nongnu.org; Tue, 22 Mar 2016 23:41:52 -0400 Received: from mga14.intel.com ([192.55.52.115]:13005) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aiZg3-0005Tp-Bz for qemu-devel@nongnu.org; Tue, 22 Mar 2016 23:41:47 -0400 References: <1458203581-59143-1-git-send-email-guangrong.xiao@linux.intel.com> <1458203581-59143-5-git-send-email-guangrong.xiao@linux.intel.com> <20160317102807.GB14062@stefanha-x1.localdomain> From: Xiao Guangrong Message-ID: <56F21049.2080404@linux.intel.com> Date: Wed, 23 Mar 2016 11:40:57 +0800 MIME-Version: 1.0 In-Reply-To: <20160317102807.GB14062@stefanha-x1.localdomain> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 04/15] nvdimm: support nvdimm label List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: ehabkost@redhat.com, kvm@vger.kernel.org, mst@redhat.com, gleb@kernel.org, mtosatti@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com, imammedo@redhat.com, pbonzini@redhat.com, dan.j.williams@intel.com, rth@twiddle.net On 03/17/2016 06:28 PM, Stefan Hajnoczi wrote: > On Thu, Mar 17, 2016 at 04:32:50PM +0800, Xiao Guangrong wrote: >> +static void nvdimm_init(Object *obj) >> +{ >> + object_property_add_bool(obj, "reserve-label", nvdimm_get_reserve_label, >> + nvdimm_set_reserve_label, NULL); > > In the future users may wish for larger namespace label sizes. This > bool option will not allow that. > > Perhaps the option should be an integer called "label-size"? Yes, good to me. > >> +static void nvdimm_assert_rw_label_data(NVDIMMDevice *nvdimm, uint64_t size, >> + uint64_t offset) >> +{ >> + assert(nvdimm->reserve_label && >> + (nvdimm->label_size >= size + offset) && (offset + size > offset)); >> +} > > It's not clear from this patch alone, but QEMU is not allowed to assert > due to invalid inputs from the guest. So if input validation is > necessary here because the values may be invalid, please write if > statements and error returns. The caller should check it before calling these callbacks, in our case, we did it in nvdimm_rw_label_data_check() in patch 13. So if that happen, it is really a QEMU internal BUG. > > This is important so guests cannot cause QEMU to core dump (SIGABRT > default behavior) and so that nested virtualization doesn't allow a > nested guest to DoS its parent guest. Yes, i understood it, but it is not the case in this patch as the assert() can not be triggered by guest. Maybe i should mention it in the changelog to make this fact more clean.