From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 78C80C433F5 for ; Thu, 31 Mar 2022 10:10:12 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0141183C54; Thu, 31 Mar 2022 12:10:08 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="cFkLyHGm"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 94445841FD; Thu, 31 Mar 2022 12:10:05 +0200 (CEST) Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com [IPv6:2a00:1450:4864:20::34a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9227283C54 for ; Thu, 31 Mar 2022 12:09:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=39X1FYgYKBiA6O8QHHCKKCHA.8KIQ-7KKPHEOPO.9AJT.9A@flex--ascull.bounces.google.com Received: by mail-wm1-x34a.google.com with SMTP id m35-20020a05600c3b2300b0038c90ef2dceso1206382wms.4 for ; Thu, 31 Mar 2022 03:09:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=e7r6ewYj3LFoeNDErHuObxeDfGvEGpwXv6yI1pAKT9E=; b=cFkLyHGmHutTDOocqFeadWE5Qd9Or8cIKLe6JjSIVzeXNd+ldWGP3E7ZMRvwE9jf4i t2tFzpbtv60i3OTuln8jBsfxHgPJo/84y8714I5w+lAA1Hx4YujM/MyegmgFTjX0rcDX 2ZeirqgA3nk2AJKX7wJib5cnWgs13HulwscibQQA2Ga6t0DriONNU6Zr2ryvbvHYTAcu 0tojPIWmvUadue1mugXyXMKGliuGone9nygzGL7XgNValBrSQkHohL1hC22EXrkPzlM3 +mXaBW0ADEKhMCH4URPiQepTd30FLq/lMLjNNqCk3lt1OMvvBYTbDGDr6LiynhKWM++W JpPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=e7r6ewYj3LFoeNDErHuObxeDfGvEGpwXv6yI1pAKT9E=; b=OdgD6ukbeA5UP0EvEW9zlOw2Uh75aRIYADWIkXOjgOoh60b9rYKdKdUd72CuXyvGxW RC/henCBIR2+YBP03Z9yRJbrCt0IVM2WKFI+Xt9mibJvWuACFggUiCq8tvxG4wjri5+V xHNAHtMT9/VHtMQvU0igvPIDvgcDYySopfd1bhi8yZ9DMk723pb7ZFzD9h0ktDUee2iA jyaUK5FkI36ocf4AccNDyX1z2maMVs0E/ndpGP0H3INyEEfAmRPnZ8TAThv30WbEOe/b HtXipX0r8+jbrgkl9N4VdVFtedCAGptN53ne0D5Qd+q/Oi+3zYUR0ftABHIOo/UlTa+E qDBg== X-Gm-Message-State: AOAM532xOENPDeAgnEVRfvAMKY2r3daigKXPv7yS1WdH26uknZTxNxi2 I3+HEVk3sLz6NO5nZ26SAaGuKiy2WfaZrDHVxZre06XwAMqTqZEj7hp/hj5f7mt7LzpDfXsEHLw WcEwwEqZKtGHJOicSR29Wj7KNrPx9ERhVqNhTspCI4BjtxY6+078cZ0zITxw= X-Google-Smtp-Source: ABdhPJwXzZPlXcls8Swt0C9v3+BqwdaIxBXSwVns5TgMBoqfVAH1wqhb/Tp0UG50nLpYY0XAPnKM+asbHmk= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:a7b:cc15:0:b0:38c:8af7:f47c with SMTP id f21-20020a7bcc15000000b0038c8af7f47cmr4021681wmh.177.1648721397992; Thu, 31 Mar 2022 03:09:57 -0700 (PDT) Date: Thu, 31 Mar 2022 10:09:38 +0000 Message-Id: <20220331100949.3637425-1-ascull@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog Subject: [PATCH 00/11] virtio: Harden and test vring From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, bmeng.cn@gmail.com, adelva@google.com, keirf@google.com, ptosi@google.com, Andrew Scull Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Continuing the theme of making the virtio code resilient against corruption of the buffers shared with the device, this series focusses on the vring. This series is simpler and more self-contained than the series for virtio-pci! It follows the example of Linux by keeping a private copy of the descriptors and metadata for state tracking and only ever writing to the descriptors that are shared with the device. I was able to test these hardening steps in the sandbox by simulating device writes to the queues. I was also looking into testing the device drivers against a simulated device but the lack of an API to access the virtqueues meant this ended up being a hack. I've included that hack and the at the end of the series as an RFC. Andrew Scull (11): virtio_ring: Merge identical variables virtio_ring: Add helper to attach vring descriptor virtio_ring: Maintain a shadow copy of descriptors virtio_ring: Check used descriptors are chain heads dm: test: virtio: Test the virtio ring virtio: sandbox: Fix device features bitfield test: dm: virtio: Test notify before del_vqs virtio: sandbox: Bind RNG rather than block device test: dm: virtio: Test virtio device driver probing virtio: rng: Check length before copying RFC: test: dm: virtio: Test virtio-rng with faked device drivers/virtio/virtio_ring.c | 90 ++++++++++++++-------- drivers/virtio/virtio_rng.c | 3 + drivers/virtio/virtio_sandbox.c | 4 +- include/virtio_ring.h | 12 +++ test/dm/virtio.c | 129 ++++++++++++++++++++++++++++++-- 5 files changed, 199 insertions(+), 39 deletions(-) -- 2.35.1.1094.g7c7d902a7c-goog