From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1C68CC433F5 for ; Mon, 16 May 2022 10:41:59 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B393884010; Mon, 16 May 2022 12:41:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="c+BdHCeA"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C08B884077; Mon, 16 May 2022 12:41:54 +0200 (CEST) Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com [IPv6:2a00:1450:4864:20::34a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B5535832C3 for ; Mon, 16 May 2022 12:41:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=3byqCYgYKBuYIaKcTTOWWOTM.KWUc-JWWbTQaba.LMVf.LM@flex--ascull.bounces.google.com Received: by mail-wm1-x34a.google.com with SMTP id m124-20020a1c2682000000b00393fcd2722dso5447274wmm.4 for ; Mon, 16 May 2022 03:41:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=Sd3inoLCQCwtW+Et2hYNDM1MkdLAQxyH3kz+o6O95ww=; b=c+BdHCeAGxlh9GMOKVyIgXs2E1g8JAEFixtz6BpvHwlWffTJ9Zcje2RxsR1zfsHI31 xVwSuCvuSsN/ySV0/nK73ppiVA57Go5xNd3khFC2AArArEiOiHPt7Ry9sbILc3I2YyhR SIF2YjYcWWXbCdn8ZONK2ve8odjdm5pevD8dYgFXPk9BJnmKLhj7U9a/Rm8LGw1HUXw7 kLwHr7G19niPu66M0CtcCzq+BSxF0G6NKOxm8FKn9qoJYODJoJJ2o9MzBVwz81HxVATX HaKbgWitMJUzqihPl6VSSynb5RXSg3NujjkjN9J3y9RHqrIJ4D17XvYIMMFg6qEZNmcm eVdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=Sd3inoLCQCwtW+Et2hYNDM1MkdLAQxyH3kz+o6O95ww=; b=D1qSCxOiBPJ5wp+O02tHxGJJBXmMyGLDDIq+W9KfRQzvAvhOU7jyAC0hk2pwcQD7Ig AUBCqNmN/49EKwOb7+ziOPG6tFAff+K9yJztmPJWk0hfrQe03nK+7jHE8K5Ol/IDPpRE YmxRgt6gDJYvRsRzsXCpMCDbISCQQPesluTch78qcjH6hg6GvKjC18xmRH+CvLAb5KEp SsElpkaIPz6J3o9pW8NzaqyW+OIZ+/qmSGs5DeUqypBP7F3adL1D8lr0VO3lBwZHBMf4 m0ixlw5Dl4Jp13SWS0XaJuCoEd/+iYPeV7qwCBcdCpQsXK0PqeuVJeSKygMi5s24AkWQ 66yw== X-Gm-Message-State: AOAM530QfJiszxZZ7TqPGgBtisPaWSxPD1Bs2g9nSjUdbfEBSxK1AlUR XhFisV/SjzlyJtYcmztIV4BE3hI99JvMAVpev5W7sufwcnI4d0xpr/1NhBaTIesL8pDp1Wo15Hg xmWBKrIWznTnQorcnfsZ1VhiNj5v1dS1EmiWrc+kNjDqp/hj8w6NDYQ+nyJ0= X-Google-Smtp-Source: ABdhPJypQ3y6nVCiUJ9gazDLCqW3tXe36DjnFhe9fzqTQeuKIw2ta4RmpInyDavubokwMRtoaKXkiAOmDkc= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:a7b:c310:0:b0:38c:f07a:e10d with SMTP id k16-20020a7bc310000000b0038cf07ae10dmr16537400wmj.110.1652697711200; Mon, 16 May 2022 03:41:51 -0700 (PDT) Date: Mon, 16 May 2022 10:41:28 +0000 Message-Id: <20220516104140.1047229-1-ascull@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [PATCH v3 00/12] virtio: Harden and test vring From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, trini@konsulko.com, bmeng.cn@gmail.com, Andrew Scull Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Make the virtio ring code resilient against corruption of the buffers shared with the device. It follows the example of Linux by keeping a private copy of the descriptors and metadata for state tracking and only ever writing to the descriptors that are shared with the device. I was able to test these hardening steps in the sandbox by simulating device writes to the queues. >From v1: - Fix build errors on SPL by making dependency on virtio drivers explicit >From v2: - Refactor vring init loop per review Andrew Scull (12): virtio_ring: Merge identical variables virtio_ring: Add helper to attach vring descriptor virtio_ring: Maintain a shadow copy of descriptors virtio_ring: Check used descriptors are chain heads dm: test: virtio: Test the virtio ring virtio: sandbox: Fix device features bitfield test: dm: virtio: Test notify before del_vqs test: dm: virtio: Split out virtio device tests virtio: sandbox: Bind RNG rather than block device test: dm: virtio: Test virtio device driver probing virtio: rng: Check length before copying test: dm: virtio_rng: Test virtio-rng with faked device drivers/virtio/virtio_ring.c | 96 ++++++++++------ drivers/virtio/virtio_rng.c | 3 + drivers/virtio/virtio_sandbox.c | 4 +- include/virtio_ring.h | 12 ++ test/dm/Makefile | 6 +- test/dm/virtio.c | 99 ---------------- test/dm/virtio_device.c | 195 ++++++++++++++++++++++++++++++++ test/dm/virtio_rng.c | 52 +++++++++ 8 files changed, 330 insertions(+), 137 deletions(-) create mode 100644 test/dm/virtio_device.c create mode 100644 test/dm/virtio_rng.c -- 2.36.0.550.gb090851708-goog