From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out30-98.freemail.mail.aliyun.com (out30-98.freemail.mail.aliyun.com [115.124.30.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B45E15B138 for ; Wed, 29 May 2024 02:03:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.98 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716948189; cv=none; b=UvZE+wrqKqPr2MjrhHe4BElh4h45fXRTvMbPgIXuoBmibPnliZ3+rfZkMPlJFdVR92Tz0OBTbKmRIWVZM+Zea4mR47ayatnYOUlMk7w2K0Rr7MtQH5WlIkVmf8iftmxEAviI6N6Cb6NxpMPlSHk4wF5LtHYZEW3LxzOblMg6WDo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716948189; c=relaxed/simple; bh=/jAPqVaAnX6uuaZo5Y8bEOCQ0r8SBj4MRnDEE11nTY4=; h=Message-ID:Subject:Date:From:To:Cc:References:In-Reply-To; b=JPmcwtWZ+31r8BDU25ypz7ibyk5xh3N+f7WhHlW0/1TbySM5MSVwX+0ajGzh3mxl8QWEBmM43IKmxnfEDh511V7ZE7EMT2/DhPKsVHsO2pUTf1wQwYJIMJXUIy5feRaQupdmhFG/ViFmHAUEBw3r/AjQ8fjiHUdnrxl6TT2zjdk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=IlZJ4xKT; arc=none smtp.client-ip=115.124.30.98 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="IlZJ4xKT" DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1716948184; h=Message-ID:Subject:Date:From:To; bh=3SFYi3oG57/P8FL2z66pNqlfbX6wpCMtZY7JLpbe67s=; b=IlZJ4xKTGf6nQ0J7yasv1ebnKdDbGhAVQ8NhKdBcuc40K85uMqOD0oGEDG5xUhnej+lgYsr4kTJD/Qv25eo1Ca2BCYkHrL1MJxgqNe/p8E7ef6aiw/UXSYcyTnPweNBj/1RdIHiT8ZYgnPJn5FYct4BIYwYAe2XY4g+ztmpKFHQ= X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R201e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033045046011;MF=hengqi@linux.alibaba.com;NM=1;PH=DS;RN=12;SR=0;TI=SMTPD_---0W7R.lw0_1716948183; Received: from localhost(mailfrom:hengqi@linux.alibaba.com fp:SMTPD_---0W7R.lw0_1716948183) by smtp.aliyun-inc.com; Wed, 29 May 2024 10:03:03 +0800 Message-ID: <1716948138.442408-2-hengqi@linux.alibaba.com> Subject: Re: [PATCH net 2/2] virtio_net: fix missing lock protection on control_buf access Date: Wed, 29 May 2024 10:02:18 +0800 From: Heng Qi To: "Michael S. Tsirkin" Cc: netdev@vger.kernel.org, virtualization@lists.linux.dev, Jason Wang , Xuan Zhuo , =?utf-8?q?Eugenio_P=C3=A9rez?= , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Jiri Pirko , Daniel Jurgens References: <20240528075226.94255-1-hengqi@linux.alibaba.com> <20240528075226.94255-3-hengqi@linux.alibaba.com> <20240528114547-mutt-send-email-mst@kernel.org> <1716912105.4028382-1-hengqi@linux.alibaba.com> <20240528124435-mutt-send-email-mst@kernel.org> In-Reply-To: <20240528124435-mutt-send-email-mst@kernel.org> Precedence: bulk X-Mailing-List: virtualization@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: On Tue, 28 May 2024 12:45:32 -0400, "Michael S. Tsirkin" wrote: > On Wed, May 29, 2024 at 12:01:45AM +0800, Heng Qi wrote: > > On Tue, 28 May 2024 11:46:28 -0400, "Michael S. Tsirkin" wrote: > > > On Tue, May 28, 2024 at 03:52:26PM +0800, Heng Qi wrote: > > > > Refactored the handling of control_buf to be within the cvq_lock > > > > critical section, mitigating race conditions between reading device > > > > responses and new command submissions. > > > > > > > > Fixes: 6f45ab3e0409 ("virtio_net: Add a lock for the command VQ.") > > > > Signed-off-by: Heng Qi > > > > > > > > > I don't get what does this change. status can change immediately > > > after you drop the mutex, can it not? what exactly is the > > > race conditions you are worried about? > > > > See the following case: > > > > 1. Command A is acknowledged and successfully executed by the device. > > 2. After releasing the mutex (mutex_unlock), process P1 gets preempted before > > it can read vi->ctrl->status, *which should be VIRTIO_NET_OK*. > > 3. A new command B (like the DIM command) is issued. > > 4. Post vi->ctrl->status being set to VIRTIO_NET_ERR by > > virtnet_send_command_reply(), process P2 gets preempted. > > 5. Process P1 resumes, reads *vi->ctrl->status as VIRTIO_NET_ERR*, and reports > > this error back for Command A. <-- Race causes incorrect results to be read. > > > > Thanks. > > > Why is it important that P1 gets VIRTIO_NET_OK? > After all it is no longer the state. The driver needs to know whether the command actually executed success. Thanks. > > > > > > > > --- > > > > drivers/net/virtio_net.c | 4 +++- > > > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c > > > > index 6b0512a628e0..3d8407d9e3d2 100644 > > > > --- a/drivers/net/virtio_net.c > > > > +++ b/drivers/net/virtio_net.c > > > > @@ -2686,6 +2686,7 @@ static bool virtnet_send_command_reply(struct virtnet_info *vi, u8 class, u8 cmd > > > > { > > > > struct scatterlist *sgs[5], hdr, stat; > > > > u32 out_num = 0, tmp, in_num = 0; > > > > + bool ret; > > > > int err; > > > > > > > > /* Caller should know better */ > > > > @@ -2731,8 +2732,9 @@ static bool virtnet_send_command_reply(struct virtnet_info *vi, u8 class, u8 cmd > > > > } > > > > > > > > unlock: > > > > + ret = vi->ctrl->status == VIRTIO_NET_OK; > > > > mutex_unlock(&vi->cvq_lock); > > > > - return vi->ctrl->status == VIRTIO_NET_OK; > > > > + return ret; > > > > } > > > > > > > > static bool virtnet_send_command(struct virtnet_info *vi, u8 class, u8 cmd, > > > > -- > > > > 2.32.0.3.g01195cf9f > > > >