From: Asias He <asias@redhat.com>
To: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Cc: kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>,
virtualization@lists.linux-foundation.org,
target-devel@vger.kernel.org,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq
Date: Wed, 10 Apr 2013 11:37:03 +0800 [thread overview]
Message-ID: <20130410033703.GA16756@hj.localdomain> (raw)
In-Reply-To: <1365522402.24346.146.camel@haakon2.linux-iscsi.org>
On Tue, Apr 09, 2013 at 08:46:42AM -0700, Nicholas A. Bellinger wrote:
> On Tue, 2013-04-09 at 17:16 +0800, Asias He wrote:
> > If we fail to submit the allocated tv_vmd to tcm_vhost_submission_work,
> > we will leak the tv_vmd. Free tv_vmd on fail path.
> >
> > Signed-off-by: Asias He <asias@redhat.com>
> > ---
> > drivers/vhost/tcm_vhost.c | 11 ++++++++---
> > 1 file changed, 8 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
> > index 3351ed3..1f9116c 100644
> > --- a/drivers/vhost/tcm_vhost.c
> > +++ b/drivers/vhost/tcm_vhost.c
> > @@ -860,7 +860,7 @@ static void vhost_scsi_handle_vq(struct vhost_scsi *vs,
> > vq_err(vq, "Expecting virtio_scsi_cmd_resp, got %zu"
> > " bytes, out: %d, in: %d\n",
> > vq->iov[out].iov_len, out, in);
> > - break;
> > + goto err;
> > }
> >
> > tv_cmd->tvc_resp = vq->iov[out].iov_base;
> > @@ -882,7 +882,7 @@ static void vhost_scsi_handle_vq(struct vhost_scsi *vs,
> > " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n",
> > scsi_command_size(tv_cmd->tvc_cdb),
> > TCM_VHOST_MAX_CDB_SIZE);
> > - break; /* TODO */
> > + goto err;
> > }
> > tv_cmd->tvc_lun = ((v_req.lun[2] << 8) | v_req.lun[3]) & 0x3FFF;
> >
> > @@ -895,7 +895,7 @@ static void vhost_scsi_handle_vq(struct vhost_scsi *vs,
> > data_direction == DMA_TO_DEVICE);
> > if (unlikely(ret)) {
> > vq_err(vq, "Failed to map iov to sgl\n");
> > - break; /* TODO */
> > + goto err;
> > }
> > }
> >
>
> Mmmm, I think these cases also require a VIRTIO_SCSI_S_BAD_TARGET +
> __copy_to_user + vhost_add_used_and_signal similar to how !tv_tpg is
> handled.. Otherwise virtio-scsi will end up in scsi timeout -> abort,
> no..?
>
> Ditto for the vhost_scsi_allocate_cmd failure case..
Sent out new patches.
> vhost-net uses vhost_discard_vq_desc for some failure cases, is that
> needed here for the failure cases before __copy_from_user is called..?
I don't think it is useful. vhost_discard_vq_desc reverse the effect of
vhost_get_vq_desc. If we put it back in the queue and next time we will
still fail.
> > @@ -916,6 +916,11 @@ static void vhost_scsi_handle_vq(struct vhost_scsi *vs,
> > }
> >
> > mutex_unlock(&vq->mutex);
> > + return;
> > +
> > +err:
> > + vhost_scsi_free_cmd(tv_cmd);
> > + mutex_unlock(&vq->mutex);
> > }
> >
> > static void vhost_scsi_ctl_handle_kick(struct vhost_work *work)
>
>
--
Asias
next prev parent reply other threads:[~2013-04-10 3:37 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-09 9:16 [PATCH] tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq Asias He
2013-04-09 8:26 ` Michael S. Tsirkin
2013-04-09 15:46 ` Nicholas A. Bellinger
[not found] ` <1365522402.24346.146.camel@haakon2.linux-iscsi.org>
2013-04-10 3:23 ` [PATCH 0/3] tcm_vhost fix cmd leak and bad target Asias He
2013-04-10 6:19 ` Asias He
2013-04-10 7:06 ` [PATCH v2 0/4] tcm_vhost fix cmd leak and send " Asias He
2013-04-10 21:19 ` Nicholas A. Bellinger
2013-04-11 7:22 ` Michael S. Tsirkin
2013-04-11 8:42 ` Asias He
2013-04-10 7:06 ` [PATCH v2 1/4] tcm_vhost: Remove double check of response Asias He
2013-04-10 7:06 ` [PATCH v2 2/4] tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq Asias He
2013-04-10 7:06 ` [PATCH v2 3/4] tcm_vhost: Add vhost_scsi_send_bad_target() helper Asias He
2013-04-10 7:06 ` [PATCH v2 4/4] tcm_vhost: Send bad target to guest when cmd fails Asias He
2013-04-10 3:23 ` [PATCH 1/3] tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq Asias He
2013-04-10 3:23 ` [PATCH 2/3] tcm_vhost: Add vhost_scsi_send_bad_target() helper Asias He
2013-04-10 3:23 ` [PATCH 3/3] tcm_vhost: Send bad target to guest when cmd fails Asias He
2013-04-10 3:37 ` Asias He [this message]
2013-04-14 8:43 ` [PATCH] tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130410033703.GA16756@hj.localdomain \
--to=asias@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=nab@linux-iscsi.org \
--cc=pbonzini@redhat.com \
--cc=stefanha@redhat.com \
--cc=target-devel@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).