From nobody Sat May 4 21:45:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1490105779452538.1255921255901; Tue, 21 Mar 2017 07:16:19 -0700 (PDT) Received: from localhost ([::1]:40489 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cqKaA-0001aa-6w for importer@patchew.org; Tue, 21 Mar 2017 10:16:18 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57695) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cqKXT-00086J-Ou for qemu-devel@nongnu.org; Tue, 21 Mar 2017 10:13:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cqKXP-0002sZ-Mk for qemu-devel@nongnu.org; Tue, 21 Mar 2017 10:13:31 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:44453 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cqKXP-0002sL-GH for qemu-devel@nongnu.org; Tue, 21 Mar 2017 10:13:27 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v2LE93hp147417 for ; Tue, 21 Mar 2017 10:13:26 -0400 Received: from e06smtp10.uk.ibm.com (e06smtp10.uk.ibm.com [195.75.94.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 29b50cajqw-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 21 Mar 2017 10:13:26 -0400 Received: from localhost by e06smtp10.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 21 Mar 2017 14:13:24 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp10.uk.ibm.com (192.168.101.140) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 21 Mar 2017 14:13:21 -0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v2LEDL5u20119952; Tue, 21 Mar 2017 14:13:21 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CEA0DAE055; Tue, 21 Mar 2017 14:12:53 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C632EAE045; Tue, 21 Mar 2017 14:12:53 +0000 (GMT) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 21 Mar 2017 14:12:53 +0000 (GMT) Received: from bahia.lan (icon-9-164-181-250.megacenter.de.ibm.com [9.164.181.250]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 8EE71220195; Tue, 21 Mar 2017 15:13:19 +0100 (CET) From: Greg Kurz To: qemu-devel@nongnu.org Date: Tue, 21 Mar 2017 15:12:59 +0100 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1490105580-5008-1-git-send-email-groug@kaod.org> References: <1490105580-5008-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17032114-0040-0000-0000-0000034C5326 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17032114-0041-0000-0000-0000249DDE18 Message-Id: <1490105580-5008-2-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-21_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703210126 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 1/2] 9pfs: don't try to flush self and avoid QEMU hang on reset X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" According to the 9P spec [*], when a client wants to cancel a pending I/O request identified by a given tag (uint16), it must send a Tflush message and wait for the server to respond with a Rflush message before reusing this tag for another I/O. The server may still send a completion message for the I/O if it wasn't actually cancelled but the Rflush message must arrive after that. QEMU hence waits for the flushed PDU to complete before sending the Rflush message back to the client. If a client sends 'Tflush tag oldtag' and tag =3D=3D oldtag, QEMU will then allocate a PDU identified by tag, find it in the PDU list and wait for this same PDU to complete... i.e. wait for a completion that will never happen. This causes a tag and ring slot leak in the guest, and a PDU leak in QEMU, all of them limited by the maximal number of PDUs (128). But, worse, this causes QEMU to hang on device reset since v9fs_reset() wants to drain all pending I/O. This insane behavior is likely to denote a bug in the client, and it would deserve an Rerror message to be sent back. Unfortunately, the protocol allows it and requires all flush requests to suceed (only a Tflush response is expected). The only option is to detect when we have to handle a self-referencing flush request and report success to the client right away. [*] http://man.cat-v.org/plan_9/5/flush Reported-by: Al Viro Signed-off-by: Greg Kurz --- hw/9pfs/9p.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 76c9247c777d..b8c0b993580c 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -2353,7 +2353,7 @@ static void coroutine_fn v9fs_flush(void *opaque) ssize_t err; int16_t tag; size_t offset =3D 7; - V9fsPDU *cancel_pdu; + V9fsPDU *cancel_pdu =3D NULL; V9fsPDU *pdu =3D opaque; V9fsState *s =3D pdu->s; =20 @@ -2364,9 +2364,13 @@ static void coroutine_fn v9fs_flush(void *opaque) } trace_v9fs_flush(pdu->tag, pdu->id, tag); =20 - QLIST_FOREACH(cancel_pdu, &s->active_list, next) { - if (cancel_pdu->tag =3D=3D tag) { - break; + if (pdu->tag =3D=3D tag) { + error_report("Warning: the guest sent a self-referencing 9P flush = request"); + } else { + QLIST_FOREACH(cancel_pdu, &s->active_list, next) { + if (cancel_pdu->tag =3D=3D tag) { + break; + } } } if (cancel_pdu) { --=20 2.7.4 From nobody Sat May 4 21:45:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1490105680924531.0580477144797; Tue, 21 Mar 2017 07:14:40 -0700 (PDT) Received: from localhost ([::1]:40479 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cqKYZ-0000Km-J5 for importer@patchew.org; Tue, 21 Mar 2017 10:14:39 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57697) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cqKXT-00086Z-VG for qemu-devel@nongnu.org; Tue, 21 Mar 2017 10:13:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cqKXP-0002sg-VC for qemu-devel@nongnu.org; Tue, 21 Mar 2017 10:13:31 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:49833 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cqKXP-0002sR-OZ for qemu-devel@nongnu.org; Tue, 21 Mar 2017 10:13:27 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v2LE9523005777 for ; Tue, 21 Mar 2017 10:13:27 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 29ajffc4qy-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 21 Mar 2017 10:13:26 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 21 Mar 2017 14:13:25 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 21 Mar 2017 14:13:23 -0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v2LEDNqP37945410; Tue, 21 Mar 2017 14:13:23 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D3A9A4057; Tue, 21 Mar 2017 14:13:02 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4AF81A404D; Tue, 21 Mar 2017 14:13:02 +0000 (GMT) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 21 Mar 2017 14:13:02 +0000 (GMT) Received: from bahia.lan (icon-9-164-181-250.megacenter.de.ibm.com [9.164.181.250]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 077A1220195; Tue, 21 Mar 2017 15:13:21 +0100 (CET) From: Greg Kurz To: qemu-devel@nongnu.org Date: Tue, 21 Mar 2017 15:13:00 +0100 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1490105580-5008-1-git-send-email-groug@kaod.org> References: <1490105580-5008-1-git-send-email-groug@kaod.org> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 17032114-0040-0000-0000-0000036A5177 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17032114-0041-0000-0000-00001F5BDD0A Message-Id: <1490105580-5008-3-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-21_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703210126 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mx0b-001b2d01.pphosted.com id v2LE9523005777 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 2/2] 9pfs: proxy: assert if unmarshal fails X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Replies from the virtfs proxy are made up of a fixed-size header (8 bytes) and a payload of variable size (maximum 64kb). When receiving a reply, the proxy backend first reads the whole header and then unmarshals it. If the header is okay, it then does the same operation with the payload. Since the proxy backend uses a pre-allocated buffer which has enough room for a header and the maximum payload size, marshalling should never fail with fixed size arguments. Any error here is likely to result from a more serious corruption in QEMU and we'd better dump core right away. This patch adds error checks where they are missing and converts the associated error paths into assertions. This should also address Coverity's complaints CID 1348519 and CID 1348520, about not always checking the return value of proxy_unmarshal(). Signed-off-by: Greg Kurz Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/9pfs/9p-proxy.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c index f4aa7a9d70f8..28b20a7c3dfa 100644 --- a/hw/9pfs/9p-proxy.c +++ b/hw/9pfs/9p-proxy.c @@ -165,7 +165,8 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, return retval; } reply->iov_len =3D PROXY_HDR_SZ; - proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); + retval =3D proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); + assert(retval =3D=3D 4 * 2); /* * if response size > PROXY_MAX_IO_SZ, read the response but ignore it= and * return -ENOBUFS @@ -194,9 +195,7 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, if (header.type =3D=3D T_ERROR) { int ret; ret =3D proxy_unmarshal(reply, PROXY_HDR_SZ, "d", status); - if (ret < 0) { - *status =3D ret; - } + assert(ret =3D=3D 4); return 0; } =20 @@ -213,6 +212,7 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, &prstat.st_atim_sec, &prstat.st_atim_nsec, &prstat.st_mtim_sec, &prstat.st_mtim_nsec, &prstat.st_ctim_sec, &prstat.st_ctim_nsec= ); + assert(retval =3D=3D 8 * 3 + 4 * 3 + 8 * 10); prstat_to_stat(response, &prstat); break; } @@ -225,6 +225,7 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, &prstfs.f_files, &prstfs.f_ffree, &prstfs.f_fsid[0], &prstfs.f_fsid[1], &prstfs.f_namelen, &prstfs.f_frsize); + assert(retval =3D=3D 8 * 11); prstatfs_to_statfs(response, &prstfs); break; } @@ -246,7 +247,8 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, break; } case T_GETVERSION: - proxy_unmarshal(reply, PROXY_HDR_SZ, "q", response); + retval =3D proxy_unmarshal(reply, PROXY_HDR_SZ, "q", response); + assert(retval =3D=3D 8); break; default: return -1; @@ -274,18 +276,16 @@ static int v9fs_receive_status(V9fsProxy *proxy, return retval; } reply->iov_len =3D PROXY_HDR_SZ; - proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); - if (header.size !=3D sizeof(int)) { - *status =3D -ENOBUFS; - return 0; - } + retval =3D proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); + assert(retval =3D=3D 4 * 2); retval =3D socket_read(proxy->sockfd, reply->iov_base + PROXY_HDR_SZ, header.size); if (retval < 0) { return retval; } reply->iov_len +=3D header.size; - proxy_unmarshal(reply, PROXY_HDR_SZ, "d", status); + retval =3D proxy_unmarshal(reply, PROXY_HDR_SZ, "d", status); + assert(retval =3D=3D 4); return 0; } =20 --=20 2.7.4