From nobody Fri May 3 03:04:09 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=163.com ARC-Seal: i=1; a=rsa-sha256; t=1600504124; cv=none; d=zohomail.com; s=zohoarc; b=QrY5Zo01i5gA6Ugy8P9pfvgrwwDadVM4v8tr3b5KRJ3xhFtwkxXudLojckobXn50zvR6LAz4BMKCHhxKrVjrWK34iyFZZvWm9UaNK8ujErYwwr0nDluneUsST8SMi26wr2Vzu9YiyNc5B7+zi1JSfktYT/Q6I9mkgrw9F9EE6sc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1600504124; h=Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:Sender:Subject:To; bh=mv9vAiivvmxvCEJBs8S/qaz6r9HO4URel5Bho94yIyo=; b=TF7T0VNrHamZAYBgiU8uF6Jg51V2a/O0Tn8m44CntJXztTqgoDaS/+pL5kfMW5Eh8y36QWiPZPy6QM3yDS2POIQJ44ghe4SenJD8kYlEfs2rc59rVXpVoE2HgDq8iADEqEfGJXf3POVDf+zLJdewcnCPvTaqcJPx5PaOgkrFdjY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1600504124837853.843770657686; Sat, 19 Sep 2020 01:28:44 -0700 (PDT) Received: from localhost ([::1]:56512 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kJYEc-0002Xc-8w for importer@patchew.org; Sat, 19 Sep 2020 04:28:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34326) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kJYDc-000288-FL for qemu-devel@nongnu.org; Sat, 19 Sep 2020 04:27:40 -0400 Received: from mail-m971.mail.163.com ([123.126.97.1]:49914) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kJYDV-0005jH-Id for qemu-devel@nongnu.org; Sat, 19 Sep 2020 04:27:38 -0400 Received: from localhost.localdomain (unknown [183.159.201.198]) by smtp1 (Coremail) with SMTP id GdxpCgBXCGDgwGVfmgOqBw--.284S4; Sat, 19 Sep 2020 16:27:14 +0800 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=mv9vAiivvmxvCEJBs8 S/qaz6r9HO4URel5Bho94yIyo=; b=N8VbCIMO8fvcDKCUK4wd1sNAWYjXI0R36B 3UvIF3vFE6+q5o2KR2+UZBewPZAuMhp1O/zPuqIaURtC4UFW0QS798najU5eqYKT ZUZg3dcZg+K8m7EGohIHSRSUAHLrN0FSJb5yGW/2UczIF9ERaroFonjgpxU7L/N0 IShCetFKo= From: Li Qiang To: pbonzini@redhat.com, mst@redhat.com Subject: [PATCH] virtio: update MemoryRegionCaches when guest set bad features Date: Sat, 19 Sep 2020 01:27:06 -0700 Message-Id: <20200919082706.6703-1-liq3ea@163.com> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: GdxpCgBXCGDgwGVfmgOqBw--.284S4 X-Coremail-Antispam: 1Uf129KBjvJXoW7Ar1kXr13GF45Zr4DCF17ZFb_yoW8Ar4Dp3 4xAFyYvFW2qrnxAan5tF4kWr4rArykGw429w1j9w12k3W8Xr13A34IkrZ2qFZrZ340vF48 CFW0gryjvrnrZaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07UOXoxUUUUU= X-Originating-IP: [183.159.201.198] X-CM-SenderInfo: 5oltjvrd6rljoofrz/1tbiTwOkbVsGV5aDWwAAsB Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=123.126.97.1; envelope-from=liq3ea@163.com; helo=mail-m971.mail.163.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/19 04:27:18 X-ACL-Warn: Detected OS = Linux 3.1-3.10 X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Li Qiang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @163.com) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Current the 'virtio_set_features' only update the 'MemorRegionCaches' when the 'virtio_set_features_nocheck' return '0' which means it is not bad features. However the guest can still trigger the access of the used vring after set bad features. In this situation it will cause assert failure in 'ADDRESS_SPACE_ST_CACHED'. Buglink: https://bugs.launchpad.net/qemu/+bug/1890333 Fixes: db812c4073c7 ("virtio: update MemoryRegionCaches when guest negotiat= es features") Reported-by: Alexander Bulekov Signed-off-by: Li Qiang Reviewed-by: Paolo Bonzini --- hw/virtio/virtio.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index e983025217..4441ae5ed4 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2963,17 +2963,16 @@ int virtio_set_features(VirtIODevice *vdev, uint64_= t val) return -EINVAL; } ret =3D virtio_set_features_nocheck(vdev, val); - if (!ret) { - if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) { - /* VIRTIO_RING_F_EVENT_IDX changes the size of the caches. */ - int i; - for (i =3D 0; i < VIRTIO_QUEUE_MAX; i++) { - if (vdev->vq[i].vring.num !=3D 0) { - virtio_init_region_cache(vdev, i); - } + if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) { + /* VIRTIO_RING_F_EVENT_IDX changes the size of the caches. */ + int i; + for (i =3D 0; i < VIRTIO_QUEUE_MAX; i++) { + if (vdev->vq[i].vring.num !=3D 0) { + virtio_init_region_cache(vdev, i); } } - + } + if (!ret) { if (!virtio_device_started(vdev, vdev->status) && !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) { vdev->start_on_kick =3D true; --=20 2.17.1