From nobody Mon Feb 9 01:19:39 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1618415925; cv=none; d=zohomail.com; s=zohoarc; b=dPWmR75Y+TuuqDO5Ksd3Fvs7W9DLx+xdCMPcpUEw2NDue+1nM4G/qSZYHujVfhaplCuxLHzL4xBxDVOWo8LaNvtkwatLcpEQdqh8bYTTKgGGHZb327HLZEL+Bz6O0JzyGavhN8Kbr0IFmBuZw6uid7r0UKEzD7PixVKEiVJ7fcw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618415925; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=wpHrQ/oLuTAEC/ZI+plX6btMqfXBCcjSWiaz5h6CYe8=; b=LMC7hfoE2Pu1NckdG+0S+UBNAnkHXhblMqkro8JPl8HFuepmEtU/r5Oa+dmx51EnZmyVEuuHmttNYWNDS/E5Ec/d4V+5SuZpx5OqMQjnS0L3btR7FfCwmkpnAczL1L+s/LuvjrNIAp4u0yhkmlB5dhf4mT8rQarSqZx9Ib/AxJA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618415924996557.7308829304866; Wed, 14 Apr 2021 08:58:44 -0700 (PDT) Received: from localhost ([::1]:39554 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lWhud-0004py-On for importer@patchew.org; Wed, 14 Apr 2021 11:58:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34166) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWho1-0007mw-Oi for qemu-devel@nongnu.org; Wed, 14 Apr 2021 11:51:57 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:37554) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWhny-0000Kn-SM for qemu-devel@nongnu.org; Wed, 14 Apr 2021 11:51:53 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-106-Ujzq3RvUNH-P_VQgdqxpXg-1; Wed, 14 Apr 2021 11:51:47 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 28465801FCE for ; Wed, 14 Apr 2021 15:51:47 +0000 (UTC) Received: from dgilbert-t580.localhost (ovpn-115-158.ams2.redhat.com [10.36.115.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B5AD13905; Wed, 14 Apr 2021 15:51:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618415509; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wpHrQ/oLuTAEC/ZI+plX6btMqfXBCcjSWiaz5h6CYe8=; b=GHlyGC72a5DuvexV6gWvWQSQ78QVz8qJ14U/ib2wfDCOXlHzYKHTYDuCVP+YEhWnJQ5jHl yynFyEHL2eRNnP8jlPCccuhgDwNzd3L2bgMbosm8wYTC9mia9c89zOdBw8Xufm2zaK3x0V W23tvezm3gNAgcF1r9x1AtGBOlz/spw= X-MC-Unique: Ujzq3RvUNH-P_VQgdqxpXg-1 From: "Dr. David Alan Gilbert (git)" To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com, virtio-fs@redhat.com Subject: [PATCH v2 04/25] DAX: libvhost-user: Allow popping a queue element with bad pointers Date: Wed, 14 Apr 2021 16:51:16 +0100 Message-Id: <20210414155137.46522-5-dgilbert@redhat.com> In-Reply-To: <20210414155137.46522-1-dgilbert@redhat.com> References: <20210414155137.46522-1-dgilbert@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dgilbert@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=dgilbert@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" From: "Dr. David Alan Gilbert" Allow a daemon implemented with libvhost-user to accept an element with pointers to memory that aren't in the mapping table. The daemon might have some special way to deal with some special cases of this. The default behaviour doesn't change. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Stefan Hajnoczi --- block/export/vhost-user-blk-server.c | 2 +- contrib/vhost-user-blk/vhost-user-blk.c | 3 +- contrib/vhost-user-gpu/vhost-user-gpu.c | 5 ++- contrib/vhost-user-input/main.c | 4 +- contrib/vhost-user-scsi/vhost-user-scsi.c | 2 +- subprojects/libvhost-user/libvhost-user.c | 51 ++++++++++++++++++----- subprojects/libvhost-user/libvhost-user.h | 8 +++- tests/vhost-user-bridge.c | 4 +- tools/virtiofsd/fuse_virtio.c | 3 +- 9 files changed, 60 insertions(+), 22 deletions(-) diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user= -blk-server.c index fa06996d37..84c6432325 100644 --- a/block/export/vhost-user-blk-server.c +++ b/block/export/vhost-user-blk-server.c @@ -293,7 +293,7 @@ static void vu_blk_process_vq(VuDev *vu_dev, int idx) while (1) { VuBlkReq *req; =20 - req =3D vu_queue_pop(vu_dev, vq, sizeof(VuBlkReq)); + req =3D vu_queue_pop(vu_dev, vq, sizeof(VuBlkReq), NULL, NULL); if (!req) { break; } diff --git a/contrib/vhost-user-blk/vhost-user-blk.c b/contrib/vhost-user-b= lk/vhost-user-blk.c index d14b2896bf..01193552e9 100644 --- a/contrib/vhost-user-blk/vhost-user-blk.c +++ b/contrib/vhost-user-blk/vhost-user-blk.c @@ -235,7 +235,8 @@ static int vub_virtio_process_req(VubDev *vdev_blk, unsigned out_num; VubReq *req; =20 - elem =3D vu_queue_pop(vu_dev, vq, sizeof(VuVirtqElement) + sizeof(VubR= eq)); + elem =3D vu_queue_pop(vu_dev, vq, sizeof(VuVirtqElement) + sizeof(VubR= eq), + NULL, NULL); if (!elem) { return -1; } diff --git a/contrib/vhost-user-gpu/vhost-user-gpu.c b/contrib/vhost-user-g= pu/vhost-user-gpu.c index f73f292c9f..827d15af00 100644 --- a/contrib/vhost-user-gpu/vhost-user-gpu.c +++ b/contrib/vhost-user-gpu/vhost-user-gpu.c @@ -840,7 +840,8 @@ vg_handle_ctrl(VuDev *dev, int qidx) return; } =20 - cmd =3D vu_queue_pop(dev, vq, sizeof(struct virtio_gpu_ctrl_comman= d)); + cmd =3D vu_queue_pop(dev, vq, sizeof(struct virtio_gpu_ctrl_comman= d), + NULL, NULL); if (!cmd) { break; } @@ -949,7 +950,7 @@ vg_handle_cursor(VuDev *dev, int qidx) struct virtio_gpu_update_cursor cursor; =20 for (;;) { - elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement)); + elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement), NULL, NULL); if (!elem) { break; } diff --git a/contrib/vhost-user-input/main.c b/contrib/vhost-user-input/mai= n.c index c15d18c33f..d5c435605c 100644 --- a/contrib/vhost-user-input/main.c +++ b/contrib/vhost-user-input/main.c @@ -57,7 +57,7 @@ static void vi_input_send(VuInput *vi, struct virtio_inpu= t_event *event) =20 /* ... then check available space ... */ for (i =3D 0; i < vi->qindex; i++) { - elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement)); + elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement), NULL, NULL); if (!elem) { while (--i >=3D 0) { vu_queue_unpop(dev, vq, vi->queue[i].elem, 0); @@ -141,7 +141,7 @@ static void vi_handle_sts(VuDev *dev, int qidx) g_debug("%s", G_STRFUNC); =20 for (;;) { - elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement)); + elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement), NULL, NULL); if (!elem) { break; } diff --git a/contrib/vhost-user-scsi/vhost-user-scsi.c b/contrib/vhost-user= -scsi/vhost-user-scsi.c index 4f6e3e2a24..7564d6ab2d 100644 --- a/contrib/vhost-user-scsi/vhost-user-scsi.c +++ b/contrib/vhost-user-scsi/vhost-user-scsi.c @@ -252,7 +252,7 @@ static void vus_proc_req(VuDev *vu_dev, int idx) VirtIOSCSICmdReq *req; VirtIOSCSICmdResp *rsp; =20 - elem =3D vu_queue_pop(vu_dev, vq, sizeof(VuVirtqElement)); + elem =3D vu_queue_pop(vu_dev, vq, sizeof(VuVirtqElement), NULL, NU= LL); if (!elem) { g_debug("No more elements pending on vq[%d]@%p", idx, vq); break; diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvho= st-user/libvhost-user.c index 937f64480d..68eb165755 100644 --- a/subprojects/libvhost-user/libvhost-user.c +++ b/subprojects/libvhost-user/libvhost-user.c @@ -2469,7 +2469,8 @@ vu_queue_set_notification(VuDev *dev, VuVirtq *vq, in= t enable) =20 static bool virtqueue_map_desc(VuDev *dev, - unsigned int *p_num_sg, struct iovec *iov, + unsigned int *p_num_sg, unsigned int *p_bad_sg, + struct iovec *iov, unsigned int max_num_sg, bool is_write, uint64_t pa, size_t sz) { @@ -2490,10 +2491,35 @@ virtqueue_map_desc(VuDev *dev, return false; } =20 - iov[num_sg].iov_base =3D vu_gpa_to_va(dev, &len, pa); - if (iov[num_sg].iov_base =3D=3D NULL) { - vu_panic(dev, "virtio: invalid address for buffers"); - return false; + if (p_bad_sg && *p_bad_sg) { + /* A previous mapping was bad, we won't try and map this eithe= r */ + *p_bad_sg =3D *p_bad_sg + 1; + } + if (!p_bad_sg || !*p_bad_sg) { + /* No bad mappings so far, lets try mapping this one */ + iov[num_sg].iov_base =3D vu_gpa_to_va(dev, &len, pa); + if (iov[num_sg].iov_base =3D=3D NULL) { + /* + * OK, it won't map, either panic or if the caller can han= dle + * it, then count it. + */ + if (!p_bad_sg) { + vu_panic(dev, "virtio: invalid address for buffers"); + return false; + } else { + *p_bad_sg =3D *p_bad_sg + 1; + } + } + } + if (p_bad_sg && *p_bad_sg) { + /* + * There was a bad mapping, either now or previously, since + * the caller set p_bad_sg it means it's prepared to deal with + * it, so give it the pa in the iov + * Note: In this case len will be the whole sz, so we won't + * go around again for this descriptor + */ + iov[num_sg].iov_base =3D (void *)(uintptr_t)pa; } iov[num_sg].iov_len =3D len; num_sg++; @@ -2524,7 +2550,8 @@ virtqueue_alloc_element(size_t sz, } =20 static void * -vu_queue_map_desc(VuDev *dev, VuVirtq *vq, unsigned int idx, size_t sz) +vu_queue_map_desc(VuDev *dev, VuVirtq *vq, unsigned int idx, size_t sz, + unsigned int *p_bad_in, unsigned int *p_bad_out) { struct vring_desc *desc =3D vq->vring.desc; uint64_t desc_addr, read_len; @@ -2568,7 +2595,7 @@ vu_queue_map_desc(VuDev *dev, VuVirtq *vq, unsigned i= nt idx, size_t sz) /* Collect all the descriptors */ do { if (le16toh(desc[i].flags) & VRING_DESC_F_WRITE) { - if (!virtqueue_map_desc(dev, &in_num, iov + out_num, + if (!virtqueue_map_desc(dev, &in_num, p_bad_in, iov + out_num, VIRTQUEUE_MAX_SIZE - out_num, true, le64toh(desc[i].addr), le32toh(desc[i].len))) { @@ -2579,7 +2606,7 @@ vu_queue_map_desc(VuDev *dev, VuVirtq *vq, unsigned i= nt idx, size_t sz) vu_panic(dev, "Incorrect order for descriptors"); return NULL; } - if (!virtqueue_map_desc(dev, &out_num, iov, + if (!virtqueue_map_desc(dev, &out_num, p_bad_out, iov, VIRTQUEUE_MAX_SIZE, false, le64toh(desc[i].addr), le32toh(desc[i].len))) { @@ -2669,7 +2696,8 @@ vu_queue_inflight_post_put(VuDev *dev, VuVirtq *vq, i= nt desc_idx) } =20 void * -vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz) +vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz, + unsigned int *p_bad_in, unsigned int *p_bad_out) { int i; unsigned int head; @@ -2682,7 +2710,8 @@ vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz) =20 if (unlikely(vq->resubmit_list && vq->resubmit_num > 0)) { i =3D (--vq->resubmit_num); - elem =3D vu_queue_map_desc(dev, vq, vq->resubmit_list[i].index, sz= ); + elem =3D vu_queue_map_desc(dev, vq, vq->resubmit_list[i].index, sz, + p_bad_in, p_bad_out); =20 if (!vq->resubmit_num) { free(vq->resubmit_list); @@ -2714,7 +2743,7 @@ vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz) vring_set_avail_event(vq, vq->last_avail_idx); } =20 - elem =3D vu_queue_map_desc(dev, vq, head, sz); + elem =3D vu_queue_map_desc(dev, vq, head, sz, p_bad_in, p_bad_out); =20 if (!elem) { return NULL; diff --git a/subprojects/libvhost-user/libvhost-user.h b/subprojects/libvho= st-user/libvhost-user.h index 3d13dfadde..330b61c005 100644 --- a/subprojects/libvhost-user/libvhost-user.h +++ b/subprojects/libvhost-user/libvhost-user.h @@ -589,11 +589,17 @@ void vu_queue_notify_sync(VuDev *dev, VuVirtq *vq); * @dev: a VuDev context * @vq: a VuVirtq queue * @sz: the size of struct to return (must be >=3D VuVirtqElement) + * @p_bad_in: If none NULL, a pointer to an integer count of + * unmappable regions in input descriptors + * @p_bad_out: If none NULL, a pointer to an integer count of + * unmappable regions in output descriptors + * * * Returns: a VuVirtqElement filled from the queue or NULL. The * returned element must be free()-d by the caller. */ -void *vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz); +void *vu_queue_pop(VuDev *dev, VuVirtq *vq, size_t sz, + unsigned int *p_bad_in, unsigned int *p_bad_out); =20 =20 /** diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c index 24815920b2..4f6829e6c3 100644 --- a/tests/vhost-user-bridge.c +++ b/tests/vhost-user-bridge.c @@ -184,7 +184,7 @@ vubr_handle_tx(VuDev *dev, int qidx) unsigned int out_num; struct iovec sg[VIRTQUEUE_MAX_SIZE], *out_sg; =20 - elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement)); + elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement), NULL, NULL); if (!elem) { break; } @@ -299,7 +299,7 @@ vubr_backend_recv_cb(int sock, void *ctx) ssize_t ret, total =3D 0; unsigned int num; =20 - elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement)); + elem =3D vu_queue_pop(dev, vq, sizeof(VuVirtqElement), NULL, NULL); if (!elem) { break; } diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c index 6dd73c9b72..2604e7f418 100644 --- a/tools/virtiofsd/fuse_virtio.c +++ b/tools/virtiofsd/fuse_virtio.c @@ -732,7 +732,8 @@ static void *fv_queue_thread(void *opaque) __func__, qi->qidx, (size_t)evalue, in_bytes, out_bytes); =20 while (1) { - FVRequest *req =3D vu_queue_pop(dev, q, sizeof(FVRequest)); + FVRequest *req =3D vu_queue_pop(dev, q, sizeof(FVRequest), + NULL, NULL); if (!req) { break; } --=20 2.31.1