From nobody Sat Feb 7 22:21:32 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25B052E090A for ; Tue, 7 Oct 2025 13:06:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759842399; cv=none; b=rgNIIpQS0exByOIQUR5gvALYo1/ipmucz361MfONwuq39e5fjduyydWVYrztMgqHlo08Vedn2xs/+iK1zbYChIB7NvGZmzjYH2MPfP3tA8Jvr4tnE1NDkl0IafCfjPZPE33dW12TCwRNC7mR/jClwUHgA1uB7qg9a09veXJlnio= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759842399; c=relaxed/simple; bh=CbgSRFpb7XB1O45PNZtV0zJlxnlm5ctiO4bcGsZSTAo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CsbTsHn/IkXqIuOnIu/edmKzFc9bCDNs4xW6uItbx348iso/XKRpo1JlY4kHDSGoyr2nkd/4gqGNw0VJXCIDF8hF6DUDLYZ4iXyYvrlOLEBufxyx7mDzWY1yx5BjWu+a7yvtR2eUD+9D3Fl5s/Pmfs5W9U8VkcFTOKdSS8RQ0f8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=PvCz/hg9; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PvCz/hg9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1759842397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iLZdGxsC/2NvnmPmsweBVK3mEMdeM40KbC8BUJ8+sws=; b=PvCz/hg9uPX3yIlfD3a9HokaeWlu1Vbdu7MzAhmawcV721w2Fv+zHMLApz8I9Vg79W8zUH z3AdLHckHIXN4AeaW+ufUH3seQ7wMryjJLABb4GFNXeBMGO1QCYMHzeh6QGmeXTmYs8Pql BgVI0psi+FNzhewddS46s7W+oyhNYRQ= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-477-T0AFbYQsPrSxtP3nkFk38Q-1; Tue, 07 Oct 2025 09:06:34 -0400 X-MC-Unique: T0AFbYQsPrSxtP3nkFk38Q-1 X-Mimecast-MFC-AGG-ID: T0AFbYQsPrSxtP3nkFk38Q_1759842392 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9307C195609F; Tue, 7 Oct 2025 13:06:32 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.45.225.223]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0F504180141D; Tue, 7 Oct 2025 13:06:28 +0000 (UTC) From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= To: mst@redhat.com Cc: Yongji Xie , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, =?UTF-8?q?Eugenio=20P=C3=A9rez?= , Maxime Coquelin , Xuan Zhuo , Dragos Tatulea DE , jasowang@redhat.com Subject: [RFC 1/2] virtio_net: timeout control virtqueue commands Date: Tue, 7 Oct 2025 15:06:21 +0200 Message-ID: <20251007130622.144762-2-eperezma@redhat.com> In-Reply-To: <20251007130622.144762-1-eperezma@redhat.com> References: <20251007130622.144762-1-eperezma@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 An userland device implemented through VDUSE could take rtnl forever if the virtio-net driver is running on top of virtio_vdpa. Let's break the device if it does not return the buffer in a longer-than-assumible timeout. A less agressive path can be taken to recover the device, like only resetting the control virtqueue. However, the state of the device after this action is taken races, as the vq could be reset after the device writes the OK. Leaving TODO anyway. Signed-off-by: Eugenio P=C3=A9rez --- drivers/net/virtio_net.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 31bd32bdecaf..ed68ad69a019 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3576,6 +3576,7 @@ static bool virtnet_send_command_reply(struct virtnet= _info *vi, u8 class, u8 cmd { struct scatterlist *sgs[5], hdr, stat; u32 out_num =3D 0, tmp, in_num =3D 0; + unsigned long end_time; bool ok; int ret; =20 @@ -3614,11 +3615,20 @@ static bool virtnet_send_command_reply(struct virtn= et_info *vi, u8 class, u8 cmd =20 /* Spin for a response, the kick causes an ioport write, trapping * into the hypervisor, so the request should be handled immediately. + * + * Long timeout so a malicious device is not able to lock rtnl forever. */ + end_time =3D jiffies + 30 * HZ; while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) { cond_resched(); cpu_relax(); + + if (time_after(end_time, jiffies)) { + /* TODO Reset vq if possible? */ + virtio_break_device(vi->vdev); + break; + } } =20 unlock: --=20 2.51.0 From nobody Sat Feb 7 22:21:32 2026 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7AC12E090A for ; Tue, 7 Oct 2025 13:06:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759842404; cv=none; b=T4r9yxtEx7AuxgQcc2Utt4/fE8M9CfbG7QoNkd3wElkseFykihXGpWiwHbE9sNbQn4lzrGaa2/8EqVnadXvIp0p+nqQcYnO0tDoS3d8BPFiBqgHovQvsXb8sVdv5ZlotcZ8seyViKLtifITWx50yBAHhfTWY/kmZKcFmrSsVfE0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759842404; c=relaxed/simple; bh=jH8USJFHz+TatYvQZyvEvjcRufE0ISgWbue5iU4IKbU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=o4nNTc7Evv3w3QgBv+sgRAbe3Q1sorpG+RoPdkme0Z/tAi5dErpNNT5sT7/zq3h6iK0KwHF3YKPPb3KQ9LR3TkVpEWHrD3TEfc28clmxDVD+f3xQ+BcjZzFtwualyjjuaW8M7fX7CMQuVApY3CO4EnKZy/+QCj34QniZCouTm68= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ZzP9Ozgs; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ZzP9Ozgs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1759842401; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aT4NoVByCHa+UoA8fJzK7MRZDygxEBVSeNmApVyKU04=; b=ZzP9OzgsuDgGM9tD+E/ZKZ4INHuxV1K2ZSTqD/hr2Wk1/Nm7nclJVusVJgaOLEjEPZImKs ONOA6HqL9o7BwKDy6F9QpzPTZS3zOBVY4l8Uv+4dEYoER4en+RYy7XFPaVGMtOOJcE5fvz Dxe7aSAB2Tg7P/5nrv55UsAiPyEGTXg= Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-281-13BoF1p0OoK1U4tSRjAaQA-1; Tue, 07 Oct 2025 09:06:38 -0400 X-MC-Unique: 13BoF1p0OoK1U4tSRjAaQA-1 X-Mimecast-MFC-AGG-ID: 13BoF1p0OoK1U4tSRjAaQA_1759842397 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9FE811956095; Tue, 7 Oct 2025 13:06:36 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.45.225.223]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2FA321800446; Tue, 7 Oct 2025 13:06:32 +0000 (UTC) From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= To: mst@redhat.com Cc: Yongji Xie , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, =?UTF-8?q?Eugenio=20P=C3=A9rez?= , Maxime Coquelin , Xuan Zhuo , Dragos Tatulea DE , jasowang@redhat.com Subject: [RFC 2/2] vduse: lift restriction about net devices with CVQ Date: Tue, 7 Oct 2025 15:06:22 +0200 Message-ID: <20251007130622.144762-3-eperezma@redhat.com> In-Reply-To: <20251007130622.144762-1-eperezma@redhat.com> References: <20251007130622.144762-1-eperezma@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Now that the virtio_net driver is able to recover from a stall virtqueue, let's lift the restriction. Signed-off-by: Eugenio P=C3=A9rez --- drivers/vdpa/vdpa_user/vduse_dev.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vd= use_dev.c index e7bced0b5542..95d2b898171d 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -1726,9 +1726,6 @@ static bool features_is_valid(struct vduse_dev_config= *config) if ((config->device_id =3D=3D VIRTIO_ID_BLOCK) && (config->features & BIT_ULL(VIRTIO_BLK_F_CONFIG_WCE))) return false; - else if ((config->device_id =3D=3D VIRTIO_ID_NET) && - (config->features & BIT_ULL(VIRTIO_NET_F_CTRL_VQ))) - return false; =20 if ((config->device_id =3D=3D VIRTIO_ID_NET) && !(config->features & BIT_ULL(VIRTIO_F_VERSION_1))) --=20 2.51.0