[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL v4 20/48] virtio: update MemoryRegionCaches when guest set bad fea
From: |
Michael S. Tsirkin |
Subject: |
[PULL v4 20/48] virtio: update MemoryRegionCaches when guest set bad features |
Date: |
Tue, 29 Sep 2020 03:21:45 -0400 |
From: Li Qiang <liq3ea@163.com>
Current the 'virtio_set_features' only update the 'MemorRegionCaches'
when the 'virtio_set_features_nocheck' return '0' which means it is
not bad features. However the guest can still trigger the access of the
used vring after set bad features. In this situation it will cause assert
failure in 'ADDRESS_SPACE_ST_CACHED'.
Buglink: https://bugs.launchpad.net/qemu/+bug/1890333
Fixes: db812c4073c7 ("virtio: update MemoryRegionCaches when guest negotiates
features")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200919082706.6703-1-liq3ea@163.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/virtio/virtio.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index a2edb4f386..6f8f865aff 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2963,17 +2963,16 @@ int virtio_set_features(VirtIODevice *vdev, uint64_t
val)
return -EINVAL;
}
ret = virtio_set_features_nocheck(vdev, val);
- if (!ret) {
- if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
- /* VIRTIO_RING_F_EVENT_IDX changes the size of the caches. */
- int i;
- for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
- if (vdev->vq[i].vring.num != 0) {
- virtio_init_region_cache(vdev, i);
- }
+ if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
+ /* VIRTIO_RING_F_EVENT_IDX changes the size of the caches. */
+ int i;
+ for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
+ if (vdev->vq[i].vring.num != 0) {
+ virtio_init_region_cache(vdev, i);
}
}
-
+ }
+ if (!ret) {
if (!virtio_device_started(vdev, vdev->status) &&
!virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) {
vdev->start_on_kick = true;
--
MST
- [PULL v4 41/48] tests/acpi: unit test for 'acpi-pci-hotplug-with-bridge-support' bridge flag, (continued)
- [PULL v4 41/48] tests/acpi: unit test for 'acpi-pci-hotplug-with-bridge-support' bridge flag, Michael S. Tsirkin, 2020/09/29
- [PULL v4 42/48] tests/acpi: add newly added acpi DSDT table blob for pci bridge hotplug flag, Michael S. Tsirkin, 2020/09/29
- [PULL v4 44/48] piix4: don't reserve hw resources when hotplug is off globally, Michael S. Tsirkin, 2020/09/29
- [PULL v4 43/48] Add ACPI DSDT tables for q35 that are being updated by the next patch, Michael S. Tsirkin, 2020/09/29
- [PULL v4 46/48] hw: virtio-pmem: detach the element fromt the virtqueue when error occurs, Michael S. Tsirkin, 2020/09/29
- [PULL v4 48/48] libvhost-user: return on error in vu_log_queue_fill(), Michael S. Tsirkin, 2020/09/29
- [PULL v4 12/48] virtio-pmem-pci: force virtio version 1, Michael S. Tsirkin, 2020/09/29
- [PULL v4 01/48] linux headers: sync to 5.9-rc4, Michael S. Tsirkin, 2020/09/29
- [PULL v4 23/48] x86: cpuhp: refuse cpu hot-unplug request earlier if not supported, Michael S. Tsirkin, 2020/09/29
- [PULL v4 30/48] tests: acpi: update acpi blobs with new AML, Michael S. Tsirkin, 2020/09/29
- [PULL v4 20/48] virtio: update MemoryRegionCaches when guest set bad features,
Michael S. Tsirkin <=
- [PULL v4 02/48] vhost: switch to use IOTLB v2 format, Michael S. Tsirkin, 2020/09/29
- [PULL v4 47/48] libvhost-user: return early on virtqueue errors, Michael S. Tsirkin, 2020/09/29
- [PULL v4 45/48] tests/acpi: update golden master DSDT binary table blobs for q35, Michael S. Tsirkin, 2020/09/29
- Re: [PULL v4 00/48] virtio,pc,acpi: fixes, tests, no-reply, 2020/09/29
- Re: [PULL v4 00/48] virtio,pc,acpi: fixes, tests, no-reply, 2020/09/29
- Re: [PULL v4 00/48] virtio,pc,acpi: fixes, tests, Peter Maydell, 2020/09/29
- Re: [PULL v4 00/48] virtio,pc,acpi: fixes, tests, Michael S. Tsirkin, 2020/09/29