Michael S. Tsirkin
2021-Feb-05 13:32 UTC
[PATCH v3 09/13] vhost/vdpa: remove vhost_vdpa_config_validate()
On Fri, Feb 05, 2021 at 10:16:51AM +0100, Stefano Garzarella wrote:> On Fri, Feb 05, 2021 at 11:27:32AM +0800, Jason Wang wrote: > > > > On 2021/2/5 ??1:22, Stefano Garzarella wrote: > > > get_config() and set_config() callbacks in the 'struct vdpa_config_ops' > > > usually already validated the inputs. Also now they can return an error, > > > so we don't need to validate them here anymore. > > > > > > Let's use the return value of these callbacks and return it in case of > > > error in vhost_vdpa_get_config() and vhost_vdpa_set_config(). > > > > > > Originally-by: Xie Yongji <xieyongji at bytedance.com> > > > Signed-off-by: Stefano Garzarella <sgarzare at redhat.com> > > > --- > > > drivers/vhost/vdpa.c | 41 +++++++++++++---------------------------- > > > 1 file changed, 13 insertions(+), 28 deletions(-) > > > > > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c > > > index ef688c8c0e0e..d61e779000a8 100644 > > > --- a/drivers/vhost/vdpa.c > > > +++ b/drivers/vhost/vdpa.c > > > @@ -185,51 +185,35 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp) > > > return 0; > > > } > > > -static int vhost_vdpa_config_validate(struct vhost_vdpa *v, > > > - struct vhost_vdpa_config *c) > > > -{ > > > - long size = 0; > > > - > > > - switch (v->virtio_id) { > > > - case VIRTIO_ID_NET: > > > - size = sizeof(struct virtio_net_config); > > > - break; > > > - } > > > - > > > - if (c->len == 0) > > > - return -EINVAL; > > > - > > > - if (c->len > size - c->off) > > > - return -E2BIG; > > > - > > > - return 0; > > > -} > > > - > > > static long vhost_vdpa_get_config(struct vhost_vdpa *v, > > > struct vhost_vdpa_config __user *c) > > > { > > > struct vdpa_device *vdpa = v->vdpa; > > > struct vhost_vdpa_config config; > > > unsigned long size = offsetof(struct vhost_vdpa_config, buf); > > > + long ret; > > > u8 *buf; > > > if (copy_from_user(&config, c, size)) > > > return -EFAULT; > > > - if (vhost_vdpa_config_validate(v, &config)) > > > + if (config.len == 0) > > > return -EINVAL; > > > buf = kvzalloc(config.len, GFP_KERNEL); > > > > > > Then it means usersapce can allocate a very large memory. > > Good point. > > > > > Rethink about this, we should limit the size here (e.g PAGE_SIZE) or > > fetch the config size first (either through a config ops as you > > suggested or a variable in the vdpa device that is initialized during > > device creation). > > Maybe PAGE_SIZE is okay as a limit. > > If instead we want to fetch the config size, then better a config ops in my > opinion, to avoid adding a new parameter to __vdpa_alloc_device(). > > I vote for PAGE_SIZE, but it isn't a strong opinion. > > What do you and @Michael suggest? > > Thanks, > StefanoDevices know what the config size is. Just have them provide it. -- MST
Stefano Garzarella
2021-Feb-05 14:17 UTC
[PATCH v3 09/13] vhost/vdpa: remove vhost_vdpa_config_validate()
On Fri, Feb 05, 2021 at 08:32:37AM -0500, Michael S. Tsirkin wrote:>On Fri, Feb 05, 2021 at 10:16:51AM +0100, Stefano Garzarella wrote: >> On Fri, Feb 05, 2021 at 11:27:32AM +0800, Jason Wang wrote: >> > >> > On 2021/2/5 ??1:22, Stefano Garzarella wrote: >> > > get_config() and set_config() callbacks in the 'struct vdpa_config_ops' >> > > usually already validated the inputs. Also now they can return an error, >> > > so we don't need to validate them here anymore. >> > > >> > > Let's use the return value of these callbacks and return it in case of >> > > error in vhost_vdpa_get_config() and vhost_vdpa_set_config(). >> > > >> > > Originally-by: Xie Yongji <xieyongji at bytedance.com> >> > > Signed-off-by: Stefano Garzarella <sgarzare at redhat.com> >> > > --- >> > > drivers/vhost/vdpa.c | 41 +++++++++++++---------------------------- >> > > 1 file changed, 13 insertions(+), 28 deletions(-) >> > > >> > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c >> > > index ef688c8c0e0e..d61e779000a8 100644 >> > > --- a/drivers/vhost/vdpa.c >> > > +++ b/drivers/vhost/vdpa.c >> > > @@ -185,51 +185,35 @@ static long vhost_vdpa_set_status(struct vhost_vdpa *v, u8 __user *statusp) >> > > return 0; >> > > } >> > > -static int vhost_vdpa_config_validate(struct vhost_vdpa *v, >> > > - struct vhost_vdpa_config *c) >> > > -{ >> > > - long size = 0; >> > > - >> > > - switch (v->virtio_id) { >> > > - case VIRTIO_ID_NET: >> > > - size = sizeof(struct virtio_net_config); >> > > - break; >> > > - } >> > > - >> > > - if (c->len == 0) >> > > - return -EINVAL; >> > > - >> > > - if (c->len > size - c->off) >> > > - return -E2BIG; >> > > - >> > > - return 0; >> > > -} >> > > - >> > > static long vhost_vdpa_get_config(struct vhost_vdpa *v, >> > > struct vhost_vdpa_config __user *c) >> > > { >> > > struct vdpa_device *vdpa = v->vdpa; >> > > struct vhost_vdpa_config config; >> > > unsigned long size = offsetof(struct vhost_vdpa_config, buf); >> > > + long ret; >> > > u8 *buf; >> > > if (copy_from_user(&config, c, size)) >> > > return -EFAULT; >> > > - if (vhost_vdpa_config_validate(v, &config)) >> > > + if (config.len == 0) >> > > return -EINVAL; >> > > buf = kvzalloc(config.len, GFP_KERNEL); >> > >> > >> > Then it means usersapce can allocate a very large memory. >> >> Good point. >> >> > >> > Rethink about this, we should limit the size here (e.g PAGE_SIZE) or >> > fetch the config size first (either through a config ops as you >> > suggested or a variable in the vdpa device that is initialized during >> > device creation). >> >> Maybe PAGE_SIZE is okay as a limit. >> >> If instead we want to fetch the config size, then better a config ops in my >> opinion, to avoid adding a new parameter to __vdpa_alloc_device(). >> >> I vote for PAGE_SIZE, but it isn't a strong opinion. >> >> What do you and @Michael suggest? >> >> Thanks, >> Stefano > >Devices know what the config size is. Just have them provide it. >Okay, I'll add get_config_size() callback in vdpa_config_ops and I'll leave vhost_vdpa_config_validate() that will use that callback instead of 'virtio_id' to get the config size from the device. At this point I think I can remove the "vdpa: add return value to get_config/set_config callbacks" patch and leave void return to get_config/set_config callbacks. Does this make sense? Thanks, Stefano