Re: [PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
On Tue, 2012-12-11 at 23:39 -0200, Marcelo Tosatti wrote: > On Tue, Dec 11, 2012 at 11:29:09PM -0200, Marcelo Tosatti wrote: > > On Mon, Dec 10, 2012 at 10:32:45AM -0700, Alex Williamson wrote: > > > The API documentation states: > > > > > > When changing an existing slot, it may be moved in the guest > > > physical memory space, or its flags may be modified. > > > > > > An "existing slot" requires a non-zero npages (memory_size). The only > > > transition we should therefore allow for a non-existing slot should be > > > to create the slot, which includes setting a non-zero memory_size. We > > > currently allow calls to modify non-existing slots, which is pointless, > > > confusing, and possibly wrong. > > > > > > With this we know that the invalidation path of __kvm_set_memory_region > > > is always for a delete or move and never for adding a zero size slot. > > > > > > Signed-off-by: Alex Williamson > > > --- > > > virt/kvm/kvm_main.c |9 +++-- > > > 1 file changed, 7 insertions(+), 2 deletions(-) > > > > > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > > > index 6e8fa7e..e426704 100644 > > > --- a/virt/kvm/kvm_main.c > > > +++ b/virt/kvm/kvm_main.c > > > @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, > > > new.npages = npages; > > > new.flags = mem->flags; > > > > > > - /* Disallow changing a memory slot's size. */ > > > + /* > > > + * Disallow changing a memory slot's size or changing anything about > > > + * zero sized slots that doesn't involve making them non-zero. > > > + */ > > > r = -EINVAL; > > > if (npages && old.npages && npages != old.npages) > > > goto out_free; > > > + if (!npages && !old.npages) > > > + goto out_free; > > > > /* General sanity checks */ > > if (mem->memory_size & (PAGE_SIZE - 1)) > > goto out; > > if (mem->guest_phys_addr & (PAGE_SIZE - 1)) > > goto out; > > > > if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) > > goto out; > > > > If mem->memory_size is zero, then check above fails. > > Err, no read a "<=" while writing that. ;) Thanks for the double check, Alex > > If mem->memory_size > 0, it must be at least PAGE_SIZE, in which case > > npages == 1. > > > > Which means the code does not allow changes to non-existing slots. > > Yes? > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
On Mon, Dec 10, 2012 at 10:32:45AM -0700, Alex Williamson wrote: > The API documentation states: > > When changing an existing slot, it may be moved in the guest > physical memory space, or its flags may be modified. > > An "existing slot" requires a non-zero npages (memory_size). The only > transition we should therefore allow for a non-existing slot should be > to create the slot, which includes setting a non-zero memory_size. We > currently allow calls to modify non-existing slots, which is pointless, > confusing, and possibly wrong. > > With this we know that the invalidation path of __kvm_set_memory_region > is always for a delete or move and never for adding a zero size slot. > > Signed-off-by: Alex Williamson > --- > virt/kvm/kvm_main.c |9 +++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > index 6e8fa7e..e426704 100644 > --- a/virt/kvm/kvm_main.c > +++ b/virt/kvm/kvm_main.c > @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, > new.npages = npages; > new.flags = mem->flags; > > - /* Disallow changing a memory slot's size. */ > + /* > + * Disallow changing a memory slot's size or changing anything about > + * zero sized slots that doesn't involve making them non-zero. > + */ > r = -EINVAL; > if (npages && old.npages && npages != old.npages) > goto out_free; > + if (!npages && !old.npages) > + goto out_free; /* General sanity checks */ if (mem->memory_size & (PAGE_SIZE - 1)) goto out; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) goto out; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) goto out; If mem->memory_size is zero, then check above fails. If mem->memory_size > 0, it must be at least PAGE_SIZE, in which case npages == 1. Which means the code does not allow changes to non-existing slots. Yes? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
On Tue, Dec 11, 2012 at 11:29:09PM -0200, Marcelo Tosatti wrote: > On Mon, Dec 10, 2012 at 10:32:45AM -0700, Alex Williamson wrote: > > The API documentation states: > > > > When changing an existing slot, it may be moved in the guest > > physical memory space, or its flags may be modified. > > > > An "existing slot" requires a non-zero npages (memory_size). The only > > transition we should therefore allow for a non-existing slot should be > > to create the slot, which includes setting a non-zero memory_size. We > > currently allow calls to modify non-existing slots, which is pointless, > > confusing, and possibly wrong. > > > > With this we know that the invalidation path of __kvm_set_memory_region > > is always for a delete or move and never for adding a zero size slot. > > > > Signed-off-by: Alex Williamson > > --- > > virt/kvm/kvm_main.c |9 +++-- > > 1 file changed, 7 insertions(+), 2 deletions(-) > > > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > > index 6e8fa7e..e426704 100644 > > --- a/virt/kvm/kvm_main.c > > +++ b/virt/kvm/kvm_main.c > > @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, > > new.npages = npages; > > new.flags = mem->flags; > > > > - /* Disallow changing a memory slot's size. */ > > + /* > > +* Disallow changing a memory slot's size or changing anything about > > +* zero sized slots that doesn't involve making them non-zero. > > +*/ > > r = -EINVAL; > > if (npages && old.npages && npages != old.npages) > > goto out_free; > > + if (!npages && !old.npages) > > + goto out_free; > > /* General sanity checks */ > if (mem->memory_size & (PAGE_SIZE - 1)) > goto out; > if (mem->guest_phys_addr & (PAGE_SIZE - 1)) > goto out; > > if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) > goto out; > > If mem->memory_size is zero, then check above fails. Err, no read a "<=" while writing that. > If mem->memory_size > 0, it must be at least PAGE_SIZE, in which case > npages == 1. > > Which means the code does not allow changes to non-existing slots. > Yes? > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
On Tue, Dec 11, 2012 at 11:29:09PM -0200, Marcelo Tosatti wrote: On Mon, Dec 10, 2012 at 10:32:45AM -0700, Alex Williamson wrote: The API documentation states: When changing an existing slot, it may be moved in the guest physical memory space, or its flags may be modified. An existing slot requires a non-zero npages (memory_size). The only transition we should therefore allow for a non-existing slot should be to create the slot, which includes setting a non-zero memory_size. We currently allow calls to modify non-existing slots, which is pointless, confusing, and possibly wrong. With this we know that the invalidation path of __kvm_set_memory_region is always for a delete or move and never for adding a zero size slot. Signed-off-by: Alex Williamson alex.william...@redhat.com --- virt/kvm/kvm_main.c |9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 6e8fa7e..e426704 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, new.npages = npages; new.flags = mem-flags; - /* Disallow changing a memory slot's size. */ + /* +* Disallow changing a memory slot's size or changing anything about +* zero sized slots that doesn't involve making them non-zero. +*/ r = -EINVAL; if (npages old.npages npages != old.npages) goto out_free; + if (!npages !old.npages) + goto out_free; /* General sanity checks */ if (mem-memory_size (PAGE_SIZE - 1)) goto out; if (mem-guest_phys_addr (PAGE_SIZE - 1)) goto out; if (mem-guest_phys_addr + mem-memory_size mem-guest_phys_addr) goto out; If mem-memory_size is zero, then check above fails. Err, no read a = while writing that. If mem-memory_size 0, it must be at least PAGE_SIZE, in which case npages == 1. Which means the code does not allow changes to non-existing slots. Yes? -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
On Mon, Dec 10, 2012 at 10:32:45AM -0700, Alex Williamson wrote: The API documentation states: When changing an existing slot, it may be moved in the guest physical memory space, or its flags may be modified. An existing slot requires a non-zero npages (memory_size). The only transition we should therefore allow for a non-existing slot should be to create the slot, which includes setting a non-zero memory_size. We currently allow calls to modify non-existing slots, which is pointless, confusing, and possibly wrong. With this we know that the invalidation path of __kvm_set_memory_region is always for a delete or move and never for adding a zero size slot. Signed-off-by: Alex Williamson alex.william...@redhat.com --- virt/kvm/kvm_main.c |9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 6e8fa7e..e426704 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, new.npages = npages; new.flags = mem-flags; - /* Disallow changing a memory slot's size. */ + /* + * Disallow changing a memory slot's size or changing anything about + * zero sized slots that doesn't involve making them non-zero. + */ r = -EINVAL; if (npages old.npages npages != old.npages) goto out_free; + if (!npages !old.npages) + goto out_free; /* General sanity checks */ if (mem-memory_size (PAGE_SIZE - 1)) goto out; if (mem-guest_phys_addr (PAGE_SIZE - 1)) goto out; if (mem-guest_phys_addr + mem-memory_size mem-guest_phys_addr) goto out; If mem-memory_size is zero, then check above fails. If mem-memory_size 0, it must be at least PAGE_SIZE, in which case npages == 1. Which means the code does not allow changes to non-existing slots. Yes? -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
On Tue, 2012-12-11 at 23:39 -0200, Marcelo Tosatti wrote: On Tue, Dec 11, 2012 at 11:29:09PM -0200, Marcelo Tosatti wrote: On Mon, Dec 10, 2012 at 10:32:45AM -0700, Alex Williamson wrote: The API documentation states: When changing an existing slot, it may be moved in the guest physical memory space, or its flags may be modified. An existing slot requires a non-zero npages (memory_size). The only transition we should therefore allow for a non-existing slot should be to create the slot, which includes setting a non-zero memory_size. We currently allow calls to modify non-existing slots, which is pointless, confusing, and possibly wrong. With this we know that the invalidation path of __kvm_set_memory_region is always for a delete or move and never for adding a zero size slot. Signed-off-by: Alex Williamson alex.william...@redhat.com --- virt/kvm/kvm_main.c |9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 6e8fa7e..e426704 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, new.npages = npages; new.flags = mem-flags; - /* Disallow changing a memory slot's size. */ + /* + * Disallow changing a memory slot's size or changing anything about + * zero sized slots that doesn't involve making them non-zero. + */ r = -EINVAL; if (npages old.npages npages != old.npages) goto out_free; + if (!npages !old.npages) + goto out_free; /* General sanity checks */ if (mem-memory_size (PAGE_SIZE - 1)) goto out; if (mem-guest_phys_addr (PAGE_SIZE - 1)) goto out; if (mem-guest_phys_addr + mem-memory_size mem-guest_phys_addr) goto out; If mem-memory_size is zero, then check above fails. Err, no read a = while writing that. ;) Thanks for the double check, Alex If mem-memory_size 0, it must be at least PAGE_SIZE, in which case npages == 1. Which means the code does not allow changes to non-existing slots. Yes? -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
The API documentation states: When changing an existing slot, it may be moved in the guest physical memory space, or its flags may be modified. An "existing slot" requires a non-zero npages (memory_size). The only transition we should therefore allow for a non-existing slot should be to create the slot, which includes setting a non-zero memory_size. We currently allow calls to modify non-existing slots, which is pointless, confusing, and possibly wrong. With this we know that the invalidation path of __kvm_set_memory_region is always for a delete or move and never for adding a zero size slot. Signed-off-by: Alex Williamson --- virt/kvm/kvm_main.c |9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 6e8fa7e..e426704 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, new.npages = npages; new.flags = mem->flags; - /* Disallow changing a memory slot's size. */ + /* +* Disallow changing a memory slot's size or changing anything about +* zero sized slots that doesn't involve making them non-zero. +*/ r = -EINVAL; if (npages && old.npages && npages != old.npages) goto out_free; + if (!npages && !old.npages) + goto out_free; /* Check for overlaps */ r = -EEXIST; @@ -775,7 +780,7 @@ int __kvm_set_memory_region(struct kvm *kvm, r = -ENOMEM; /* Allocate if a slot is being created */ - if (npages && !old.npages) { + if (!old.npages) { new.user_alloc = user_alloc; new.userspace_addr = mem->userspace_addr; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2 01/10] kvm: Restrict non-existing slot state transitions
The API documentation states: When changing an existing slot, it may be moved in the guest physical memory space, or its flags may be modified. An existing slot requires a non-zero npages (memory_size). The only transition we should therefore allow for a non-existing slot should be to create the slot, which includes setting a non-zero memory_size. We currently allow calls to modify non-existing slots, which is pointless, confusing, and possibly wrong. With this we know that the invalidation path of __kvm_set_memory_region is always for a delete or move and never for adding a zero size slot. Signed-off-by: Alex Williamson alex.william...@redhat.com --- virt/kvm/kvm_main.c |9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 6e8fa7e..e426704 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -753,10 +753,15 @@ int __kvm_set_memory_region(struct kvm *kvm, new.npages = npages; new.flags = mem-flags; - /* Disallow changing a memory slot's size. */ + /* +* Disallow changing a memory slot's size or changing anything about +* zero sized slots that doesn't involve making them non-zero. +*/ r = -EINVAL; if (npages old.npages npages != old.npages) goto out_free; + if (!npages !old.npages) + goto out_free; /* Check for overlaps */ r = -EEXIST; @@ -775,7 +780,7 @@ int __kvm_set_memory_region(struct kvm *kvm, r = -ENOMEM; /* Allocate if a slot is being created */ - if (npages !old.npages) { + if (!old.npages) { new.user_alloc = user_alloc; new.userspace_addr = mem-userspace_addr; -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/