Returning EMFILE (process has too many open files) is incorrect to
indicate a port is already open by another process. Use EBUSY for that.
This does change what we report to userspace, but I believe userspace
can look at it this way: it gets EBUSY, a new error code, instead of
EMFILE. It's still
On Wed, 2013-04-10 at 15:06 +0800, Asias He wrote:
> v2:
> - Fix the order of out and head parameter.
>
> Asias He (4):
> tcm_vhost: Remove double check of response
> tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq
> tcm_vhost: Add vhost_scsi_send_bad_target() helper
> tcm_vhost: Send b
Make a copy of the IDT (as seen via the "sidt" instruction) read-only.
This primarily removes the IDT from being a target for arbitrary memory
write attacks, and has the added benefit of also not leaking the kernel
base offset, if it has been relocated.
We already did this on vendor == Intel and f
On 04/10/2013 02:42 AM, Jan Beulich wrote:
>
>> However, the packing solution has the advantage of reducing address
>> space consumption which matters on 32 bits: even on i386 we can easily
>> burn a megabyte of address space for 4096 processors, but burning 16
>> megabytes starts to hurt.
>
> Pa
On 04/10/2013 09:31 AM, Eric Northup wrote:
>>
>> If the effect is measurable I agree it is a legitimate optimization. At
>> one point there was a suggestion to make the code in the IDT vectors
>> differ based on the which interrupt was registed. While that can also
>> reduce cache misses that ca
On Wed, Apr 10, 2013 at 3:40 AM, Eric W. Biederman
wrote:
> Ingo Molnar writes:
>
>> * Eric W. Biederman wrote:
>>
>>> "H. Peter Anvin" writes:
>>>
>>> > On 04/08/2013 03:43 PM, Kees Cook wrote:
>>> >> This makes the IDT unconditionally read-only. This primarily removes
>>> >> the IDT from bein
Right... the TSS does get written to during a task switch.
Jan Beulich wrote:
On 10.04.13 at 02:43, "H. Peter Anvin" wrote:
>> OK, thinking about the GDT here.
>>
>> The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As
>> such, we probably don't want to allocate a full pa
Ingo Molnar writes:
> * Eric W. Biederman wrote:
>
>> "H. Peter Anvin" writes:
>>
>> > On 04/08/2013 03:43 PM, Kees Cook wrote:
>> >> This makes the IDT unconditionally read-only. This primarily removes
>> >> the IDT from being a target for arbitrary memory write attacks. It has
>> >> an added
* Eric W. Biederman wrote:
> "H. Peter Anvin" writes:
>
> > On 04/08/2013 03:43 PM, Kees Cook wrote:
> >> This makes the IDT unconditionally read-only. This primarily removes
> >> the IDT from being a target for arbitrary memory write attacks. It has
> >> an added benefit of also not leaking (
* H. Peter Anvin wrote:
> On 04/09/2013 11:22 AM, Kees Cook wrote:
> >
> > Can we create a RO fixed per-cpu area?
> >
>
> "Fixed" and "percpu" are mutually exclusive...
There's a fixmap area that holds kmap_atomic() percpu mappings:
FIX_KMAP_BEGIN, /* reserved pte's for temporary ke
>>> On 10.04.13 at 02:43, "H. Peter Anvin" wrote:
> OK, thinking about the GDT here.
>
> The GDT is quite small -- 256 bytes on i386, 128 bytes on x86-64. As
> such, we probably don't want to allocate a full page to it for only
> that. This means that in order to create a readonly mapping we ha
* Kees Cook wrote:
> > That's the area in which we just map 1:1 to memory. Anything allocated
> > with
> > e.g. kmalloc() ends up with those addresses.
>
> Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables reports.
> It's
> just the High Kernel Mapping that we care about. A
Send bad target to guest in case:
1) we can not allocate the cmd
2) fail to submit the cmd
Signed-off-by: Asias He
---
drivers/vhost/tcm_vhost.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index 1bb0fb4..957
Share the send bad target code with other use cases.
Signed-off-by: Asias He
---
drivers/vhost/tcm_vhost.c | 31 ++-
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index 210d59e..1bb0fb4 100644
---
If we fail to submit the allocated tv_vmd to tcm_vhost_submission_work,
we will leak the tv_vmd. Free tv_vmd on fail path.
Signed-off-by: Asias He
---
drivers/vhost/tcm_vhost.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/
We did the length of response check twice.
Signed-off-by: Asias He
---
drivers/vhost/tcm_vhost.c | 9 -
1 file changed, 9 deletions(-)
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index c127731..28c112f 100644
--- a/drivers/vhost/tcm_vhost.c
+++ b/drivers/vhost/tcm
v2:
- Fix the order of out and head parameter.
Asias He (4):
tcm_vhost: Remove double check of response
tcm_vhost: Fix tv_cmd leak in vhost_scsi_handle_vq
tcm_vhost: Add vhost_scsi_send_bad_target() helper
tcm_vhost: Send bad target to guest when cmd fails
drivers/vhost/tcm_vhost.c | 53
17 matches
Mail list logo
