qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v4 0/9] virtio: avoid inappropriate QEMU termination


From: Greg Kurz
Subject: [Qemu-devel] [PATCH v4 0/9] virtio: avoid inappropriate QEMU termination in device code
Date: Fri, 30 Sep 2016 17:12:32 +0200
User-agent: StGit/0.17.1-dirty

Since commit "f5ed36635d8f virtio: stop virtqueue processing if device is
broken", QEMU has the ability to deactivate a virtio device that has hit
an unrecoverable issue. This is performed by calling the virtio_error()
function, which can also print an error message to the QEMU monitor.

The device-specific virtio code has many locations where exit() is called
because the guest sent malformed requests. This is suboptimal: the guest OS
may try to recover by resetting the device or at worse do a fast-reboot,
which is probably better than putting down the entire machine. Also, as
mentioned by Stefan Hajnoczi, this could be used by a malicious nested
guest with a passed through device to kill the parent QEMU, and thus all
its sibling VMs.

This series converts all the affected exit() call sites in the device-specific
code to call virtio_error() instead. Note that virtio-9p currently calls
assert() instead of exit(), but since this is exactly the same issue, it
is also converted.

The offending VirtQueueElement, and any previously received but still
unprocessed VirtQueueElement, are detached from the virtqueue and freed
altogether. This part requires the following patch, which is not upstream
yet:

        virtio: add virtio_detach_element()

Message-Id: <address@hidden>

Next work will be to check all assert() call sites in the device-specific code,
in case some of them actually refer to a bug in the guest, and should be
converted to use virtio_error() as well.

It is based on the virtio maintainer tree:

https://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git fb9f592623b0

and the "virtio: add virtio_detach_element()" patch mentionned above.

This v4 is basically the same as v3, with a trivial fix in patch 8/9.

Please apply.

---

Greg Kurz (9):
      virtio-9p: add parentheses to sizeof operator
      virtio-blk: make some functions static
      virtio-9p: handle handle_9p_output() error
      virtio-blk: handle virtio_blk_handle_request() errors
      virtio-net: handle virtio_net_handle_ctrl() error
      virtio-net: handle virtio_net_receive() errors
      virtio-net: handle virtio_net_flush_tx() errors
      virtio-scsi: convert virtio_scsi_bad_req() to use virtio_error()
      virtio-scsi: handle virtio_scsi_set_config() error


 hw/9pfs/virtio-9p-device.c     |   30 +++++++++++++++-----
 hw/block/virtio-blk.c          |   46 +++++++++++++++++++++----------
 hw/net/virtio-net.c            |   60 +++++++++++++++++++++++++---------------
 hw/scsi/virtio-scsi.c          |   51 +++++++++++++++++++++++-----------
 include/hw/virtio/virtio-blk.h |    8 -----
 5 files changed, 128 insertions(+), 67 deletions(-)

--
Greg




reply via email to

[Prev in Thread] Current Thread [Next in Thread]