Received: by 10.213.65.68 with SMTP id h4csp2847307imn;
        Mon, 9 Apr 2018 09:58:41 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49IxURmaV1Tn5E1A5DB/6oGTIE9dlzfh7U1stcYAm8ywHvcj0oOLD4WlD5DW6xE6jLmvKmP
X-Received: by 2002:a17:902:481:: with SMTP id e1-v6mr39502793ple.377.1523293121881;
        Mon, 09 Apr 2018 09:58:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523293121; cv=none;
        d=google.com; s=arc-20160816;
        b=iJvRiJZxFPTS7cWftZ8TZSd9X+E4mMD5p054nIXnkYZHZ7vv3mClCTxiMn7jOofhvz
         /Fx0w1FRzooFi76oQUgF30GiJWpGjqdMB5J+zHIU5B9yMGyMoTduo+1OhWrRH17NvQ8W
         5FRW+pITrtMmiw5lJXCL9qT+t9P0aFj4Eue/3HB2gCHcWOruOxaGCt04DbnhMV8s5XsT
         3R0xAXqSlCK+fykDMyD9GaNfT3Eq4ffhXpp0+OEh2ZtjaGnxEq4DuZvX38NCTdsIJGG3
         vPiF22sL3RzEQ60l2WBlAUSfo1TVdQjmL538OfU3u0uyTKTV0Vfp0ZNBmUqC5cMg6FcA
         Lrug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=CCx0l+8+DVys+QRiwYD+L96+9Tm9Q09ns+MEbAkMf4U=;
        b=V3lXY7hG/TUSL0GYlFBWEqg95bG3b406ltQW92B5HytebmfssIP00vka1ihSsyEqqP
         a3hsmXD78EvaaTmoy3ZoVOIp16z8x8VJ1Z30bSGdllDt7fpAQZgfcYigwjslHh9aaCBc
         QbPyZLmqND2G2IUEcjcr6On4LnP+Er+csWTiaXrKJvCmpz3aS1oCLJYX7oAnS18cljKJ
         ilz33N95FW3VYo/EhJBOYCMI7C6CCC1ZMnYc66u85wqDDXyUIsC95+veG94DAiiGOL3+
         s9B5xxK+v1DsDugb0GpZKOphZr3He5QvzeZrBWsMXezpczChQm99ThrX95MXPxTaMB59
         wYTg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=oKf2taU8;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=ddBM0NAE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j8si450489pgt.582.2018.04.09.09.58.04;
        Mon, 09 Apr 2018 09:58:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=oKf2taU8;
       dkim=fail header.i=@linux-foundation.org header.s=google header.b=ddBM0NAE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753780AbeDIQwR (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Mon, 9 Apr 2018 12:52:17 -0400
Received: from mail-it0-f45.google.com ([209.85.214.45]:40845 "EHLO
        mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753097AbeDIQwP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 9 Apr 2018 12:52:15 -0400
Received: by mail-it0-f45.google.com with SMTP id u62-v6so11100824ita.5;
        Mon, 09 Apr 2018 09:52:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=CCx0l+8+DVys+QRiwYD+L96+9Tm9Q09ns+MEbAkMf4U=;
        b=oKf2taU8q+PrB1xrs/3NjUnSroDwf1esLAIWOOhz0S27pdCmElIpb0HmvdQ95ZhJAE
         AUehih71XRw9nxEhrhNfZskSd6oruk19uq7YhH/AJXfv3SVNBMyn/Akuw5cFLsUxAc0Q
         moEjcIh16GsEfNor/DKKQhVo8pABqziv+lEEM1Bx28i3bH7I0WQw5XIb2ji8qlNYCVSJ
         dgflL7HIu3+nj+w8/klpeKxH/2SjcxRDXy6T4eUAbMoISJuNr7R0qIBhHT5vfOJnAoS0
         vGRlKrNVhDkQlZzVZ9ilXpeQMC02Z3XYW1Ydd7HxS/ScP45vA7G+l1ieZ4yWK+ophMM5
         +YLQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=CCx0l+8+DVys+QRiwYD+L96+9Tm9Q09ns+MEbAkMf4U=;
        b=ddBM0NAE7jfOv6M6UgcnkSnUZK/ruWQNy5xFdBICL6D8QKzjJhlhVPhUqTd2qfJcGG
         k7htWw7EcPf53tVha15hJ516qgw9+eAWHRev8ak79TjBffpC9jEW/fIIkDZSXOlvUJNo
         7gMMekyJerk1cF1F+Pj/6dE8n/Hy+9iUZ8rrQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=CCx0l+8+DVys+QRiwYD+L96+9Tm9Q09ns+MEbAkMf4U=;
        b=WPlqX+zIvsLPO/Lh76OJuQCbkyM41/IsKNeTgZvdMo6z3bipr2g3+WhJVlTURE6Ix/
         K3CLNrNP97ElEW5pIj2UOpN3Cxk6nRFV3hJXFlLOnfI96BwXUBCwBqyHhBjLt0iQYG5X
         x0/Jtp4FETAXkWrvilHWOcdQWOhe4vIXzS8Cn4BpiwSlAuDAFv/rhW7Q8dhEG+V56GfY
         IsDz2Ht1hHX5LvbhpoOfOV7K0W368x4NyrYRFRzOdXa1faz4L1wCU35T+pQASiFf9/uf
         9tcNNM1vGP9Ky9z1UqDOO/A8c9VO1XtWecmt9qqftkf0pI+X2WF/innfdb1j1zlBcTEB
         nGIw==
X-Gm-Message-State: ALQs6tAf6M7s/1/wX6FppP7NlrwH1DsnXLmYAG6IvshcSR3J6CuMcIBX
        QviYiJEdoMr/wWvSu1nPovqqx4Ll0SAV+I8abaI=
X-Received: by 2002:a24:5852:: with SMTP id f79-v6mr858365itb.108.1523292734494;
 Mon, 09 Apr 2018 09:52:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.95.15 with HTTP; Mon, 9 Apr 2018 09:52:13 -0700 (PDT)
In-Reply-To: <20180409131021.5132-1-stefanha@redhat.com>
References: <20180409131021.5132-1-stefanha@redhat.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon, 9 Apr 2018 09:52:13 -0700
X-Google-Sender-Auth: _1Tw3hgvuTV6BmskJ5P9d7zVCkE
Message-ID: <CA+55aFzJ_JPtU5SjAHHv--p3ZcAw4gVidxvrLLZF7w+kbHCNdg@mail.gmail.com>
Subject: Re: [PATCH] vhost: fix vhost_vq_access_ok() log check
To:     Stefan Hajnoczi <stefanha@redhat.com>
Cc:     virtualization <virtualization@lists.linux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jason Wang <jasowang@redhat.com>,
        KVM list <kvm@vger.kernel.org>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 9, 2018 at 6:10 AM, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> @@ -1246,7 +1246,7 @@ int vhost_vq_access_ok(struct vhost_virtqueue *vq)
>  {
>         int ret = vq_log_access_ok(vq, vq->log_base);
>
> -       if (ret || vq->iotlb)
> +       if (!ret || vq->iotlb)
>                 return ret;

That logic is still very non-obvious.

This code already had one bug because of an odd illegible test
sequence. Let's not keep the crazy code.

Why not just do the *obvious* thing, and get rid of "ret" entirely,
and make the damn thing return a boolean, and then just write it all
as

    /* Caller should have vq mutex and device mutex */
    bool vhost_vq_access_ok(struct vhost_virtqueue *vq)
    {
            if (!vq_log_access_ok(vq, vq->log_base))
                    return false;

            if (vq->iotlb || vq_access_ok(vq, vq->num, vq->desc,
vq->avail, vq->used);
    }

which makes the logic obvious: if vq_log_access_ok() fails, then then
vhost_vq_access_ok() fails unconditionally.

Otherwise, we need to have an iotlb, or a successful vq_access_ok() check.

Doesn't that all make more sense, and avoid the insane "ret" value use
that is really quite subtle?

                    Linus