Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp89978yba; Fri, 5 Apr 2019 02:38:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1Xpz+MB2RzOHMu4dJhRtzMXxPWFvTai8Wpuhz4HCtpohbVrxhF5rQRHVwb/Qu0CczrLPn X-Received: by 2002:a65:5183:: with SMTP id h3mr10967151pgq.53.1554457106001; Fri, 05 Apr 2019 02:38:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554457105; cv=none; d=google.com; s=arc-20160816; b=zLCI6jJe8/aa3J3RVz4FD19p5OKe+pwPg+UWMUz5IozklOyFKqVZa8QA8qoz7+znjz fqn9m2wNpX54981UERxhDRxlYwJOFiTVdY8VsnM2WjMaXpb4OiR/6YOFdO48Ld6RpNwf 9p+Aa5MwgXUYNmtFQSUkNIPlSksURHmG9Uy98VVgFkSTN67bsXtHH8WysfMNwxLMWWXT cP2HhmzTGLMC18URLrt7JmqKsKxaa+3S1CqnGNiIVFYxpvWrSx8tyVN6wKMR1TWa7KRD 462WGKCoBYu66XW9G10zY4J8OyKCKAUfLWzi4tFvF61Lq0RZDYBq4AQtyB4tTSf0lGA2 XF9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=7t2YhM9bMG5fr2PiPX7uI0h0i6e4KRRmywuGCr6x+QI=; b=I9DcxkQ/IBZLz1nNEVEW1MFEhLCYaws13USx2i7Y5P9MlTHNyEsLUnI3MeJmSri8Df Q4YCEckuXrxxM+HlL05y75hdFHMi7gBZKd+9Z1cjJuF0labvCUXjGqUxxv24CZjSPQvq Ni6tnOT/nWNNGrnkfivBjrful7M9ZFmaynl76ChoafiqP+nesl0mfqQPfb+t/0mh/Ipk pirDinF57WWfkUt9kiIBe5mcktqBvSoje6XTDUGgwLQOJcELQsEThjPIazjpGEpyonxi hFI4XDbuK6kYxqZZmmU8qfq2X4PxmA/cv2rLz6YOC/2sPSheoBCagz9KXplytkpXU3B1 bPYw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1si10422762plp.120.2019.04.05.02.38.10; Fri, 05 Apr 2019 02:38:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730702AbfDEJgO (ORCPT + 99 others); Fri, 5 Apr 2019 05:36:14 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:51555 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730292AbfDEJgN (ORCPT ); Fri, 5 Apr 2019 05:36:13 -0400 Received: by mail-wm1-f65.google.com with SMTP id 4so5947304wmf.1 for ; Fri, 05 Apr 2019 02:36:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=7t2YhM9bMG5fr2PiPX7uI0h0i6e4KRRmywuGCr6x+QI=; b=eXE/lYth804hvzoYavBL4/qDEyT9Mxnm7Tq7OE3JzITWWrRN236ybvUypBOeOlDT2b hu2R+PggqdEMnc+O+oI/+797iO0SWXz/dxView/KiNE+BFs6z1uVCvhJZtQreD1w0bFu 9dxRNRAlUXQEL/CRqneD+cuDOEcFVNBra45DsGwzdfQ95nIpejFeAle+jAxwB74GbRdF snsu8XqZsbQQdlS6V3WcT1ryt7Z6C/fR79iWyv8XKDPh7VOzhT2l5yhJKlgm6v/7ovQ3 Mw7gCN5x7lQiWhMvOoqWwlB0Aa0HLpQ/V6Ucmv63C2dlt2DHaPZMjd87nFFt3jXkjvf6 ZGMQ== X-Gm-Message-State: APjAAAWg9sfB87xTZjDdTGq/IDR98RbKwvDigwi7PVTCN/gy8GssLVjp cNnnGS1eCp92eXJ9DQ8WpTURXw== X-Received: by 2002:a7b:c446:: with SMTP id l6mr3818705wmi.80.1554456971831; Fri, 05 Apr 2019 02:36:11 -0700 (PDT) Received: from steredhat (host35-203-static.12-87-b.business.telecomitalia.it. [87.12.203.35]) by smtp.gmail.com with ESMTPSA id y133sm3029692wmd.2.2019.04.05.02.36.10 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 05 Apr 2019 02:36:10 -0700 (PDT) Date: Fri, 5 Apr 2019 11:36:08 +0200 From: Stefano Garzarella To: Stefan Hajnoczi Cc: netdev@vger.kernel.org, Jason Wang , "Michael S. Tsirkin" , Stefan Hajnoczi , kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, "David S. Miller" Subject: Re: [PATCH RFC 2/4] vhost/vsock: split packets to send using multiple buffers Message-ID: <20190405093608.f2zsyxnjxcba5v6r@steredhat> References: <20190404105838.101559-1-sgarzare@redhat.com> <20190404105838.101559-3-sgarzare@redhat.com> <20190405081356.GC25152@stefanha-x1.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190405081356.GC25152@stefanha-x1.localdomain> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 05, 2019 at 09:13:56AM +0100, Stefan Hajnoczi wrote: > On Thu, Apr 04, 2019 at 12:58:36PM +0200, Stefano Garzarella wrote: > > @@ -139,8 +139,18 @@ vhost_transport_do_send_pkt(struct vhost_vsock *vsock, > > break; > > } > > > > - len = iov_length(&vq->iov[out], in); > > - iov_iter_init(&iov_iter, READ, &vq->iov[out], in, len); > > + payload_len = pkt->len - pkt->off; > > + iov_len = iov_length(&vq->iov[out], in); > > + iov_iter_init(&iov_iter, READ, &vq->iov[out], in, iov_len); > > + > > + /* If the packet is greater than the space available in the > > + * buffer, we split it using multiple buffers. > > + */ > > + if (payload_len > iov_len - sizeof(pkt->hdr)) > > Integer underflow. iov_len is controlled by the guest and therefore > untrusted. Please validate iov_len before assuming it's larger than > sizeof(pkt->hdr). > Okay, I'll do it! > > - vhost_add_used(vq, head, sizeof(pkt->hdr) + pkt->len); > > + vhost_add_used(vq, head, sizeof(pkt->hdr) + payload_len); > > added = true; > > > > + pkt->off += payload_len; > > + > > + /* If we didn't send all the payload we can requeue the packet > > + * to send it with the next available buffer. > > + */ > > + if (pkt->off < pkt->len) { > > + spin_lock_bh(&vsock->send_pkt_list_lock); > > + list_add(&pkt->list, &vsock->send_pkt_list); > > + spin_unlock_bh(&vsock->send_pkt_list_lock); > > + continue; > > The virtio_transport_deliver_tap_pkt() call is skipped. Packet capture > should see the exact packets that are delivered. I think this patch > will present one large packet instead of several smaller packets that > were actually delivered. I'll modify virtio_transport_build_skb() to take care of pkt->off and reading the payload size from the virtio_vsock_hdr. Otherwise, should I introduce another field in virtio_vsock_pkt to store the payload size? Thanks, Stefano