Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp38719pxb; Fri, 29 Oct 2021 05:27:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzMr/CKbP1TXQDllPNL1C0Z6meE3i3EXB4xMfDk3tFyVsXrpc0//HFdy3h/OfEcJE8MJDu+ X-Received: by 2002:aa7:ce0a:: with SMTP id d10mr7433045edv.201.1635510449264; Fri, 29 Oct 2021 05:27:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635510449; cv=none; d=google.com; s=arc-20160816; b=i2po7L65IHFunhqyJdDN9m/F94YbX8AquUC/DykuUM4OhCs9lhPXipKQwMIpmU2j5Y QB50vKfuEvT6ojrciSkb/0TV1t5JbJxnlbdx5VIThvEnAVP7mqKid5tkDNxoXF0rIDTH qCHyA0NcpLJkD28Mzj3A7f5l1taJnSEHBoG2pnYMqBSwZrCiM1NGoy4jCukcwmofuwjx Z1yl/vW9K+yLYBIrHCwERMazUu16cw7USdKmrbImbjXJF3LL0BDRYqI3WmvOKoYeOGRD 8gzHtxeT+VUFTPN8SBFH6P0iFW7DOvFnVyZCTM6EBkg4mLJEk04JXdthx3/VtzLZph7a nnmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=RZHGWtu1aosFk7Zxe6m47+9uQq7KcFZHkqCC1tNlnns=; b=W4UCEsEmPF0dVokG0lIapKweMUmXOmT7OmWyqWC3Plks+YTSPvu6AoPbGFZOow2dMH CKW9lll8TcElqSfyqKQXyLCfVLIqu+cegw6utzgq65aWLsTqP6TO/1Zk/4FvaJLGwcwg LwqLCOgi5Kl4znO3zpnlj0WebYTx/INEbeLtGSKD1ZGfZ6HU/xMWstKmGE3bI9w0Xozz 3zaI2ndkeYM3aBX+c5TLoDJ2f1Shkr9gcXf3tZg3gKXYUmcKLqZJ00Ftd6JKQ0oE4eyf tm+vPducItaTZFqCoQ0SoJT/9gS1OmH6ze0lXiiZNVfrHCBT5UnRa2lMspqpjVsn42XU GSxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@axis.com header.s=axis-central1 header.b=mFTXIs3h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=axis.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jr21si7667942ejb.14.2021.10.29.05.27.05; Fri, 29 Oct 2021 05:27:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@axis.com header.s=axis-central1 header.b=mFTXIs3h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=axis.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231403AbhJ2M1V (ORCPT + 99 others); Fri, 29 Oct 2021 08:27:21 -0400 Received: from smtp2.axis.com ([195.60.68.18]:7911 "EHLO smtp2.axis.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230134AbhJ2M1U (ORCPT ); Fri, 29 Oct 2021 08:27:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axis.com; q=dns/txt; s=axis-central1; t=1635510292; x=1667046292; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=RZHGWtu1aosFk7Zxe6m47+9uQq7KcFZHkqCC1tNlnns=; b=mFTXIs3hJ0T6oQjGsXPMALj9y2bS+D3a0wdMNVvdLdJiYjZXKRYBRkno X8fJAgyBDXVI3K4Sb8PrS0nHz4DnrkIP4w7SWva2T9WgiGgqas3EkfoJf KEw8YS+wkdnO7ktubjL/Uh/kID2ioClYT1lzZ3z+N1siNln88hx+DZQeV ayChHvU2hXLX5LC9IEud0m8clPHoBqYg2etzRdSjrFQoa3F7WFEwIRYGu h6ROMMPKv2Stbt1d3mgNtyveXuL6vXXyj605hmCtEfASHzt0OMGWDU5zb ERdcpd9cLlckQYy5mVXe3e3atR4CdvQeu5yaJHgw5LIFiuGibkk6Ije+J Q==; Date: Fri, 29 Oct 2021 14:24:51 +0200 From: Vincent Whitchurch To: Jie Deng CC: Viresh Kumar , Greg KH , Wolfram Sang , "virtualization@lists.linux-foundation.org" , "linux-i2c@vger.kernel.org" , "linux-kernel@vger.kernel.org" , kernel Subject: Re: [PATCH 1/2] i2c: virtio: disable timeout handling Message-ID: <20211029122450.GB24060@axis.com> References: <20211019143748.wrpqopj2hmpvblh4@vireshk-i7> <94aa39ab-4ed6-daee-0402-f58bfed0cadd@intel.com> <8e182ea8-5016-fa78-3d77-eefba7d58612@intel.com> <20211020064128.y2bjsbdmpojn7pjo@vireshk-i7> <01d9c992-28cc-6644-1e82-929fc46f91b4@intel.com> <20211020105554.GB9985@axis.com> <20211020110316.4x7tnxonswjuuoiw@vireshk-i7> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 21, 2021 at 05:30:28AM +0200, Jie Deng wrote: > On 2021/10/20 19:03, Viresh Kumar wrote: > > On 20-10-21, 12:55, Vincent Whitchurch wrote: > >> If the timeout cannot be disabled, then the driver should be fixed to > >> always copy buffers and hold on to them to avoid memory corruption in > >> the case of timeout, as I mentioned in my commit message. That would be > >> quite a substantial change to the driver so it's not something I'm > >> personally comfortable with doing, especially not this late in the -rc > >> cycle, so I'd leave that to others. > > Or we can avoid clearing up and freeing the buffers here until the > > point where the buffers are returned by the host. Until that happens, > > we can avoid taking new requests but return to the earlier caller with > > timeout failure. That would avoid corruption, by freeing buffers > > sooner, and not hanging of the kernel. > > It seems similar to use "wait_for_completion". If the other side is > hacked, the guest may never get the buffers returned by the host, > right ? Note that it is trivial for the host to DoS the guest. All the host has to do is stop responding to I/O requests (I2C or others), then the guest will not be able to perform its intended functions, regardless of whether this particular driver waits forever or not. Even TDX (which Greg mentioned) does not prevent that, see: https://lore.kernel.org/virtualization/?q=tdx+dos > For this moment, we can solve the problem by using a hardcoded big > value or disabling the timeout. Is that an Acked-by on this patch which does the latter? > Over the long term, I think the backend should provide that timeout > value and guarantee that its processing time should not exceed that > value. If you mean that the spec should be changed to allow the virtio driver to be able to program a certain timeout for I2C transactions in the virtio device, yes, that does sound reasonable.