Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1282183pxb; Fri, 21 Jan 2022 14:16:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJzjGYyvl5r0rNolRDTjMsqihB38g6lmgCNfsx4/gnRySjHGi7wxs99M13s8irKm/oXHi9RW X-Received: by 2002:a63:6b81:: with SMTP id g123mr4385919pgc.140.1642803379084; Fri, 21 Jan 2022 14:16:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642803379; cv=none; d=google.com; s=arc-20160816; b=lEv6hmhF5Anf8xwFME+iDUazxn8jfs9vshcT+4ORW04raP9cdI8kdMLjvS4LZgm82Y 4S6Ufa73+4/U5R5lzrvb97ve4KT2JIh2WArwzf0JmVI3G22E6zFLI5L8BF/SxUe5aaBj m3Hwm+viBP1Ml8tlP6sxhuGaU6cdPYMqzGsq648wgSj0u8uS1sdVOm87b7AgFwq0SJFw 2vc9vK3O6+Y3Y9LIeqVxGeELRubukpCLb9k9TBhVb6QGhpxnvsz4u5kukqdcMwbSp8mf tyQhzK4CvRSddNuA7+qG6zQfRfEHHwsRJnTmV2rfLYdeT1SLqq0cY1PifpajWc/zEFKl DkMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:user-agent :references:organization:in-reply-to:subject:cc:to:from :dkim-signature; bh=D378avGhHf7Yew8dpU8oH0FTT2ZH+6InHr9T5zdsY3g=; b=h9k36pJy5wUYgRBuqzc/8wAxHu2lxP00NG8dOoO0H/7jdP/F1S0b145qiTvA3Txt3z TODT1QgL00U121uKCKc5xhbauFRpVl+X75B1koVHHmyH5FFHSJqORCu1UV6wtlPk70v/ 9L/IV7jz7sRVeCxk7D6QRAltwyXWj0RDXrsqHImOmaT0WuHx68Rwa+giwOlmSoSqyyag QSoer418M/4fCN7NsNSo8otAehrHwaAzen5LwcUsLxYjs7RY9m0N1d/3ak3+pFGLv3oQ 1K0shLUPz4Ehwze/K/Q9mK+DkD2V4wr1M0YFAedwwxGs4vtMnqfir3eGxPZ8G+Bg1/LL vwbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iAUwRInT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j37si7672675pgl.797.2022.01.21.14.16.07; Fri, 21 Jan 2022 14:16:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=iAUwRInT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352167AbiATOfK (ORCPT + 99 others); Thu, 20 Jan 2022 09:35:10 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:23519 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345839AbiATOfI (ORCPT ); Thu, 20 Jan 2022 09:35:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642689308; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=D378avGhHf7Yew8dpU8oH0FTT2ZH+6InHr9T5zdsY3g=; b=iAUwRInTTkcxnkbZxUKJZYK059F/qAAjMZs8KgtJPJXZiJl//LocofPzxmW6bi8oWNg9PF eG7nZkQwu5ONx0KgE3r+itU65Fa6c/cSnSfaaH/VE1Z6NCfOBHvkpQhzzqosMQdcfzkbOW zj58v8wpxWVNdypZdPsbuUHoQIxiQEQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-122-Aati9j2NM7e9FDZ-ofjW4g-1; Thu, 20 Jan 2022 09:35:05 -0500 X-MC-Unique: Aati9j2NM7e9FDZ-ofjW4g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0D3461926DA0; Thu, 20 Jan 2022 14:35:04 +0000 (UTC) Received: from localhost (unknown [10.39.195.4]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A092678AB2; Thu, 20 Jan 2022 14:35:03 +0000 (UTC) From: Cornelia Huck To: "Michael S. Tsirkin" , linux-kernel@vger.kernel.org Cc: Jason Wang , virtualization@lists.linux-foundation.org, stable@vger.kernel.org, Halil Pasic Subject: Re: [PATCH v2 2/2] virtio: acknowledge all features before access In-Reply-To: <20220118170225.30620-2-mst@redhat.com> Organization: Red Hat GmbH References: <20220118170225.30620-1-mst@redhat.com> <20220118170225.30620-2-mst@redhat.com> User-Agent: Notmuch/0.34 (https://notmuchmail.org) Date: Thu, 20 Jan 2022 15:35:01 +0100 Message-ID: <87h79ycw6i.fsf@redhat.com> MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 18 2022, "Michael S. Tsirkin" wrote: > The feature negotiation was designed in a way that > makes it possible for devices to know which config > fields will be accessed by drivers. > > This is broken since commit 404123c2db79 ("virtio: allow drivers to > validate features") with fallout in at least block and net. We have a > partial work-around in commit 2f9a174f918e ("virtio: write back > F_VERSION_1 before validate") which at least lets devices find out which > format should config space have, but this is a partial fix: guests > should not access config space without acknowledging features since > otherwise we'll never be able to change the config space format. > > To fix, split finalize_features from virtio_finalize_features and > call finalize_features with all feature bits before validation, > and then - if validation changed any bits - once again after. > > Since virtio_finalize_features no longer writes out features > rename it to virtio_features_ok - since that is what it does: > checks that features are ok with the device. > > As a side effect, this also reduces the amount of hypervisor accesses - > we now only acknowledge features once unless we are clearing any > features when validating (which is uncommon). > > Cc: stable@vger.kernel.org > Fixes: 404123c2db79 ("virtio: allow drivers to validate features") > Fixes: 2f9a174f918e ("virtio: write back F_VERSION_1 before validate") > Cc: "Halil Pasic" > Signed-off-by: Michael S. Tsirkin > > fixup! virtio: acknowledge all features before access Leftover from rebasing? > --- > drivers/virtio/virtio.c | 39 ++++++++++++++++++++--------------- > include/linux/virtio_config.h | 3 ++- > 2 files changed, 24 insertions(+), 18 deletions(-) Reviewed-by: Cornelia Huck Would like to see a quick sanity test from Halil, though.