[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ade007: contrib/rdmacm-mux: Fix out-of-bounds
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] ade007: contrib/rdmacm-mux: Fix out-of-bounds risk |
|
Date: |
Sun, 17 Mar 2019 06:59:41 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ade0075523478fa015afd5c6f6cc70681687818d
https://github.com/qemu/qemu/commit/ade0075523478fa015afd5c6f6cc70681687818d
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M contrib/rdmacm-mux/main.c
Log Message:
-----------
contrib/rdmacm-mux: Fix out-of-bounds risk
The function get_fd extract context from the received MAD message and
uses it as a key to fetch the destination fd from the mapping table.
A context can be dgid in case of CM request message or comm_id in case
of CM SIDR response message.
When MAD message with a smaller size as expected for the message type
received we are hitting out-of-bounds where we are looking for the
context out of message boundaries.
Fix it by validating the message size.
Reported-by Sam Smith <address@hidden>
Signed-off-by: Yuval Shaia <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: 4d71b38ae8fa436f1707fe98b469a9cea4079503
https://github.com/qemu/qemu/commit/4d71b38ae8fa436f1707fe98b469a9cea4079503
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_backend.h
M hw/rdma/rdma_rm.c
M hw/rdma/rdma_rm.h
M hw/rdma/rdma_utils.c
M hw/rdma/rdma_utils.h
M hw/rdma/trace-events
M hw/rdma/vmw/pvrdma.h
M hw/rdma/vmw/pvrdma_cmd.c
M hw/rdma/vmw/pvrdma_dev_ring.c
M hw/rdma/vmw/pvrdma_main.c
M hw/rdma/vmw/pvrdma_qp_ops.c
M hw/rdma/vmw/trace-events
Log Message:
-----------
hw/rdma: Switch to generic error reporting way
Utilize error_report for all pr_err calls and some pr_dbg that are
considered as errors.
For the remaining pr_dbg calls, the important ones were replaced by
trace points while other deleted.
Some of the functions got renamed to include prefix "rdma/pvrdma"
in the function name.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: b20fc7951084bb77e867d114c916e409c3a6821a
https://github.com/qemu/qemu/commit/b20fc7951084bb77e867d114c916e409c3a6821a
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_backend_defs.h
M hw/rdma/rdma_utils.c
M hw/rdma/rdma_utils.h
Log Message:
-----------
hw/rdma: Introduce protected qlist
To make code more readable move handling of protected list to a
rdma_utils
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: 2cfa95300908f401f5b9bdf3de734cf6228a2722
https://github.com/qemu/qemu/commit/2cfa95300908f401f5b9bdf3de734cf6228a2722
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_rm.c
M hw/rdma/rdma_rm_defs.h
Log Message:
-----------
hw/rdma: Protect against concurrent execution of poll_cq
The function rdma_poll_cq is called from two contexts - completion
handler thread which sense new completion on backend channel and
explicitly as result of guest issuing poll_cq command.
Add lock to protect against concurrent executions.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: c2dd117b38583f89d6a2e4a6dfc6d693990ffc39
https://github.com/qemu/qemu/commit/c2dd117b38583f89d6a2e4a6dfc6d693990ffc39
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_rm.c
M hw/rdma/rdma_rm_defs.h
M hw/rdma/vmw/pvrdma.h
M hw/rdma/vmw/pvrdma_cmd.c
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
hw/pvrdma: Collect debugging statistics
Add counters to enable enhance debugging
Signed-off-by: Yuval Shaia <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: f4b2c02a2911b164474b998532b1a963fc9b785b
https://github.com/qemu/qemu/commit/f4b2c02a2911b164474b998532b1a963fc9b785b
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hmp-commands-info.hx
M hmp.c
M hmp.h
M hw/rdma/Makefile.objs
A hw/rdma/rdma.c
M hw/rdma/rdma_rm.c
M hw/rdma/rdma_rm.h
M hw/rdma/vmw/pvrdma_main.c
A include/hw/rdma/rdma.h
Log Message:
-----------
{hmp, hw/pvrdma}: Expose device internals via monitor interface
Allow interrogating device internals through HMP interface.
The exposed indicators can be used for troubleshooting by developers or
sysadmin.
There is no need to expose these attributes to a management system (e.x.
libvirt) because (1) most of them are not "device-management' related
info and (2) there is no guarantee the interface is stable.
Signed-off-by: Yuval Shaia <address@hidden>
Acked-by: Dr. David Alan Gilbert <address@hidden>
Acked-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: ff30a446b1d13373d35417d77d80b11cfde3fc6c
https://github.com/qemu/qemu/commit/ff30a446b1d13373d35417d77d80b11cfde3fc6c
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
hw/rdma: Free all MAD receive buffers when device is closed
When device is going down free all saved MAD buffers.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: bf4414515b468c0a4ca69f1450bfe65418022955
https://github.com/qemu/qemu/commit/bf4414515b468c0a4ca69f1450bfe65418022955
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_backend.h
M hw/rdma/rdma_backend_defs.h
M hw/rdma/rdma_rm.c
M hw/rdma/rdma_utils.c
M hw/rdma/rdma_utils.h
Log Message:
-----------
hw/rdma: Free all receive buffers when QP is destroyed
When QP is destroyed the backend QP is destroyed as well. This ensures
we clean all received buffer we posted to it.
However, a contexts of these buffers are still remain in the device.
Fix it by maintaining a list of buffer's context and free them when QP
is destroyed.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: 3c890bcf3088689c4c5f883b5189646f5862a91f
https://github.com/qemu/qemu/commit/3c890bcf3088689c4c5f883b5189646f5862a91f
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_backend.h
M hw/rdma/vmw/pvrdma_qp_ops.c
Log Message:
-----------
hw/pvrdma: Delete unneeded function argument
The function's argument rdma_dev_res is not needed as it is stored in
the backend_dev object at init.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: a2f1dc6091e801514f955af255af89d440e762fc
https://github.com/qemu/qemu/commit/a2f1dc6091e801514f955af255af89d440e762fc
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
hw/pvrdma: Delete pvrdma_exit function
This hook is not called and was implemented by mistake.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: b556c3cefcedec0fc892239f017ef7ddaa515311
https://github.com/qemu/qemu/commit/b556c3cefcedec0fc892239f017ef7ddaa515311
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
hw/pvrdma: Unregister from shutdown notifier when device goes down
This hook was installed to close the device when VM is going down.
After the device is closed there is no need to be informed on VM
shutdown.
Signed-off-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: db8b88bf2cb5fc6bae421eb0be488e0047008438
https://github.com/qemu/qemu/commit/db8b88bf2cb5fc6bae421eb0be488e0047008438
Author: Yuval Shaia <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
hw/pvrdma: Provide correct value to object_get_typename
Use base object of PCIDevice in call to object_get_typename().
Signed-off-by: Yuval Shaia <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Kamal Heib <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: 59f911938fbaa6a5eff1146c8a4d74e1c55ecc2b
https://github.com/qemu/qemu/commit/59f911938fbaa6a5eff1146c8a4d74e1c55ecc2b
Author: Marcel Apfelbaum <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_rm_defs.h
Log Message:
-----------
hw/rdma: another clang compilation fix
Configuring QEMU with:
configure --target-list="x86_64-softmmu" --cc=clang --enable-pvrdma
Results in:
qemu/hw/rdma/rdma_rm_defs.h:108:3: error: redefinition of typedef
'RdmaDeviceResources' is a C11 feature [-Werror,-Wtypedef-redefinition]
} RdmaDeviceResources;
^
qemu/hw/rdma/rdma_backend_defs.h:24:36: note: previous definition is here
typedef struct RdmaDeviceResources RdmaDeviceResources;
Fix by removing one of the 'typedef' definitions.
Signed-off-by: Marcel Apfelbaum <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Kamal Heib <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: 7b6f6e8138a462e9b40b008d62c4e0852a5505b8
https://github.com/qemu/qemu/commit/7b6f6e8138a462e9b40b008d62c4e0852a5505b8
Author: Kamal Heib <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/trace-events
M hw/rdma/vmw/trace-events
Log Message:
-----------
hw/rdma: Fix broken paths to docs/devel/tracing.txt
The tracing.txt file is under "docs/devel" and not "docs".
Reviewed-by: Yuval Shaia <address@hidden>
Signed-off-by: Kamal Heib <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: 1373f4a8728372a2b50ae8e0e53ae79182c1da29
https://github.com/qemu/qemu/commit/1373f4a8728372a2b50ae8e0e53ae79182c1da29
Author: Kamal Heib <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
Log Message:
-----------
hw/rdma: Remove unused parameter from rdma_poll_cq()
The 'rdma_dev_res' parameter is not used in rdma_poll_cq(), so remove it.
Reviewed-by: Yuval Shaia <address@hidden>
Reviewed-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Kamal Heib <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: a421c81148925c31c0515aa9d4c543b34e632cea
https://github.com/qemu/qemu/commit/a421c81148925c31c0515aa9d4c543b34e632cea
Author: Kamal Heib <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/rdma_backend.c
M hw/rdma/vmw/pvrdma_cmd.c
M hw/rdma/vmw/pvrdma_qp_ops.c
Log Message:
-----------
hw/rdma: Use {} instead of {0}
Initialize structs with {} instead of {0} to make sure that all code is
using the same convention.
Reviewed-by: Marcel Apfelbaum <address@hidden>
Signed-off-by: Kamal Heib <address@hidden>
Reviewed-by: Yuval Shaia <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: d151f5debdf1fe33014205e271e2cedd8fc824a2
https://github.com/qemu/qemu/commit/d151f5debdf1fe33014205e271e2cedd8fc824a2
Author: Kamal Heib <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
Log Message:
-----------
hw/pvrdma: Fix zero-initialization of resp in {query/modify}_qp
Make sure to zero-initialize only the pvrdma_cmd_query_qp_resp and not
the whole pvrdma_cmd_resp for query_qp, in modify_qp the resp isn't used
so remove it.
Reviewed-by: Yuval Shaia <address@hidden>
Signed-off-by: Kamal Heib <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: cb42a5867e7677a9fa1885a8436d3e7e8cbeeee9
https://github.com/qemu/qemu/commit/cb42a5867e7677a9fa1885a8436d3e7e8cbeeee9
Author: Kamal Heib <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
Log Message:
-----------
hw/rdma: Fix the error prints in create_qp_rings()
The prints should indicate that we are talking about QP and not CQ.
Fixes: 98d176f8e592 ("hw/rdma: PVRDMA commands and data-path ops")
Reviewed-by: Yuval Shaia <address@hidden>
Signed-off-by: Kamal Heib <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Marcel Apfelbaum <address@hidden>
Commit: c4b21ed1cfd2b5c7d191f9e095d3f1b8b28e2513
https://github.com/qemu/qemu/commit/c4b21ed1cfd2b5c7d191f9e095d3f1b8b28e2513
Author: Peter Maydell <address@hidden>
Date: 2019-03-16 (Sat, 16 Mar 2019)
Changed paths:
M contrib/rdmacm-mux/main.c
M hmp-commands-info.hx
M hmp.c
M hmp.h
M hw/rdma/Makefile.objs
A hw/rdma/rdma.c
M hw/rdma/rdma_backend.c
M hw/rdma/rdma_backend.h
M hw/rdma/rdma_backend_defs.h
M hw/rdma/rdma_rm.c
M hw/rdma/rdma_rm.h
M hw/rdma/rdma_rm_defs.h
M hw/rdma/rdma_utils.c
M hw/rdma/rdma_utils.h
M hw/rdma/trace-events
M hw/rdma/vmw/pvrdma.h
M hw/rdma/vmw/pvrdma_cmd.c
M hw/rdma/vmw/pvrdma_dev_ring.c
M hw/rdma/vmw/pvrdma_main.c
M hw/rdma/vmw/pvrdma_qp_ops.c
M hw/rdma/vmw/trace-events
A include/hw/rdma/rdma.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into
staging
RDMA queue
* Another Clang compilation fix
* Collect pvrdma debugging statistics
* Various fixes for the pvrdma device
# gpg: Signature made Sat 16 Mar 2019 14:09:02 GMT
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <address@hidden>" [marginal]
# gpg: aka "Marcel Apfelbaum <address@hidden>" [marginal]
# gpg: aka "Marcel Apfelbaum <address@hidden>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/rdma-pull-request:
hw/rdma: Fix the error prints in create_qp_rings()
hw/pvrdma: Fix zero-initialization of resp in {query/modify}_qp
hw/rdma: Use {} instead of {0}
hw/rdma: Remove unused parameter from rdma_poll_cq()
hw/rdma: Fix broken paths to docs/devel/tracing.txt
hw/rdma: another clang compilation fix
hw/pvrdma: Provide correct value to object_get_typename
hw/pvrdma: Unregister from shutdown notifier when device goes down
hw/pvrdma: Delete pvrdma_exit function
hw/pvrdma: Delete unneeded function argument
hw/rdma: Free all receive buffers when QP is destroyed
hw/rdma: Free all MAD receive buffers when device is closed
{hmp, hw/pvrdma}: Expose device internals via monitor interface
hw/pvrdma: Collect debugging statistics
hw/rdma: Protect against concurrent execution of poll_cq
hw/rdma: Introduce protected qlist
hw/rdma: Switch to generic error reporting way
contrib/rdmacm-mux: Fix out-of-bounds risk
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/8b088d3f8ab5...c4b21ed1cfd2
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ade007: contrib/rdmacm-mux: Fix out-of-bounds risk,
Peter Maydell <=