[PATCH] vhost: disable all features and trace last_avail_idx and ioctl calls

From: Eugenio PÃrez
Date: Fri Feb 14 2020 - 02:02:26 EST

---
drivers/vhost/net.c | 20 +++++++++++++++++---
drivers/vhost/vhost.c | 25 +++++++++++++++++++++++--
drivers/vhost/vhost.h | 10 +++++-----
3 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
index e158159671fa..e4d5f843f9c0 100644
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -1505,10 +1505,13 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)

mutex_lock(&n->dev.mutex);
r = vhost_dev_check_owner(&n->dev);
- if (r)
+ if (r) {
+ pr_debug("vhost_dev_check_owner index=%u fd=%d rc r=%d", index, fd, r);
goto err;
+ }

if (index >= VHOST_NET_VQ_MAX) {
+ pr_debug("vhost_dev_check_owner index=%u fd=%d MAX=%d", index, fd, VHOST_NET_VQ_MAX);
r = -ENOBUFS;
goto err;
}
@@ -1518,22 +1521,26 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)

/* Verify that ring has been setup correctly. */
if (!vhost_vq_access_ok(vq)) {
+ pr_debug("vhost_net_set_backend index=%u fd=%d !vhost_vq_access_ok", index, fd);
r = -EFAULT;
goto err_vq;
}
sock = get_socket(fd);
if (IS_ERR(sock)) {
r = PTR_ERR(sock);
+ pr_debug("vhost_net_set_backend index=%u fd=%d get_socket err r=%d", index, fd, r);
goto err_vq;
}

/* start polling new socket */
oldsock = vq->private_data;
if (sock != oldsock) {
+ pr_debug("sock=%p != oldsock=%p index=%u fd=%d vq=%p", sock, oldsock, index, fd, vq);
ubufs = vhost_net_ubuf_alloc(vq,
sock && vhost_sock_zcopy(sock));
if (IS_ERR(ubufs)) {
r = PTR_ERR(ubufs);
+ pr_debug("ubufs index=%u fd=%d err r=%d vq=%p", index, fd, r, vq);
goto err_ubufs;
}

@@ -1541,11 +1548,15 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
vq->private_data = sock;
vhost_net_buf_unproduce(nvq);
r = vhost_vq_init_access(vq);
- if (r)
+ if (r) {
+ pr_debug("init_access index=%u fd=%d r=%d vq=%p", index, fd, r, vq);
goto err_used;
+ }
r = vhost_net_enable_vq(n, vq);
- if (r)
+ if (r) {
+ pr_debug("enable_vq index=%u fd=%d r=%d vq=%p", index, fd, r, vq);
goto err_used;
+ }
if (index == VHOST_NET_VQ_RX)
nvq->rx_ring = get_tap_ptr_ring(fd);

@@ -1559,6 +1570,8 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)

mutex_unlock(&vq->mutex);

+ pr_debug("sock=%p", sock);
+
if (oldubufs) {
vhost_net_ubuf_put_wait_and_free(oldubufs);
mutex_lock(&vq->mutex);
@@ -1710,6 +1723,7 @@ static long vhost_net_ioctl(struct file *f, unsigned int ioctl,

switch (ioctl) {
case VHOST_NET_SET_BACKEND:
+ pr_debug("VHOST_NET_SET_BACKEND");
if (copy_from_user(&backend, argp, sizeof backend))
return -EFAULT;
return vhost_net_set_backend(n, backend.index, backend.fd);
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index b5a51b1f2e79..ec25ba32fe81 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1642,15 +1642,30 @@ long vhost_vring_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *arg
r = -EINVAL;
break;
}
+
+ if (vq->last_avail_idx || vq->avail_idx) {
+ pr_debug(
+ "strange VHOST_SET_VRING_BASE [vq=%p][s.index=%u][s.num=%u]",
+ vq, s.index, s.num);
+ dump_stack();
+ r = 0;
+ break;
+ }
vq->last_avail_idx = s.num;
/* Forget the cached index value. */
vq->avail_idx = vq->last_avail_idx;
+ pr_debug(
+ "VHOST_SET_VRING_BASE [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][s.index=%u][s.num=%u]",
+ vq, vq->last_avail_idx, vq->avail_idx, s.index, s.num);
break;
case VHOST_GET_VRING_BASE:
s.index = idx;
s.num = vq->last_avail_idx;
if (copy_to_user(argp, &s, sizeof s))
r = -EFAULT;
+ pr_debug(
+ "VHOST_GET_VRING_BASE [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][s.index=%u][s.num=%u]",
+ vq, vq->last_avail_idx, vq->avail_idx, s.index, s.num);
break;
case VHOST_SET_VRING_KICK:
if (copy_from_user(&f, argp, sizeof f)) {
@@ -2239,8 +2254,8 @@ static int fetch_buf(struct vhost_virtqueue *vq)
vq->avail_idx = vhost16_to_cpu(vq, avail_idx);

if (unlikely((u16)(vq->avail_idx - last_avail_idx) > vq->num)) {
- vq_err(vq, "Guest moved used index from %u to %u",
- last_avail_idx, vq->avail_idx);
+ vq_err(vq, "Guest moved vq %p used index from %u to %u",
+ vq, last_avail_idx, vq->avail_idx);
return -EFAULT;
}

@@ -2316,6 +2331,9 @@ static int fetch_buf(struct vhost_virtqueue *vq)
BUG_ON(!(vq->used_flags & VRING_USED_F_NO_NOTIFY));

/* On success, increment avail index. */
+ pr_debug(
+ "[vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][vq->ndescs=%d][vq->first_desc=%d]",
+ vq, vq->last_avail_idx, vq->avail_idx, vq->ndescs, vq->first_desc);
vq->last_avail_idx++;

return 0;
@@ -2432,6 +2450,9 @@ EXPORT_SYMBOL_GPL(vhost_get_vq_desc);
/* Reverse the effect of vhost_get_vq_desc. Useful for error handling. */
void vhost_discard_vq_desc(struct vhost_virtqueue *vq, int n)
{
+ pr_debug(
+ "DISCARD [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][n=%d]",
+ vq, vq->last_avail_idx, vq->avail_idx, n);
vq->last_avail_idx -= n;
}
EXPORT_SYMBOL_GPL(vhost_discard_vq_desc);
diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
index 661088ae6dc7..08f6d2ccb697 100644
--- a/drivers/vhost/vhost.h
+++ b/drivers/vhost/vhost.h
@@ -250,11 +250,11 @@ int vhost_init_device_iotlb(struct vhost_dev *d, bool enabled);
} while (0)

enum {
- VHOST_FEATURES = (1ULL << VIRTIO_F_NOTIFY_ON_EMPTY) |
- (1ULL << VIRTIO_RING_F_INDIRECT_DESC) |
- (1ULL << VIRTIO_RING_F_EVENT_IDX) |
- (1ULL << VHOST_F_LOG_ALL) |
- (1ULL << VIRTIO_F_ANY_LAYOUT) |
+ VHOST_FEATURES = /* (1ULL << VIRTIO_F_NOTIFY_ON_EMPTY) | */
+ /* (1ULL << VIRTIO_RING_F_INDIRECT_DESC) | */
+ /* (1ULL << VIRTIO_RING_F_EVENT_IDX) | */
+ /* (1ULL << VHOST_F_LOG_ALL) | */
+ /* (1ULL << VIRTIO_F_ANY_LAYOUT) | */
(1ULL << VIRTIO_F_VERSION_1)
};

--
2.18.1