Hi Christoffer, On 13/10/2017 19:56, Christoffer Dall wrote: > On Fri, Oct 13, 2017 at 04:22:25PM +0200, Auger Eric wrote: >> Hi, >> >> On 13/10/2017 15:16, Christoffer Dall wrote: >>> On Wed, Sep 27, 2017 at 03:28:33PM +0200, Eric Auger wrote: >>>> At the moment the device table save() returns -EINVAL if >>>> vgic_its_check_id() fails to return the gpa of the entry >>>> associated to the device/collection id. Let vgic_its_check_id() >>>> return an int instead of a bool and return a more precised >>>> error value: >>>> - EINVAL in case the id is out of range >>>> - EFAULT if the gpa is not provisionned or is not valid >>>> >>> >>> This is just to ease debugging, yes? >> >> I understood user-space should be able to discriminate between bad guest >> programming and values corrupted by the userspace (regs for instance). >> In first case QEMU should not abort. In latter case it should abort. > > So what is userspace supposed to do in the first case? I was referring to https://www.spinics.net/lists/kvm/msg148791.html. QEMU is supposed to write a message in that case but not cause an abort(). This is what is actually implemented on QEMU side. In case the ioctl returns -EFAULT, we don't abort but simply warn. However at the moment we return -EINVAL in some circumstances where - I think - we should return -EFAULT. Hence this patch attempting to be more precise on the cause of the failure instead of abruptly returning -EINVAL here. Thanks Eric > >> >> In vgic_its_check_id we are checking the L1 entry validity bit and in >> case it is invalid we can't compute the GPA of the entry. I was thinking >> we should return -EFAULT in that case. But maybe returning EFAULT in >> case the BASER<n> address is not reachable also is wrong because that >> may be caused by the userspace writing a wrong value. Sigh ... >> > > I think if either userspace or the guest programmed something that > cannot be traversed, then you just don't save/restore the ITS properly, > because it's broken anyway, so I don't think we need to replicate the > *same broken state* at the destination. > > Maybe I'm missing part of the picture here. > > Thanks, > -Christoffer >
