On Tue, Jan 18 2022, "Michael S. Tsirkin" mst@redhat.com wrote:
The feature negotiation was designed in a way that makes it possible for devices to know which config fields will be accessed by drivers.
This is broken since commit 404123c2db79 ("virtio: allow drivers to validate features") with fallout in at least block and net. We have a partial work-around in commit 2f9a174f918e ("virtio: write back F_VERSION_1 before validate") which at least lets devices find out which format should config space have, but this is a partial fix: guests should not access config space without acknowledging features since otherwise we'll never be able to change the config space format.
To fix, split finalize_features from virtio_finalize_features and call finalize_features with all feature bits before validation, and then - if validation changed any bits - once again after.
Since virtio_finalize_features no longer writes out features rename it to virtio_features_ok - since that is what it does: checks that features are ok with the device.
As a side effect, this also reduces the amount of hypervisor accesses - we now only acknowledge features once unless we are clearing any features when validating (which is uncommon).
Cc: stable@vger.kernel.org Fixes: 404123c2db79 ("virtio: allow drivers to validate features") Fixes: 2f9a174f918e ("virtio: write back F_VERSION_1 before validate") Cc: "Halil Pasic" pasic@linux.ibm.com Signed-off-by: Michael S. Tsirkin mst@redhat.com
fixup! virtio: acknowledge all features before access
Leftover from rebasing?
drivers/virtio/virtio.c | 39 ++++++++++++++++++++--------------- include/linux/virtio_config.h | 3 ++- 2 files changed, 24 insertions(+), 18 deletions(-)
Reviewed-by: Cornelia Huck cohuck@redhat.com
Would like to see a quick sanity test from Halil, though.