Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change IoVecBuffer[Mut] len to u32 #4556

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Change IoVecBuffer[Mut] len to u32 #4556

wants to merge 2 commits into from

Conversation

brandonpike
Copy link

@brandonpike brandonpike commented Apr 12, 2024
edited

Changes

  • Change IoVecBuffer[Mut] len to u32 (was usize)
  • Add u32 overflow check (errors out rather than panics)

Closes #4548

Reason

Protect against overflows and use a consistent data type for virtio files.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • If a specific issue led to this PR, this PR closes the issue.
  • The description of changes is clear and encompassing.
  • Any required documentation changes (code and docs) are included in this
    PR.
  • API changes follow the Runbook for Firecracker API changes.
  • User-facing changes are mentioned in CHANGELOG.md.
  • All added/changed functionality is tested.
  • New TODOs link to an issue.
  • Commits meet
    contribution quality standards.
  • This functionality cannot be added in rust-vmm.

@brandonpike brandonpike marked this pull request as ready for review April 12, 2024 21:22
@brandonpike
Copy link
Author

Fixing lint/build errors...

Change IoVecBuffer[Mut] len to u32
2c51bdd 
This commit changes the iovec len primitive to match descriptor chain's
(u32). This removes some ugly casting and potential overflow problems,
and allows us to upcast when needed in a non-lossy manor.

Signed-off-by: Brandon Pike <bpike@amazon.com>
@brandonpike
Copy link
Author

Local Tests on R7g.metal:

Checkstyle

./tools/devtool -y checkstyle
======================================================================= 13 passed in 22.86s =======================================================================
[Firecracker devtool 2024-04-24T22:10:26+00:00] Finished test run ...

Integration tests

./tools/devtool -y test -- ../tests/integration_tests/build/
======================================================= 8 passed, 1 skipped, 1 warning in 384.33s (0:06:24) =======================================================
[Firecracker devtool 2024-04-24T22:08:11+00:00] Finished test run ...

Warning:
/firecracker/tests/integration_tests/build/test_coverage.py:106: UserWarning: Not uploading coverage report due to missing CODECOV_TOKEN environment variable
    warnings.warn(

Performance Tests

./tools/devtool -y test --performance -c 1-10 -m 0 -- ../tests/integration_tests/ -m 'no_block_pr and not nonci' --log-cli-level=INFO
FAILED

Performance tests fail on R7g because of the graviton 3 processors having a different cpu register set?

@codecov Codecov
Copy link

codecov bot commented Apr 25, 2024
edited

Codecov Report

Attention: Patch coverage is 96.29630% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 82.13%. Comparing base (4a28b9c) to head (7229152).

Files Patch % Lines
src/vmm/src/devices/virtio/vsock/mod.rs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4556      +/-   ##
==========================================
- Coverage   82.13%   82.13%   -0.01%     
==========================================
  Files         255      255              
  Lines       31274    31276       +2     
==========================================
+ Hits        25688    25689       +1     
- Misses       5586     5587       +1
Flag Coverage Δ
4.14-c5n.metal 79.63% <96.29%> (-0.01%) ⬇️
4.14-c7g.metal ?
4.14-m5n.metal 79.61% <96.29%> (-0.01%) ⬇️
4.14-m6a.metal 78.84% <96.29%> (-0.01%) ⬇️
4.14-m6g.metal 76.68% <96.29%> (-0.01%) ⬇️
4.14-m6i.metal 79.61% <96.29%> (-0.01%) ⬇️
4.14-m7g.metal 76.68% <96.29%> (-0.01%) ⬇️
5.10-c5n.metal 82.14% <96.29%> (-0.01%) ⬇️
5.10-m5n.metal 82.13% <96.29%> (-0.01%) ⬇️
5.10-m6a.metal 81.44% <96.29%> (-0.01%) ⬇️
5.10-m6g.metal 79.46% <96.29%> (-0.01%) ⬇️
5.10-m6i.metal 82.13% <96.29%> (-0.01%) ⬇️
5.10-m7g.metal 79.46% <96.29%> (-0.01%) ⬇️
6.1-c5n.metal 82.14% <96.29%> (-0.01%) ⬇️
6.1-c7g.metal ?
6.1-m5n.metal 82.13% <96.29%> (-0.01%) ⬇️
6.1-m6a.metal 81.44% <96.29%> (-0.01%) ⬇️
6.1-m6g.metal 79.46% <96.29%> (+<0.01%) ⬆️
6.1-m6i.metal 82.13% <96.29%> (-0.01%) ⬇️
6.1-m7g.metal 79.45% <96.29%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

roypat
roypat reviewed Apr 29, 2024
View reviewed changes
Copy link
Contributor

@roypat roypat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @brandonpike,
Thanks for picking this up! The changes generally look good, but I think we can go a bit further in the vsock module. The specification states that everything size related about vsock buffers is u32, so we can do the following changes to function signatures:

  • VsockConnection::peer_avail_credit can return u32
  • VsockPacket::buf_size can return u32
  • VsockPacket::read_at_offset_from should be (&self, &mut T, u32, u32) -> Result<u32, VsockError> (e..g. the conversion to usize should only happen right around the write_volatile_at call
  • ditto for VsockPacket::write_from_offset_to
    Although, maybe we can even get away with changing the arguments IoVecBuffer[Mut]::{read,write}_volatile_at to u32s?

That being said, the changes in this PR as-is are already a huge improvement, so am also happy to approve/merge and track the above as a follow up. Just please fix the errors in the cfg(kani) modules :)

src/vmm/src/devices/virtio/vsock/packet.rs
@@ -139,7 +139,7 @@ impl VsockPacket {
return Err(VsockError::InvalidPktLen(hdr.len));
}

if (hdr.len as usize) > buffer.len() - VSOCK_PKT_HDR_SIZE as usize {
if (hdr.len) > buffer.len() - VSOCK_PKT_HDR_SIZE {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
if (hdr.len) > buffer.len() - VSOCK_PKT_HDR_SIZE {
if hdr.len > buffer.len() - VSOCK_PKT_HDR_SIZE {

src/vmm/src/devices/virtio/net/tap.rs
@@ -363,7 +363,7 @@ pub mod tests {

tap.write_iovec(&scattered).unwrap();

let mut read_buf = vec![0u8; scattered.len()];
let mut read_buf = vec![0u8; scattered.len().try_into().unwrap()];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does the stdlib really not have impl From<u32> for usize? .-.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roypat roypat roypat left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@bchalios bchalios

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use u32 to describe descriptor chain lengths
3 participants
@brandonpike @roypat @bchalios