Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change IoVecBuffer[Mut] len to u32 #4556

Merged
merged 2 commits into from
May 28, 2024
Merged

Change IoVecBuffer[Mut] len to u32 #4556

merged 2 commits into from
May 28, 2024
+60 −45

Conversation

brandonpike
Copy link

@brandonpike brandonpike commented Apr 12, 2024
edited

Changes

  • Change IoVecBuffer[Mut] len to u32 (was usize)
  • Add u32 overflow check (errors out rather than panics)

Closes #4548

Reason

Protect against overflows and use a consistent data type for virtio files.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • If a specific issue led to this PR, this PR closes the issue.
  • The description of changes is clear and encompassing.
  • Any required documentation changes (code and docs) are included in this
    PR.
  • API changes follow the Runbook for Firecracker API changes.
  • User-facing changes are mentioned in CHANGELOG.md.
  • All added/changed functionality is tested.
  • New TODOs link to an issue.
  • Commits meet
    contribution quality standards.
  • This functionality cannot be added in rust-vmm.

@brandonpike brandonpike marked this pull request as ready for review April 12, 2024 21:22
@brandonpike
Copy link
Author

Fixing lint/build errors...

@brandonpike brandonpike force-pushed the desc_chain_lens branch 2 times, most recently from 9e7f47b to 2c51bdd Compare April 24, 2024 22:18
@brandonpike
Copy link
Author

Local Tests on R7g.metal:

Checkstyle

./tools/devtool -y checkstyle
======================================================================= 13 passed in 22.86s =======================================================================
[Firecracker devtool 2024-04-24T22:10:26+00:00] Finished test run ...

Integration tests

./tools/devtool -y test -- ../tests/integration_tests/build/
======================================================= 8 passed, 1 skipped, 1 warning in 384.33s (0:06:24) =======================================================
[Firecracker devtool 2024-04-24T22:08:11+00:00] Finished test run ...

Warning:
/firecracker/tests/integration_tests/build/test_coverage.py:106: UserWarning: Not uploading coverage report due to missing CODECOV_TOKEN environment variable
    warnings.warn(

Performance Tests

./tools/devtool -y test --performance -c 1-10 -m 0 -- ../tests/integration_tests/ -m 'no_block_pr and not nonci' --log-cli-level=INFO
FAILED

Performance tests fail on R7g because of the graviton 3 processors having a different cpu register set?

@codecov Codecov
Copy link

codecov bot commented Apr 25, 2024
edited

Codecov Report

Attention: Patch coverage is 96.29630% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 82.08%. Comparing base (0f39350) to head (ba36b81).

Files Patch % Lines
src/vmm/src/devices/virtio/vsock/mod.rs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4556      +/-   ##
==========================================
- Coverage   82.08%   82.08%   -0.01%     
==========================================
  Files         255      255              
  Lines       31256    31258       +2     
==========================================
+ Hits        25658    25659       +1     
- Misses       5598     5599       +1
Flag Coverage Δ
4.14-c5n.metal 79.58% <96.29%> (-0.01%) ⬇️
4.14-c7g.metal ?
4.14-m5n.metal 79.56% <96.29%> (-0.01%) ⬇️
4.14-m6a.metal 78.79% <96.29%> (-0.01%) ⬇️
4.14-m6g.metal 76.62% <96.29%> (-0.01%) ⬇️
4.14-m6i.metal 79.55% <96.29%> (-0.01%) ⬇️
4.14-m7g.metal 76.62% <96.29%> (-0.01%) ⬇️
5.10-c5n.metal 82.09% <96.29%> (-0.01%) ⬇️
5.10-c7g.metal ?
5.10-m5n.metal 82.08% <96.29%> (-0.01%) ⬇️
5.10-m6a.metal 81.39% <96.29%> (+<0.01%) ⬆️
5.10-m6g.metal 79.40% <96.29%> (-0.01%) ⬇️
5.10-m6i.metal 82.07% <96.29%> (-0.01%) ⬇️
5.10-m7g.metal 79.40% <96.29%> (-0.01%) ⬇️
6.1-c5n.metal 82.09% <96.29%> (-0.01%) ⬇️
6.1-c7g.metal ?
6.1-m5n.metal 82.08% <96.29%> (-0.01%) ⬇️
6.1-m6a.metal 81.38% <96.29%> (-0.01%) ⬇️
6.1-m6g.metal 79.40% <96.29%> (-0.01%) ⬇️
6.1-m6i.metal 82.07% <96.29%> (-0.01%) ⬇️
6.1-m7g.metal 79.40% <96.29%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

roypat
roypat reviewed Apr 29, 2024
View reviewed changes
Copy link
Contributor

@roypat roypat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @brandonpike,
Thanks for picking this up! The changes generally look good, but I think we can go a bit further in the vsock module. The specification states that everything size related about vsock buffers is u32, so we can do the following changes to function signatures:

  • VsockConnection::peer_avail_credit can return u32
  • VsockPacket::buf_size can return u32
  • VsockPacket::read_at_offset_from should be (&self, &mut T, u32, u32) -> Result<u32, VsockError> (e..g. the conversion to usize should only happen right around the write_volatile_at call
  • ditto for VsockPacket::write_from_offset_to
    Although, maybe we can even get away with changing the arguments IoVecBuffer[Mut]::{read,write}_volatile_at to u32s?

That being said, the changes in this PR as-is are already a huge improvement, so am also happy to approve/merge and track the above as a follow up. Just please fix the errors in the cfg(kani) modules :)

src/vmm/src/devices/virtio/vsock/packet.rs Outdated Show resolved Hide resolved
src/vmm/src/devices/virtio/net/tap.rs Outdated Show resolved Hide resolved
roypat
roypat reviewed May 20, 2024
View reviewed changes
Copy link
Contributor

@roypat roypat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good now! As one last thing, could you squash the fixup commit into 2c51bdd? Then we should be good to merge :)

@brandonpike
Change IoVecBuffer[Mut] len to u32
feae33f 
This commit changes the iovec len primitive to match descriptor chain's
(u32). This removes some ugly casting and potential overflow problems,
and allows us to upcast when needed in a non-lossy manor.

Signed-off-by: Brandon Pike <bpike@amazon.com>
@roypat roypat added the Status: Awaiting review Indicates that a pull request is ready to be reviewed label May 28, 2024
@roypat roypat merged commit 1cb72de into firecracker-microvm:main May 28, 2024
10 checks passed
This was referenced May 28, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShadowCurse ShadowCurse ShadowCurse approved these changes

@roypat roypat roypat approved these changes

Assignees

@bchalios bchalios

Labels
Status: Awaiting review Indicates that a pull request is ready to be reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use u32 to describe descriptor chain lengths
4 participants
@brandonpike @ShadowCurse @roypat @bchalios