[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3] virtio: guard vring access when setting notifica
From: |
Cornelia Huck |
Subject: |
[Qemu-devel] [PATCH v3] virtio: guard vring access when setting notification |
Date: |
Wed, 1 Mar 2017 18:58:52 +0100 |
Switching to vring caches exposed an existing bug in
virtio_queue_set_notification(): We can't access vring structures
if they have not been set up yet. This may happen, for example,
for virtio-blk devices with multiple queues: The code will try to
switch notifiers for every queue, but the guest may have only set up
a subset of them.
Fix this by guarding access to the vring memory by checking for
vring.desc. The first aio poll will iron out any remaining
inconsistencies for later-configured queues (buggy legacy drivers).
Signed-off-by: Cornelia Huck <address@hidden>
---
v2->v3:
- Switch to a very simple check for !desc, which should be fine for
the existing users.
We might want to assert that callers don't start aio before DRIVER_OK
resp. first kick, but that can wait until after we've fixed this bug.
---
hw/virtio/virtio.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index e487e36..bf8a644 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -288,6 +288,10 @@ void virtio_queue_set_notification(VirtQueue *vq, int
enable)
{
vq->notification = enable;
+ if (!vq->vring.desc) {
+ return;
+ }
+
rcu_read_lock();
if (virtio_vdev_has_feature(vq->vdev, VIRTIO_RING_F_EVENT_IDX)) {
vring_set_avail_event(vq, vring_avail_idx(vq));
--
2.8.4
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH v3] virtio: guard vring access when setting notification,
Cornelia Huck <=