[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes |
|
Date: |
Mon, 19 Aug 2013 16:30:54 +0200 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Mon, Aug 19, 2013 at 05:28:44PM +0800, yinyin wrote:
> Hi,all:
> in func virtqueue_get_avail_bytes, when found a indirect desc, we need
> loop over it.
> /* loop over the indirect descriptor table */
> indirect = 1;
> max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
> num_bufs = i = 0;
> desc_pa = vring_desc_addr(desc_pa, i);
> But, It init i to 0, then use i to update desc_pa. so we will always
> get :
> desc_pa = vring_desc_addr(desc_pa, 0);
> is it right?or should we update desc_pa first, then init i to 0?
Is there a way to trigger a crash or erorr from a normal running guest?
Affected devices: serial, rng, and net - they call
virtqueue_get_avail_bytes() directly or indirectly.
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 09f62c6..554ae6f 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -377,8 +377,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned
> int *in_bytes,
> /* loop over the indirect descriptor table */
> indirect = 1;
> max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
> - num_bufs = i = 0;
> desc_pa = vring_desc_addr(desc_pa, i);
> + num_bufs = i = 0;
I agree, this looks wrong. git-blame(1) doesn't reveal anything
interesting. Looks like this bug has been around since 2009!
Please resend your patch according to the guidelines here:
http://qemu-project.org/Contribute/SubmitAPatch
In particular, please include a Signed-off-by: Your Name <address@hidden> line.
Stefan