Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes

From:	Amit Shah
Subject:	Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes
Date:	Wed, 4 Sep 2013 17:48:52 +0530

On (Tue) 03 Sep 2013 [14:15:55], Michael S. Tsirkin wrote:
> On Tue, Sep 03, 2013 at 04:40:21PM +0530, Amit Shah wrote:
> > On (Mon) 19 Aug 2013 [16:30:54], Stefan Hajnoczi wrote:
> > > On Mon, Aug 19, 2013 at 05:28:44PM +0800, yinyin wrote:
> > > > Hi,all:
> > > >         in func virtqueue_get_avail_bytes， when found a indirect desc, 
> > > > we need loop over it.
> > > >             /* loop over the indirect descriptor table */
> > > >             indirect = 1;
> > > >             max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
> > > >             num_bufs = i = 0;
> > > >             desc_pa = vring_desc_addr(desc_pa, i);
> > > >         But, It init i to 0, then use i to update desc_pa. so we will 
> > > > always get  :
> > > >         desc_pa = vring_desc_addr(desc_pa, 0);
> > > >         is it right？or should we update desc_pa first, then init i to 0?
> > > 
> > > Is there a way to trigger a crash or erorr from a normal running guest?
> > > 
> > > Affected devices: serial, rng, and net - they call
> > > virtqueue_get_avail_bytes() directly or indirectly.
> > > 
> > > > diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> > > > index 09f62c6..554ae6f 100644
> > > > --- a/hw/virtio/virtio.c
> > > > +++ b/hw/virtio/virtio.c
> > > > @@ -377,8 +377,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, 
> > > > unsigned int *in_bytes,
> > > >              /* loop over the indirect descriptor table */
> > > >              indirect = 1;
> > > >              max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
> > > > -            num_bufs = i = 0;
> > > >              desc_pa = vring_desc_addr(desc_pa, i);
> > > > +           num_bufs = i = 0;
> > > 
> > > I agree, this looks wrong.  git-blame(1) doesn't reveal anything
> > > interesting.  Looks like this bug has been around since 2009!
> > 
> > Hm, why hasn't this bitten anyone yet?
> 
> net uses virtqueue_get_avail_bytes for RX only, and drivers
> only post single buffers there.
> 
> Same seems to be true for other devices?

Yes, we were lucky.

                Amit

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes, Amit Shah, 2013/09/03
- Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes, Michael S. Tsirkin, 2013/09/03
  - Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes, Amit Shah <=

Prev by Date: [Qemu-devel] [PATCH RFC] dataplane: Fix startup race.
Next by Date: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
Previous by thread: Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes
Next by thread: [Qemu-devel] [KVM] segmentation fault happened when reboot VM after hot-uplug virtio NIC
Index(es):
- Date
- Thread