| Message ID | 20220617034348.3162918-1-zhenzhong.duan@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | virtio-iommu: Fix the partial copy of probe request | expand |
On Fri, Jun 17, 2022 at 11:43:48AM +0800, Zhenzhong Duan wrote: > The structure of probe request doesn't include the tail, this lead to > a few field is missed to be copied. Currently this isn't an issue as > those missed field belong to reserved field, just in case reserved > field will be used in the future. > > By this chance, also remove a few useless code. I think this code is there to future proof in case more fields are added. Please just post a bugfix patch. Also a Fixes tag can't hurt. Probably commit 5442b854eaf921588e24d5711640ab71e59cb1b8 Author: Eric Auger <eric.auger@redhat.com> Date: Fri Feb 14 14:27:37 2020 +0100 virtio-iommu: Decode the command payload Thanks! > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> > --- > hw/virtio/virtio-iommu.c | 8 +++----- > 1 file changed, 3 insertions(+), 5 deletions(-) > > diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c > index 7c122ab95780..bc96caf37c0c 100644 > --- a/hw/virtio/virtio-iommu.c > +++ b/hw/virtio/virtio-iommu.c > @@ -656,19 +656,16 @@ static int virtio_iommu_probe(VirtIOIOMMU *s, > uint8_t *buf) > { > uint32_t ep_id = le32_to_cpu(req->endpoint); > - size_t free = VIOMMU_PROBE_SIZE; > ssize_t count; > > if (!virtio_iommu_mr(s, ep_id)) { > return VIRTIO_IOMMU_S_NOENT; > } > > - count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, free); > + count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, VIOMMU_PROBE_SIZE); > if (count < 0) { > return VIRTIO_IOMMU_S_INVAL; > } > - buf += count; > - free -= count; > > return VIRTIO_IOMMU_S_OK; > } > @@ -708,7 +705,8 @@ static int virtio_iommu_handle_probe(VirtIOIOMMU *s, > uint8_t *buf) > { > struct virtio_iommu_req_probe req; > - int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); > + int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, > + sizeof(req) + sizeof(struct virtio_iommu_req_tail)); > > return ret ? ret : virtio_iommu_probe(s, &req, buf); > } > -- > 2.25.1
>-----Original Message----- >From: Michael S. Tsirkin <mst@redhat.com> >Sent: Friday, June 17, 2022 1:31 PM >To: Duan, Zhenzhong <zhenzhong.duan@intel.com> >Cc: qemu-devel@nongnu.org; eric.auger@redhat.com >Subject: Re: [PATCH] virtio-iommu: Fix the partial copy of probe request > >On Fri, Jun 17, 2022 at 11:43:48AM +0800, Zhenzhong Duan wrote: >> The structure of probe request doesn't include the tail, this lead to >> a few field is missed to be copied. Currently this isn't an issue as >> those missed field belong to reserved field, just in case reserved >> field will be used in the future. >> >> By this chance, also remove a few useless code. > >I think this code is there to future proof in case more fields are added. >Please just post a bugfix patch. Also a Fixes tag can't hurt. Got it, will do. Thanks Zhenzhong
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index 7c122ab95780..bc96caf37c0c 100644 --- a/hw/virtio/virtio-iommu.c +++ b/hw/virtio/virtio-iommu.c @@ -656,19 +656,16 @@ static int virtio_iommu_probe(VirtIOIOMMU *s, uint8_t *buf) { uint32_t ep_id = le32_to_cpu(req->endpoint); - size_t free = VIOMMU_PROBE_SIZE; ssize_t count; if (!virtio_iommu_mr(s, ep_id)) { return VIRTIO_IOMMU_S_NOENT; } - count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, free); + count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, VIOMMU_PROBE_SIZE); if (count < 0) { return VIRTIO_IOMMU_S_INVAL; } - buf += count; - free -= count; return VIRTIO_IOMMU_S_OK; } @@ -708,7 +705,8 @@ static int virtio_iommu_handle_probe(VirtIOIOMMU *s, uint8_t *buf) { struct virtio_iommu_req_probe req; - int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); + int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, + sizeof(req) + sizeof(struct virtio_iommu_req_tail)); return ret ? ret : virtio_iommu_probe(s, &req, buf); }
The structure of probe request doesn't include the tail, this lead to a few field is missed to be copied. Currently this isn't an issue as those missed field belong to reserved field, just in case reserved field will be used in the future. By this chance, also remove a few useless code. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> --- hw/virtio/virtio-iommu.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)