| Message ID | 1484387976-167704-1-git-send-email-longpeng2@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Sat, Jan 14, 2017 at 05:59:36PM +0800, Longpeng(Mike) wrote: > As qvring_indirect_desc_setup() wouldn't initialize last VRingDesc, > so it's filled with dirty data, this might cause virtio backend broken. > > For example, the last bit of this VRingDesc's flags might be 1, so > virtqueue_read_next_desc() would report "Desc next is ***". > > This patch zeored the last VRingDesc in qvring_indirect_desc_setup(). > > Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> > --- > tests/libqos/virtio.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/tests/libqos/virtio.c b/tests/libqos/virtio.c > index ec30cb9..b29c69e 100644 > --- a/tests/libqos/virtio.c > +++ b/tests/libqos/virtio.c > @@ -171,12 +171,20 @@ QVRingIndirectDesc *qvring_indirect_desc_setup(QVirtioDevice *d, > for (i = 0; i < elem - 1; ++i) { > /* indirect->desc[i].addr */ > writeq(indirect->desc + (16 * i), 0); > + /* indirect->desc[i].len */ > + writeq(indirect->desc + (16 * i) + 8, 0); The len field is 32 bits long. Please use writel(). > /* indirect->desc[i].flags */ > writew(indirect->desc + (16 * i) + 12, VRING_DESC_F_NEXT); > /* indirect->desc[i].next */ > writew(indirect->desc + (16 * i) + 14, i + 1); > } > > + /* zeroed last element */ > + writeq(indirect->desc + (16 * i), 0); /* addr */ > + writeq(indirect->desc + (16 * i) + 8, 0); /*len*/ Same here.
Hi Stefan, On 2017/1/16 22:13, Stefan Hajnoczi wrote: > On Sat, Jan 14, 2017 at 05:59:36PM +0800, Longpeng(Mike) wrote: ...... >> diff --git a/tests/libqos/virtio.c b/tests/libqos/virtio.c >> index ec30cb9..b29c69e 100644 >> --- a/tests/libqos/virtio.c >> +++ b/tests/libqos/virtio.c >> @@ -171,12 +171,20 @@ QVRingIndirectDesc *qvring_indirect_desc_setup(QVirtioDevice *d, >> for (i = 0; i < elem - 1; ++i) { >> /* indirect->desc[i].addr */ >> writeq(indirect->desc + (16 * i), 0); >> + /* indirect->desc[i].len */ >> + writeq(indirect->desc + (16 * i) + 8, 0); > > The len field is 32 bits long. Please use writel(). > >> /* indirect->desc[i].flags */ >> writew(indirect->desc + (16 * i) + 12, VRING_DESC_F_NEXT); >> /* indirect->desc[i].next */ >> writew(indirect->desc + (16 * i) + 14, i + 1); >> } >> >> + /* zeroed last element */ >> + writeq(indirect->desc + (16 * i), 0); /* addr */ >> + writeq(indirect->desc + (16 * i) + 8, 0); /*len*/ > > Same here. OK. I will fix it in V2.
diff --git a/tests/libqos/virtio.c b/tests/libqos/virtio.c index ec30cb9..b29c69e 100644 --- a/tests/libqos/virtio.c +++ b/tests/libqos/virtio.c @@ -171,12 +171,20 @@ QVRingIndirectDesc *qvring_indirect_desc_setup(QVirtioDevice *d, for (i = 0; i < elem - 1; ++i) { /* indirect->desc[i].addr */ writeq(indirect->desc + (16 * i), 0); + /* indirect->desc[i].len */ + writeq(indirect->desc + (16 * i) + 8, 0); /* indirect->desc[i].flags */ writew(indirect->desc + (16 * i) + 12, VRING_DESC_F_NEXT); /* indirect->desc[i].next */ writew(indirect->desc + (16 * i) + 14, i + 1); } + /* zeroed last element */ + writeq(indirect->desc + (16 * i), 0); /* addr */ + writeq(indirect->desc + (16 * i) + 8, 0); /*len*/ + writew(indirect->desc + (16 * i) + 12, 0); /*flags*/ + writew(indirect->desc + (16 * i) + 14, 0); /*next*/ + return indirect; }
As qvring_indirect_desc_setup() wouldn't initialize last VRingDesc, so it's filled with dirty data, this might cause virtio backend broken. For example, the last bit of this VRingDesc's flags might be 1, so virtqueue_read_next_desc() would report "Desc next is ***". This patch zeored the last VRingDesc in qvring_indirect_desc_setup(). Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> --- tests/libqos/virtio.c | 8 ++++++++ 1 file changed, 8 insertions(+)