diff mbox series

hw/virtio: Fix getting the correct ring number on loading

Message ID 20241122020002.564-1-Wafer@jaguarmicro.com (mailing list archive)
State New
Headers show
Series hw/virtio: Fix getting the correct ring number on loading | expand

Commit Message

Wafer Nov. 22, 2024, 2 a.m. UTC 
From: Wafer Xie <wafer@jaguarmicro.com>

The virtio-1.2 specification writes:

2.7.6 The Virtqueue Available Ring:
"idx field indicates where the driver would put the next descriptor entry
in the ring (modulo the queue size). This starts at 0, and increases"

The idx will increase from 0 to 0xFFFF and repeat,
So idx may be less than last_avail_idx.

Fixes: 616a6552 (virtio: add endian-ambivalent support to VirtIODevice)

Signed-off-by: Wafer Xie <wafer@jaguarmicro.com>
---
 hw/virtio/virtio.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comments

Philippe Mathieu-Daudé Nov. 22, 2024, 7:01 a.m. UTC | #1 
Hi Wafer,

On 22/11/24 03:00, Wafer wrote:
> From: Wafer Xie <wafer@jaguarmicro.com>
> 
> The virtio-1.2 specification writes:
> 
> 2.7.6 The Virtqueue Available Ring:
> "idx field indicates where the driver would put the next descriptor entry
> in the ring (modulo the queue size). This starts at 0, and increases"

"modulo" ...

> 
> The idx will increase from 0 to 0xFFFF and repeat,
> So idx may be less than last_avail_idx.
> 
> Fixes: 616a6552 (virtio: add endian-ambivalent support to VirtIODevice)

This commit is only about endianness... Do you mean 1abeb5a65d
("virtio: fix up VQ checks") or 258dc7c96b ("virtio: sanity-check
available index")?

> 
> Signed-off-by: Wafer Xie <wafer@jaguarmicro.com>
> ---
>   hw/virtio/virtio.c | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index a26f18908e..ae7d407113 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -3362,7 +3362,13 @@ virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
>                   continue;
>               }
>   
> -            nheads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
> +            if (vring_avail_idx(&vdev->vq[i]) >= vdev->vq[i].last_avail_idx) {
> +                nheads = vring_avail_idx(&vdev->vq[i]) -
> +                         vdev->vq[i].last_avail_idx;
> +            } else {
> +                nheads = UINT16_MAX - vdev->vq[i].last_avail_idx +
> +                         vring_avail_idx(&vdev->vq[i]) + 1;
> +            }

...           nheads %= UINT16_MAX; ?

>               /* Check it isn't doing strange things with descriptor numbers. */
>               if (nheads > vdev->vq[i].vring.num) {
>                   virtio_error(vdev, "VQ %d size 0x%x Guest index 0x%x "
diff mbox series

Patch

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index a26f18908e..ae7d407113 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -3362,7 +3362,13 @@  virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
                 continue;
             }
 
-            nheads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
+            if (vring_avail_idx(&vdev->vq[i]) >= vdev->vq[i].last_avail_idx) {
+                nheads = vring_avail_idx(&vdev->vq[i]) -
+                         vdev->vq[i].last_avail_idx;
+            } else {
+                nheads = UINT16_MAX - vdev->vq[i].last_avail_idx +
+                         vring_avail_idx(&vdev->vq[i]) + 1;
+            }
             /* Check it isn't doing strange things with descriptor numbers. */
             if (nheads > vdev->vq[i].vring.num) {
                 virtio_error(vdev, "VQ %d size 0x%x Guest index 0x%x "