From: Yuval Shaia <yuval.shaia@oracle.com>
To: P J P <ppandit@redhat.com>
Cc: Qemu Developers <qemu-devel@nongnu.org>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Saar Amar <saaramar5@gmail.com>, Li Qiang <liq3ea@163.com>,
Prasad J Pandit <pjp@fedoraproject.org>,
yuval.shaia@oracle.com
Subject: Re: [Qemu-devel] [PATCH v1 5/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines
Date: Wed, 12 Dec 2018 20:55:34 +0200 [thread overview]
Message-ID: <20181212185533.GG5747@lap1> (raw)
In-Reply-To: <20181212114726.24060-6-ppandit@redhat.com>
On Wed, Dec 12, 2018 at 05:17:25PM +0530, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> pvrdma_idx_ring_has_[data/space] routines also return invalid
> index PVRDMA_INVALID_IDX[=-1], if ring has no data/space. Check
> return value from these routines to avoid plausible infinite loops.
>
> Reported-by: Li Qiang <liq3ea@163.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/rdma/vmw/pvrdma_dev_ring.c | 37 +++++++++++++++++------------------
> 1 file changed, 18 insertions(+), 19 deletions(-)
>
> Update v1: receive error code in idx variable, remove comments
> -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02342.html
>
> diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
> index 01247fc041..2dccac8442 100644
> --- a/hw/rdma/vmw/pvrdma_dev_ring.c
> +++ b/hw/rdma/vmw/pvrdma_dev_ring.c
> @@ -73,23 +73,22 @@ out:
>
> void *pvrdma_ring_next_elem_read(PvrdmaRing *ring)
> {
> - unsigned int idx = 0, offset;
> + int idx;
> + unsigned int offset, head;
>
> - /*
> - pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
> - ring->ring_state->cons_head);
> - */
> -
> - if (!pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &idx)) {
> + idx = pvrdma_idx_ring_has_data(ring->ring_state, ring->max_elems, &head);
> + if (idx <= 0) {
> pr_dbg("No more data in ring\n");
> return NULL;
> }
>
> + idx = pvrdma_idx(&ring->ring_state->cons_head, ring->max_elems);
> + if (idx < 0 || head != idx) {
> + pr_dbg("invalid idx\n");
> + return NULL;
> + }
> +
Sorry, i mislead you here, idx was already populated by
pvrdma_idx_ring_has_data so call to pvrdma_idx just to retrieve the index
is waste. Please revert back to using another variable to check the return
value from pvrdma_idx_ring_has_data and drop this call to pvrdma_idx.
> offset = idx * ring->elem_sz;
> - /*
> - pr_dbg("idx=%d\n", idx);
> - pr_dbg("offset=%d\n", offset);
> - */
> return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
> }
>
> @@ -105,20 +104,20 @@ void pvrdma_ring_read_inc(PvrdmaRing *ring)
>
> void *pvrdma_ring_next_elem_write(PvrdmaRing *ring)
> {
> - unsigned int idx, offset, tail;
> + int idx;
> + unsigned int offset, tail;
>
> - /*
> - pr_dbg("%s: t=%d, h=%d\n", ring->name, ring->ring_state->prod_tail,
> - ring->ring_state->cons_head);
> - */
> -
> - if (!pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail)) {
> + idx = pvrdma_idx_ring_has_space(ring->ring_state, ring->max_elems, &tail);
> + if (idx <= 0) {
> pr_dbg("CQ is full\n");
> return NULL;
> }
>
> idx = pvrdma_idx(&ring->ring_state->prod_tail, ring->max_elems);
> - /* TODO: tail == idx */
> + if (idx < 0 || tail != idx) {
> + pr_dbg("invalid idx\n");
> + return NULL;
> + }
>
> offset = idx * ring->elem_sz;
> return ring->pages[offset / TARGET_PAGE_SIZE] + (offset % TARGET_PAGE_SIZE);
> --
> 2.19.2
>
next prev parent reply other threads:[~2018-12-12 18:56 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-12 11:47 [Qemu-devel] [PATCH v1 0/6] rdma: various issues in rdma/pvrdma backend P J P
2018-12-12 11:47 ` [Qemu-devel] [PATCH v1 1/6] rdma: check num_sge does not exceed MAX_SGE P J P
2018-12-12 16:56 ` Yuval Shaia
2018-12-12 11:47 ` [Qemu-devel] [PATCH v1 2/6] pvrdma: add uar_read routine P J P
2018-12-12 17:10 ` Marcel Apfelbaum
2018-12-12 11:47 ` [Qemu-devel] [PATCH v1 3/6] pvrdma: check number of pages when creating rings P J P
2018-12-12 17:06 ` Yuval Shaia
2018-12-12 11:47 ` [Qemu-devel] [PATCH v1 4/6] pvrdma: release ring object in case of an error P J P
2018-12-12 17:13 ` Yuval Shaia
2018-12-12 11:47 ` [Qemu-devel] [PATCH v1 5/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines P J P
2018-12-12 18:55 ` Yuval Shaia [this message]
2018-12-12 11:47 ` [Qemu-devel] [PATCH v1 6/6] rdma: remove unused VENDOR_ERR_NO_SGE macro P J P
2018-12-12 17:23 ` Yuval Shaia
2018-12-12 17:26 ` Yuval Shaia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181212185533.GG5747@lap1 \
--to=yuval.shaia@oracle.com \
--cc=liq3ea@163.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=pjp@fedoraproject.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=saaramar5@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.