From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45029) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WTtht-00056I-EZ for qemu-devel@nongnu.org; Sat, 29 Mar 2014 09:54:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WTthp-0004xg-1Q for qemu-devel@nongnu.org; Sat, 29 Mar 2014 09:53:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59296) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WTtho-0004xV-Nr for qemu-devel@nongnu.org; Sat, 29 Mar 2014 09:53:52 -0400 Message-ID: <5336D059.2080106@redhat.com> Date: Sat, 29 Mar 2014 07:53:29 -0600 From: Eric Blake MIME-Version: 1.0 References: <1396079541-7112-1-git-send-email-arei.gonglei@huawei.com> In-Reply-To: <1396079541-7112-1-git-send-email-arei.gonglei@huawei.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="conM8kuo810Wwc81r0sJgiUnFg3PqBaCP" Subject: Re: [Qemu-devel] [PATCH] xbzrle: don't check the value in the vm ram repeatedly List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: arei.gonglei@huawei.com, qemu-devel@nongnu.org Cc: ChenLiang , weidong.huang@huawei.com, quintela@redhat.com, dgilbert@redhat.com, owasserm@redhat.com, mrhines@us.ibm.com, pbonzini@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --conM8kuo810Wwc81r0sJgiUnFg3PqBaCP Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/29/2014 01:52 AM, arei.gonglei@huawei.com wrote: > From: ChenLiang >=20 > xbzrle_encode_buffer checks the value in the ram repeatedly. > It is risk if runs xbzrle_encode_buffer on changing data. > And it is not necessary. >=20 > Reported-by: Dr. David Alan Gilbert > Signed-off-by: ChenLiang > Signed-off-by: Gonglei > --- > xbzrle.c | 4 ++++ > 1 file changed, 4 insertions(+) Insufficient. Observe what we did at line 52 when looking for the zero-r= un: >> /* word at a time for speed */ >> if (!res) { >> while (i < slen && >> (*(long *)(old_buf + i)) =3D=3D (*(long *)(new_buf = + i))) { This dereferences 8 bytes at new_buf[i] (on a 64-bit machine)... >> i +=3D sizeof(long); >> zrun_len +=3D sizeof(long); >> } >>=20 >> /* go over the rest */ >> while (i < slen && old_buf[i] =3D=3D new_buf[i]) { =2E..and this also dereferences those same bytes. But your argument is that new_buf[i] is volatile. You MUST read new_buf[i] into a temporary variable, and if the first read found a difference, then the "go over the rest" analysis must be on that temporary, rather than going back to reading directly from new_buf. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --conM8kuo810Wwc81r0sJgiUnFg3PqBaCP Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJTNtBZAAoJEKeha0olJ0NqUWAH/3ByEW+v61rookklYmKDRzZQ UbC6qKdgP9F+YpGiPkQR+IMGpcOoKUbYwGscSwCmNuBfklK46B3of8tBHYZZopzy gzVOnOLiPgj6s7m8gj6maCJRfqa+si5vPhxgWWY90IRnBA4TWGJWIe/bf7vsewGk /Eqk5mgiSyipKEW1y9MRYx5kQ+EEK53TyKSzhEmZI72ycSkRYnO7lbyKH9CGdHA+ 0YnfxLjbrEanwfKCQT/MqjN7JP/qD7EU1YVoiMhBwKcFgOTU2DUdRme4YaWpm9DE 8dxBRmWDvbi6PZQmOxgCZxEZl7Fzzwdw7Ez8E8M/H9QVCl9iVBFKp8R1frfWk6c= =9q9W -----END PGP SIGNATURE----- --conM8kuo810Wwc81r0sJgiUnFg3PqBaCP--