[Qemu-devel] [PATCH] util: Relax assertion in iov_copy()

[Qemu-devel] [PATCH] util: Relax assertion in iov_copy()

[Shmulik Ladkani]

From: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>

In cases where iov_copy() is passed with zero 'bytes' argument and a
non-zero 'offset' argument, nothing gets copied - as expected.

However since no copy iterations are performed, 'offset' is left
unaltered, leading to the final assert(offset == 0) to fail.

Relax the assertion: if j (number of dst elements assigned) is zero, no
need to err.

Only if j!=0 (some dst elements assigned) AND offset!=0 we should err.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
---
 util/iov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Flow that led to the assertion was:
  net_tx_pkt_rebuild_payload()
    iov_copy(... , pkt->payload_len)

where pkt->payload_len was correctly calculated to be 0 (a packet
carrying just ipv4 header, without any payload).

An alternative is to place the below code, early in iov_copy():
    if (!bytes)
        return 0;

diff --git a/util/iov.c b/util/iov.c
index 003fcce..17de52d 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -260,7 +260,7 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt,
         bytes -= len;
         offset = 0;
     }
-    assert(offset == 0);
+    assert(j == 0 || offset == 0);
     return j;
 }
 
-- 
1.9.1

Re: [Qemu-devel] [PATCH] util: Relax assertion in iov_copy()

[Michael S. Tsirkin]

On Mon, Jul 25, 2016 at 02:43:35PM +0300, Shmulik Ladkani wrote:
> From: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
> 
> In cases where iov_copy() is passed with zero 'bytes' argument and a
> non-zero 'offset' argument, nothing gets copied - as expected.
> 
> However since no copy iterations are performed, 'offset' is left
> unaltered, leading to the final assert(offset == 0) to fail.
> 
> Relax the assertion: if j (number of dst elements assigned) is zero, no
> need to err.
> 
> Only if j!=0 (some dst elements assigned) AND offset!=0 we should err.
> 
> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

> ---
>  util/iov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Flow that led to the assertion was:
>   net_tx_pkt_rebuild_payload()
>     iov_copy(... , pkt->payload_len)
> 
> where pkt->payload_len was correctly calculated to be 0 (a packet
> carrying just ipv4 header, without any payload).
> 
> An alternative is to place the below code, early in iov_copy():
>     if (!bytes)
>         return 0;
> 
> diff --git a/util/iov.c b/util/iov.c
> index 003fcce..17de52d 100644
> --- a/util/iov.c
> +++ b/util/iov.c
> @@ -260,7 +260,7 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt,
>          bytes -= len;
>          offset = 0;
>      }
> -    assert(offset == 0);
> +    assert(j == 0 || offset == 0);
>      return j;
>  }
>  
> -- 
> 1.9.1
> 

Re: [Qemu-devel] [PATCH] util: Relax assertion in iov_copy()

[Paolo Bonzini]

On 25/07/2016 13:43, Shmulik Ladkani wrote:
> From: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
> 
> In cases where iov_copy() is passed with zero 'bytes' argument and a
> non-zero 'offset' argument, nothing gets copied - as expected.
> 
> However since no copy iterations are performed, 'offset' is left
> unaltered, leading to the final assert(offset == 0) to fail.
> 
> Relax the assertion: if j (number of dst elements assigned) is zero, no
> need to err.
> 
> Only if j!=0 (some dst elements assigned) AND offset!=0 we should err.

This is actually intended; the comment in qemu_iovec_concat_iov says why:

    assert(soffset == 0); /* offset beyond end of src */

so the pedantic fix could be (if I understand the issue correctly) to
check for "offset || bytes" in the for condition.  This is similar to
what the other functions do (e.g. iov_from_buf_full).  The performance
effect should practically be absent.

Paolo

> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
> ---
>  util/iov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Flow that led to the assertion was:
>   net_tx_pkt_rebuild_payload()
>     iov_copy(... , pkt->payload_len)
> 
> where pkt->payload_len was correctly calculated to be 0 (a packet
> carrying just ipv4 header, without any payload).
> 
> An alternative is to place the below code, early in iov_copy():
>     if (!bytes)
>         return 0;
> 
> diff --git a/util/iov.c b/util/iov.c
> index 003fcce..17de52d 100644
> --- a/util/iov.c
> +++ b/util/iov.c
> @@ -260,7 +260,7 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int dst_iov_cnt,
>          bytes -= len;
>          offset = 0;
>      }
> -    assert(offset == 0);
> +    assert(j == 0 || offset == 0);
>      return j;
>  }
>  
>