From: Greg Kurz <groug@kaod.org>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
Greg Kurz <groug@kaod.org>
Subject: [Qemu-devel] [PULL 3/5] 9pfs: fix off-by-one error in PDU free list
Date: Wed, 25 Jan 2017 14:48:00 +0100 [thread overview]
Message-ID: <1485352082-16830-4-git-send-email-groug@kaod.org> (raw)
In-Reply-To: <1485352082-16830-1-git-send-email-groug@kaod.org>
The server can handle MAX_REQ - 1 PDUs at a time and the virtio-9p
device has a MAX_REQ sized virtqueue. If the client manages to fill
up the virtqueue, pdu_alloc() will fail and the request won't be
processed without any notice to the client (it actually causes the
linux 9p client to hang).
This has been there since the beginning (commit 9f10751365b2 "virtio-9p:
Add a virtio 9p device to qemu"), but it needs an agressive workload to
run in the guest to show up.
We actually allocate MAX_REQ PDUs and I see no reason not to link them
all into the free list, so let's fix the init loop.
Reported-by: Tuomas Tynkkynen <tuomas@tuxera.com>
Suggested-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 58310ca8d5a5..d2d028828294 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3454,7 +3454,7 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
/* initialize pdu allocator */
QLIST_INIT(&s->free_list);
QLIST_INIT(&s->active_list);
- for (i = 0; i < (MAX_REQ - 1); i++) {
+ for (i = 0; i < MAX_REQ; i++) {
QLIST_INSERT_HEAD(&s->free_list, &s->pdus[i], next);
s->pdus[i].s = s;
s->pdus[i].idx = i;
--
2.7.4
next prev parent reply other threads:[~2017-01-25 13:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-25 13:47 [Qemu-devel] [PULL 0/5] 9p patches 20170125 Greg Kurz
2017-01-25 13:47 ` [Qemu-devel] [PULL 1/5] 9pfs: add missing coroutine_fn annotations Greg Kurz
2017-01-25 13:47 ` [Qemu-devel] [PULL 2/5] tests: virtio-9p: improve error reporting Greg Kurz
2017-01-25 13:48 ` Greg Kurz [this message]
2017-01-25 13:48 ` [Qemu-devel] [PULL 4/5] 9pfs: local: trivial cosmetic fix in pwritev op Greg Kurz
2017-01-25 13:48 ` [Qemu-devel] [PULL 5/5] 9pfs: fix offset error in v9fs_xattr_read() Greg Kurz
2017-01-25 18:34 ` [Qemu-devel] [PULL 0/5] 9p patches 20170125 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485352082-16830-4-git-send-email-groug@kaod.org \
--to=groug@kaod.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).