From: Stefan Hajnoczi <stefanha@gmail.com>
To: yinyin <yin.yin@cs2c.com.cn>
Cc: Amit Shah <amit.shah@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes
Date: Mon, 19 Aug 2013 16:30:54 +0200 [thread overview]
Message-ID: <20130819143054.GA9866@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <2952D48C-BC95-446D-92E8-04DE2BC3B873@cs2c.com.cn>
On Mon, Aug 19, 2013 at 05:28:44PM +0800, yinyin wrote:
> Hi,all:
> in func virtqueue_get_avail_bytes, when found a indirect desc, we need loop over it.
> /* loop over the indirect descriptor table */
> indirect = 1;
> max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
> num_bufs = i = 0;
> desc_pa = vring_desc_addr(desc_pa, i);
> But, It init i to 0, then use i to update desc_pa. so we will always get :
> desc_pa = vring_desc_addr(desc_pa, 0);
> is it right?or should we update desc_pa first, then init i to 0?
Is there a way to trigger a crash or erorr from a normal running guest?
Affected devices: serial, rng, and net - they call
virtqueue_get_avail_bytes() directly or indirectly.
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 09f62c6..554ae6f 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -377,8 +377,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
> /* loop over the indirect descriptor table */
> indirect = 1;
> max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
> - num_bufs = i = 0;
> desc_pa = vring_desc_addr(desc_pa, i);
> + num_bufs = i = 0;
I agree, this looks wrong. git-blame(1) doesn't reveal anything
interesting. Looks like this bug has been around since 2009!
Please resend your patch according to the guidelines here:
http://qemu-project.org/Contribute/SubmitAPatch
In particular, please include a Signed-off-by: Your Name <your@email.org> line.
Stefan
next prev parent reply other threads:[~2013-08-19 14:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-19 9:28 [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes yinyin
2013-08-19 14:30 ` Stefan Hajnoczi [this message]
2013-08-22 6:47 ` [Qemu-devel] [PATCH]virtio: virtqueue_get_avail_bytes: fix desc_pa when loop over the indirect descriptor table yinyin
2013-08-22 11:59 ` Stefan Hajnoczi
2013-08-25 9:51 ` Michael S. Tsirkin
2013-09-03 11:10 ` [Qemu-devel] [qemu-devel]question on virtqueue_get_avail_bytes Amit Shah
2013-09-03 11:15 ` Michael S. Tsirkin
2013-09-04 12:18 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130819143054.GA9866@stefanha-thinkpad.redhat.com \
--to=stefanha@gmail.com \
--cc=amit.shah@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=yin.yin@cs2c.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).