[PULL 4/7] hw/virtio: Fix packed virtqueue flush used_idx

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	Wafer <wafer@jaguarmicro.com>,
	"Eugenio Pérez" <eperezma@redhat.com>
Subject: [PULL 4/7] hw/virtio: Fix packed virtqueue flush used_idx
Date: Tue, 9 Apr 2024 03:32:24 -0400	[thread overview]
Message-ID: <2d9a31b3c27311eca1682cb2c076d7a300441960.1712647890.git.mst@redhat.com> (raw)
In-Reply-To: <cover.1712647890.git.mst@redhat.com>

From: Wafer <wafer@jaguarmicro.com>

In the event of writing many chains of descriptors, the device must
write just the id of the last buffer in the descriptor chain, skip
forward the number of descriptors in the chain, and then repeat the
operations for the rest of chains.

Current QEMU code writes all the buffer ids consecutively, and then
skips all the buffers altogether. This is a bug, and can be reproduced
with a VirtIONet device with _F_MRG_RXBUB and without
_F_INDIRECT_DESC:

If a virtio-net device has the VIRTIO_NET_F_MRG_RXBUF feature
but not the VIRTIO_RING_F_INDIRECT_DESC feature,
'VirtIONetQueue->rx_vq' will use the merge feature
to store data in multiple 'elems'.
The 'num_buffers' in the virtio header indicates how many elements are merged.
If the value of 'num_buffers' is greater than 1,
all the merged elements will be filled into the descriptor ring.
The 'idx' of the elements should be the value of 'vq->used_idx' plus 'ndescs'.

Fixes: 86044b24e8 ("virtio: basic packed virtqueue support")
Acked-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Wafer <wafer@jaguarmicro.com>
Message-Id: <20240407015451.5228-2-wafer@jaguarmicro.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/virtio/virtio.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index d229755eae..c5bedca848 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -957,12 +957,20 @@ static void virtqueue_packed_flush(VirtQueue *vq, unsigned int count)
         return;
     }

+    /*
+     * For indirect element's 'ndescs' is 1.
+     * For all other elemment's 'ndescs' is the
+     * number of descriptors chained by NEXT (as set in virtqueue_packed_pop).
+     * So When the 'elem' be filled into the descriptor ring,
+     * The 'idx' of this 'elem' shall be
+     * the value of 'vq->used_idx' plus the 'ndescs'.
+     */
+    ndescs += vq->used_elems[0].ndescs;
     for (i = 1; i < count; i++) {
-        virtqueue_packed_fill_desc(vq, &vq->used_elems[i], i, false);
+        virtqueue_packed_fill_desc(vq, &vq->used_elems[i], ndescs, false);
         ndescs += vq->used_elems[i].ndescs;
     }
     virtqueue_packed_fill_desc(vq, &vq->used_elems[0], 0, true);
-    ndescs += vq->used_elems[0].ndescs;

     vq->inuse -= ndescs;
     vq->used_idx += ndescs;
-- 
MST

next prev parent reply	other threads:[~2024-04-09  7:33 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-09  7:32 [PULL 0/7] virtio,pc,pci: bugfixes Michael S. Tsirkin
2024-04-09  7:32 ` [PULL 1/7] Revert "hw/virtio: Add support for VDPA network simulation devices" Michael S. Tsirkin
2024-04-09  7:32 ` [PULL 2/7] virtio-snd: Enhance error handling for invalid transfers Michael S. Tsirkin
2024-04-09  7:32 ` [PULL 3/7] virtio-snd: rewrite invalid tx/rx message handling Michael S. Tsirkin
2024-04-09  7:32 ` Michael S. Tsirkin [this message]
2024-04-09 17:40   ` [PULL 4/7] hw/virtio: Fix packed virtqueue flush used_idx Michael Tokarev
2024-04-10  5:31     ` Eugenio Perez Martin
2024-04-09  7:32 ` [PULL 5/7] vdpa-dev: Fix the issue of device status not updating when configuration interruption is triggered Michael S. Tsirkin
2024-04-09 17:43   ` Michael Tokarev
2024-04-09 18:06     ` Michael Tokarev
2024-04-09  7:32 ` [PULL 6/7] vhost-user-blk: simplify and fix vhost_user_blk_handle_config_change Michael S. Tsirkin
2024-04-09  7:32 ` [PULL 7/7] qdev-monitor: fix error message in find_device_state() Michael S. Tsirkin
2024-04-09 11:47 ` [PULL 0/7] virtio,pc,pci: bugfixes Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d229755ea dfblob:c5bedca84 )
 OR (
bs:"[PULL 4/7] hw/virtio: Fix packed virtqueue flush used_idx" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2d9a31b3c27311eca1682cb2c076d7a300441960.1712647890.git.mst@redhat.com \
    --to=mst@redhat.com \
    --cc=eperezma@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=wafer@jaguarmicro.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).