* [PATCH v3] virtio-iommu: Fix the partial copy of probe request
@ 2022-06-23 2:31 Zhenzhong Duan
2022-06-23 8:43 ` Jean-Philippe Brucker
2022-06-23 8:50 ` Eric Auger
0 siblings, 2 replies; 3+ messages in thread
From: Zhenzhong Duan @ 2022-06-23 2:31 UTC (permalink / raw)
To: qemu-devel; +Cc: eric.auger, mst, jean-philippe
The structure of probe request doesn't include the tail, this leads
to a few field missed to be copied. Currently this isn't an issue as
those missed field belong to reserved field, just in case reserved
field will be used in the future.
Changed 4th parameter of virtio_iommu_iov_to_req() to receive size
of device-readable part.
Fixes: 1733eebb9e75b ("virtio-iommu: Implement RESV_MEM probe request")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
v3: moved "- sizeof(struct virtio_iommu_req_tail)" to virtio_iommu_handle_req() per Jean
v2: keep bugfix change and drop cleanup change
hw/virtio/virtio-iommu.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
index 7c122ab95780..08b227e828f8 100644
--- a/hw/virtio/virtio-iommu.c
+++ b/hw/virtio/virtio-iommu.c
@@ -675,11 +675,10 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
static int virtio_iommu_iov_to_req(struct iovec *iov,
unsigned int iov_cnt,
- void *req, size_t req_sz)
+ void *req, size_t payload_sz)
{
- size_t sz, payload_sz = req_sz - sizeof(struct virtio_iommu_req_tail);
+ size_t sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
- sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
if (unlikely(sz != payload_sz)) {
return VIRTIO_IOMMU_S_INVAL;
}
@@ -692,7 +691,8 @@ static int virtio_iommu_handle_ ## __req(VirtIOIOMMU *s, \
unsigned int iov_cnt) \
{ \
struct virtio_iommu_req_ ## __req req; \
- int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); \
+ int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, \
+ sizeof(req) - sizeof(struct virtio_iommu_req_tail));\
\
return ret ? ret : virtio_iommu_ ## __req(s, &req); \
}
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3] virtio-iommu: Fix the partial copy of probe request
2022-06-23 2:31 [PATCH v3] virtio-iommu: Fix the partial copy of probe request Zhenzhong Duan
@ 2022-06-23 8:43 ` Jean-Philippe Brucker
2022-06-23 8:50 ` Eric Auger
1 sibling, 0 replies; 3+ messages in thread
From: Jean-Philippe Brucker @ 2022-06-23 8:43 UTC (permalink / raw)
To: Zhenzhong Duan; +Cc: qemu-devel, eric.auger, mst
On Thu, Jun 23, 2022 at 10:31:52AM +0800, Zhenzhong Duan wrote:
> The structure of probe request doesn't include the tail, this leads
> to a few field missed to be copied. Currently this isn't an issue as
> those missed field belong to reserved field, just in case reserved
> field will be used in the future.
>
> Changed 4th parameter of virtio_iommu_iov_to_req() to receive size
> of device-readable part.
>
> Fixes: 1733eebb9e75b ("virtio-iommu: Implement RESV_MEM probe request")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> ---
> v3: moved "- sizeof(struct virtio_iommu_req_tail)" to virtio_iommu_handle_req() per Jean
> v2: keep bugfix change and drop cleanup change
>
> hw/virtio/virtio-iommu.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
> index 7c122ab95780..08b227e828f8 100644
> --- a/hw/virtio/virtio-iommu.c
> +++ b/hw/virtio/virtio-iommu.c
> @@ -675,11 +675,10 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
>
> static int virtio_iommu_iov_to_req(struct iovec *iov,
> unsigned int iov_cnt,
> - void *req, size_t req_sz)
> + void *req, size_t payload_sz)
> {
> - size_t sz, payload_sz = req_sz - sizeof(struct virtio_iommu_req_tail);
> + size_t sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
>
> - sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
> if (unlikely(sz != payload_sz)) {
> return VIRTIO_IOMMU_S_INVAL;
> }
> @@ -692,7 +691,8 @@ static int virtio_iommu_handle_ ## __req(VirtIOIOMMU *s, \
> unsigned int iov_cnt) \
> { \
> struct virtio_iommu_req_ ## __req req; \
> - int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); \
> + int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, \
> + sizeof(req) - sizeof(struct virtio_iommu_req_tail));\
> \
> return ret ? ret : virtio_iommu_ ## __req(s, &req); \
> }
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v3] virtio-iommu: Fix the partial copy of probe request
2022-06-23 2:31 [PATCH v3] virtio-iommu: Fix the partial copy of probe request Zhenzhong Duan
2022-06-23 8:43 ` Jean-Philippe Brucker
@ 2022-06-23 8:50 ` Eric Auger
1 sibling, 0 replies; 3+ messages in thread
From: Eric Auger @ 2022-06-23 8:50 UTC (permalink / raw)
To: Zhenzhong Duan, qemu-devel; +Cc: mst, jean-philippe
Hi Duan,
On 6/23/22 04:31, Zhenzhong Duan wrote:
> The structure of probe request doesn't include the tail, this leads
> to a few field missed to be copied. Currently this isn't an issue as
> those missed field belong to reserved field, just in case reserved
> field will be used in the future.
>
> Changed 4th parameter of virtio_iommu_iov_to_req() to receive size
> of device-readable part.
>
> Fixes: 1733eebb9e75b ("virtio-iommu: Implement RESV_MEM probe request")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Eric
> ---
> v3: moved "- sizeof(struct virtio_iommu_req_tail)" to virtio_iommu_handle_req() per Jean
> v2: keep bugfix change and drop cleanup change
>
> hw/virtio/virtio-iommu.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
> index 7c122ab95780..08b227e828f8 100644
> --- a/hw/virtio/virtio-iommu.c
> +++ b/hw/virtio/virtio-iommu.c
> @@ -675,11 +675,10 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
>
> static int virtio_iommu_iov_to_req(struct iovec *iov,
> unsigned int iov_cnt,
> - void *req, size_t req_sz)
> + void *req, size_t payload_sz)
> {
> - size_t sz, payload_sz = req_sz - sizeof(struct virtio_iommu_req_tail);
> + size_t sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
>
> - sz = iov_to_buf(iov, iov_cnt, 0, req, payload_sz);
> if (unlikely(sz != payload_sz)) {
> return VIRTIO_IOMMU_S_INVAL;
> }
> @@ -692,7 +691,8 @@ static int virtio_iommu_handle_ ## __req(VirtIOIOMMU *s, \
> unsigned int iov_cnt) \
> { \
> struct virtio_iommu_req_ ## __req req; \
> - int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req)); \
> + int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, \
> + sizeof(req) - sizeof(struct virtio_iommu_req_tail));\
> \
> return ret ? ret : virtio_iommu_ ## __req(s, &req); \
> }
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-23 8:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-23 2:31 [PATCH v3] virtio-iommu: Fix the partial copy of probe request Zhenzhong Duan
2022-06-23 8:43 ` Jean-Philippe Brucker
2022-06-23 8:50 ` Eric Auger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).