[PATCH v3 04/12] virtio_ring: Check used descriptors are chain heads

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, trini@konsulko.com, bmeng.cn@gmail.com,
	 Andrew Scull <ascull@google.com>
Subject: [PATCH v3 04/12] virtio_ring: Check used descriptors are chain heads
Date: Mon, 16 May 2022 10:41:32 +0000	[thread overview]
Message-ID: <20220516104140.1047229-5-ascull@google.com> (raw)
In-Reply-To: <20220516104140.1047229-1-ascull@google.com>

When the device returns used buffers, it should refer to the descriptor
that is the head of the descriptor chain for that buffer. Confirm this
to be the case by tracking the head of descriptor chains that have been
made available to the device.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 drivers/virtio/virtio_ring.c | 12 ++++++++++++
 include/virtio_ring.h        |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 73671d79da..f71bab7847 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -82,6 +82,9 @@ int virtqueue_add(struct virtqueue *vq, struct virtio_sg *sgs[],
 	/* Update free pointer */
 	vq->free_head = i;
 
+	/* Mark the descriptor as the head of a chain. */
+	vq->vring_desc_shadow[head].chain_head = true;
+
 	/*
 	 * Put entry in available array (but don't update avail->idx
 	 * until they do sync).
@@ -144,6 +147,9 @@ static void detach_buf(struct virtqueue *vq, unsigned int head)
 {
 	unsigned int i;
 
+	/* Unmark the descriptor as the head of a chain. */
+	vq->vring_desc_shadow[head].chain_head = false;
+
 	/* Put back on free list: unmap first-level descriptors and find end */
 	i = head;
 
@@ -194,6 +200,12 @@ void *virtqueue_get_buf(struct virtqueue *vq, unsigned int *len)
 		return NULL;
 	}
 
+	if (unlikely(!vq->vring_desc_shadow[i].chain_head)) {
+		printf("(%s.%d): id %u is not a head\n",
+		       vq->vdev->name, vq->index, i);
+		return NULL;
+	}
+
 	detach_buf(vq, i);
 	vq->last_used_idx++;
 	/*
diff --git a/include/virtio_ring.h b/include/virtio_ring.h
index 52cbe77c0a..c77c212cff 100644
--- a/include/virtio_ring.h
+++ b/include/virtio_ring.h
@@ -61,6 +61,8 @@ struct vring_desc_shadow {
 	u32 len;
 	u16 flags;
 	u16 next;
+	/* Metadata about the descriptor. */
+	bool chain_head;
 };
 
 struct vring_avail {
-- 
2.36.0.550.gb090851708-goog

next prev parent reply	other threads:[~2022-05-16 10:42 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-16 10:41 [PATCH v3 00/12] virtio: Harden and test vring Andrew Scull
2022-05-16 10:41 ` [PATCH v3 01/12] virtio_ring: Merge identical variables Andrew Scull
2022-06-08 17:25   ` Tom Rini
2022-05-16 10:41 ` [PATCH v3 02/12] virtio_ring: Add helper to attach vring descriptor Andrew Scull
2022-05-16 10:41 ` [PATCH v3 03/12] virtio_ring: Maintain a shadow copy of descriptors Andrew Scull
2022-05-16 10:41 ` Andrew Scull [this message]
2022-05-16 10:41 ` [PATCH v3 05/12] dm: test: virtio: Test the virtio ring Andrew Scull
2022-05-16 10:41 ` [PATCH v3 06/12] virtio: sandbox: Fix device features bitfield Andrew Scull
2022-05-16 10:41 ` [PATCH v3 07/12] test: dm: virtio: Test notify before del_vqs Andrew Scull
2022-05-16 10:41 ` [PATCH v3 08/12] test: dm: virtio: Split out virtio device tests Andrew Scull
2022-05-16 10:41 ` [PATCH v3 09/12] virtio: sandbox: Bind RNG rather than block device Andrew Scull
2022-05-16 10:41 ` [PATCH v3 10/12] test: dm: virtio: Test virtio device driver probing Andrew Scull
2022-05-16 10:41 ` [PATCH v3 11/12] virtio: rng: Check length before copying Andrew Scull
2022-05-16 10:41 ` [PATCH v3 12/12] test: dm: virtio_rng: Test virtio-rng with faked device Andrew Scull

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:73671d79d dfblob:f71bab784 dfblob:52cbe77c0 dfblob:c77c212cf )
 OR (
bs:"[PATCH v3 04/12] virtio_ring: Check used descriptors are chain heads" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220516104140.1047229-5-ascull@google.com \
    --to=ascull@google.com \
    --cc=bmeng.cn@gmail.com \
    --cc=sjg@chromium.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox