[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.3 84/87] hw/virtio: Fix packed virtqueue flush used_idx
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.3 84/87] hw/virtio: Fix packed virtqueue flush used_idx |
Date: |
Wed, 10 Apr 2024 10:22:57 +0300 |
From: Wafer <wafer@jaguarmicro.com>
In the event of writing many chains of descriptors, the device must
write just the id of the last buffer in the descriptor chain, skip
forward the number of descriptors in the chain, and then repeat the
operations for the rest of chains.
Current QEMU code writes all the buffer ids consecutively, and then
skips all the buffers altogether. This is a bug, and can be reproduced
with a VirtIONet device with _F_MRG_RXBUB and without
_F_INDIRECT_DESC:
If a virtio-net device has the VIRTIO_NET_F_MRG_RXBUF feature
but not the VIRTIO_RING_F_INDIRECT_DESC feature,
'VirtIONetQueue->rx_vq' will use the merge feature
to store data in multiple 'elems'.
The 'num_buffers' in the virtio header indicates how many elements are merged.
If the value of 'num_buffers' is greater than 1,
all the merged elements will be filled into the descriptor ring.
The 'idx' of the elements should be the value of 'vq->used_idx' plus 'ndescs'.
Fixes: 86044b24e8 ("virtio: basic packed virtqueue support")
Acked-by: Eugenio PĂ©rez <eperezma@redhat.com>
Signed-off-by: Wafer <wafer@jaguarmicro.com>
Message-Id: <20240407015451.5228-2-wafer@jaguarmicro.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 2d9a31b3c27311eca1682cb2c076d7a300441960)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 356d690cc9..aa02c4937c 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -957,12 +957,20 @@ static void virtqueue_packed_flush(VirtQueue *vq,
unsigned int count)
return;
}
+ /*
+ * For indirect element's 'ndescs' is 1.
+ * For all other elemment's 'ndescs' is the
+ * number of descriptors chained by NEXT (as set in virtqueue_packed_pop).
+ * So When the 'elem' be filled into the descriptor ring,
+ * The 'idx' of this 'elem' shall be
+ * the value of 'vq->used_idx' plus the 'ndescs'.
+ */
+ ndescs += vq->used_elems[0].ndescs;
for (i = 1; i < count; i++) {
- virtqueue_packed_fill_desc(vq, &vq->used_elems[i], i, false);
+ virtqueue_packed_fill_desc(vq, &vq->used_elems[i], ndescs, false);
ndescs += vq->used_elems[i].ndescs;
}
virtqueue_packed_fill_desc(vq, &vq->used_elems[0], 0, true);
- ndescs += vq->used_elems[0].ndescs;
vq->inuse -= ndescs;
vq->used_idx += ndescs;
--
2.39.2
- [Stable-8.2.3 73/87] hw/net/net_tx_pkt: Fix virtio header without checksum offloading, (continued)
- [Stable-8.2.3 73/87] hw/net/net_tx_pkt: Fix virtio header without checksum offloading, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 74/87] tcg/optimize: Fix sign_mask for logical right-shift, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 78/87] hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 75/87] target/hppa: Clear psw_n for BE on use_nullify_skip path, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 77/87] gitlab-ci/cirrus: switch from 'master' to 'latest', Michael Tokarev, 2024/04/10
- [Stable-8.2.3 76/87] migration/postcopy: Ensure postcopy_start() sets errp if it fails, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 79/87] target/arm: take HSTR traps of cp15 accesses to EL2, not EL1, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 80/87] hw/net/virtio-net: fix qemu set used ring flag even vhost started, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 81/87] block/virtio-blk: Fix memory leak from virtio_blk_zone_report, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 82/87] migration/postcopy: ensure preempt channel is ready before loading states, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 84/87] hw/virtio: Fix packed virtqueue flush used_idx,
Michael Tokarev <=
- [Stable-8.2.3 85/87] vdpa-dev: Fix the issue of device status not updating when configuration interruption is triggered, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 86/87] virtio-snd: Enhance error handling for invalid transfers, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 83/87] target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 87/87] virtio-snd: rewrite invalid tx/rx message handling, Michael Tokarev, 2024/04/10
- Re: [Stable-8.2.3 00/87] Patch Round-up for stable 8.2.3, freeze on 2024-04-20, Cole Robinson, 2024/04/16