ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xen: fix quad word bufioreq handling 

We should not consume the second slot if it didn't get written yet.
Normal writers - i.e. Xen - would not update write_pointer between the
two writes, but the page may get fiddled with by the guest itself, and
we're better off avoiding to enter an infinite loop in that case.

Reported-by: yanghongke <yanghongke@huawei.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
This commit is contained in:
Jan Beulich 2016-11-25 03:05:57 -07:00 committed by Stefano Stabellini
parent 7875efb9f6
commit ff3b8b8f86
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xen-hvm.c
View File

@ -1021,6 +1021,9 @@ static int handle_buffered_iopage(XenIOState *state)
xen_rmb(); xen_rmb();
qw = (req.size == 8); qw = (req.size == 8);
if (qw) { if (qw) {
if (rdptr + 1 == wrptr) {
hw_error("Incomplete quad word buffered ioreq");
}
buf_req = &buf_page->buf_ioreq[(rdptr + 1) % buf_req = &buf_page->buf_ioreq[(rdptr + 1) %
IOREQ_BUFFER_SLOT_NUM]; IOREQ_BUFFER_SLOT_NUM];
req.data |= ((uint64_t)buf_req->data) << 32; req.data |= ((uint64_t)buf_req->data) << 32;