ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/virtio
History
Hawkins Jiawei 6f4dc62715 vhost: fix possible wrap in SVQ descriptor ring 
QEMU invokes vhost_svq_add() when adding a guest's element
into SVQ. In vhost_svq_add(), it uses vhost_svq_available_slots()
to check whether QEMU can add the element into SVQ. If there is
enough space, then QEMU combines some out descriptors and some
in descriptors into one descriptor chain, and adds it into
`svq->vring.desc` by vhost_svq_vring_write_descs().

Yet the problem is that, `svq->shadow_avail_idx - svq->shadow_used_idx`
in vhost_svq_available_slots() returns the number of occupied elements,
or the number of descriptor chains, instead of the number of occupied
descriptors, which may cause wrapping in SVQ descriptor ring.

Here is an example. In vhost_handle_guest_kick(), QEMU forwards
as many available buffers to device by virtqueue_pop() and
vhost_svq_add_element(). virtqueue_pop() returns a guest's element,
and then this element is added into SVQ by vhost_svq_add_element(),
a wrapper to vhost_svq_add(). If QEMU invokes virtqueue_pop() and
vhost_svq_add_element() `svq->vring.num` times,
vhost_svq_available_slots() thinks QEMU just ran out of slots and
everything should work fine. But in fact, virtqueue_pop() returns
`svq->vring.num` elements or descriptor chains, more than
`svq->vring.num` descriptors due to guest memory fragmentation,
and this causes wrapping in SVQ descriptor ring.

This bug is valid even before marking the descriptors used.
If the guest memory is fragmented, SVQ must add chains
so it can try to add more descriptors than possible.

This patch solves it by adding `num_free` field in
VhostShadowVirtqueue structure and updating this field
in vhost_svq_add() and vhost_svq_get_buf(), to record
the number of free descriptors.

Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Acked-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230509084817.3973-1-yin31149@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Lei Yang <leiyang@redhat.com>
(cherry picked from commit 5d410557de)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 		2023-05-19 23:23:50 +03:00
..
Kconfig hw/virtio: add boilerplate for vhost-user-gpio device 2022-10-07 09:41:51 -04:00
meson.build qmp: add QMP command x-query-virtio 2022-10-09 16:38:45 -04:00
trace-events vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-backend.c vhost: add method vhost_set_vring_err 2022-06-27 18:53:18 -04:00
vhost-iova-tree.c util: accept iova_tree_remove_parameter by value 2022-09-02 10:22:39 +08:00
vhost-iova-tree.h util: accept iova_tree_remove_parameter by value 2022-09-02 10:22:39 +08:00
vhost-scsi-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-shadow-virtqueue.c vhost: fix possible wrap in SVQ descriptor ring 2023-05-19 23:23:50 +03:00
vhost-shadow-virtqueue.h vhost: fix possible wrap in SVQ descriptor ring 2023-05-19 23:23:50 +03:00
vhost-stub.c vhost-user: simplify vhost_user_init/vhost_user_cleanup 2019-03-12 21:22:31 -04:00
vhost-user-blk-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-fs-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-fs.c vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
vhost-user-gpio-pci.c hw/virtio: add vhost-user-gpio-pci boilerplate 2022-10-07 09:41:51 -04:00
vhost-user-gpio.c vhost-user-gpio: Configure vhost_dev when connecting 2023-03-29 10:20:04 +03:00
vhost-user-i2c-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-i2c.c vhost-user-i2c: Back up vqs before cleaning up vhost_dev 2023-03-29 10:20:04 +03:00
vhost-user-input-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-rng-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-rng.c vhost-user-rng: Back up vqs before cleaning up vhost_dev 2023-03-29 10:20:04 +03:00
vhost-user-scsi-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-vsock-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-vsock.c hw/virtio: introduce virtio_device_should_start 2022-11-07 14:08:18 -05:00
vhost-user.c Revert "vhost-user: Introduce nested event loop in vhost_user_read()" 2023-05-18 21:09:59 +03:00
vhost-vdpa.c vdpa: stop all svq on device deletion 2023-03-29 10:20:04 +03:00
vhost-vsock-common.c vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
vhost-vsock-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-vsock.c hw/virtio: introduce virtio_device_should_start 2022-11-07 14:08:18 -05:00
vhost.c vhost: fix vq dirty bitmap syncing when vIOMMU is enabled 2023-03-29 10:20:04 +03:00
virtio-9p-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-balloon-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-balloon.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
virtio-blk-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-bus.c virtio: stop ioeventfd on reset 2022-06-14 16:50:30 +02:00
virtio-crypto-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-crypto.c virtio-crypto: Support asynchronous mode 2022-11-02 06:56:32 -04:00
virtio-input-host-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-input-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-iommu-pci.c hw/virtio/virtio-iommu-pci: Enforce the device is plugged on the root bus 2022-11-07 13:12:19 -05:00
virtio-iommu.c hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAP 2022-07-26 15:33:29 -04:00
virtio-mem-pci.c pci-ids: drop PCI_DEVICE_ID_VIRTIO_MEM 2022-10-12 12:01:11 +02:00
virtio-mem-pci.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-mem.c virtio-mem: Fix the iterator variable in a vmem->rdl_list loop 2023-03-29 10:20:04 +03:00
virtio-mmio.c virtio-mmio: cleanup reset 2022-06-14 16:50:30 +02:00
virtio-net-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-pci.c msix: Assert that specified vector is in range 2022-11-07 14:08:17 -05:00
virtio-pmem-pci.c pci-ids: drop PCI_DEVICE_ID_VIRTIO_PMEM 2022-10-12 12:01:11 +02:00
virtio-pmem-pci.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-pmem.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
virtio-rng-pci.c virtio-rng-pci: Allow setting nvectors, so we can use MSI-X 2022-11-07 13:12:20 -05:00
virtio-rng.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
virtio-scsi-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-serial-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-stub.c qmp: add QMP command x-query-virtio-queue-element 2022-10-09 16:38:45 -04:00
virtio.c virtio: fix reachable assertion due to stale value of cached region size 2023-05-18 21:09:59 +03:00