qemu-block
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PULL 04/41] virtio: convert to use DMA api

From: Michael S. Tsirkin
Subject: Re: [Qemu-block] [PULL 04/41] virtio: convert to use DMA api
Date: Wed, 18 Jan 2017 21:10:36 +0200 
On Wed, Jan 18, 2017 at 12:59:03PM +0100, Paolo Bonzini wrote:
> 
> 
> On 10/01/2017 06:39, Michael S. Tsirkin wrote:
> > -void virtqueue_map(VirtQueueElement *elem)
> > +void virtqueue_map(VirtIODevice *vdev, VirtQueueElement *elem)
> >  {
> > -    virtqueue_map_iovec(elem->in_sg, elem->in_addr, &elem->in_num,
> > -                        VIRTQUEUE_MAX_SIZE, 1);
> > -    virtqueue_map_iovec(elem->out_sg, elem->out_addr, &elem->out_num,
> > -                        VIRTQUEUE_MAX_SIZE, 0);
> > +    virtqueue_map_iovec(vdev, elem->in_sg, elem->in_addr, &elem->in_num,
> > +                        MIN(ARRAY_SIZE(elem->in_sg), 
> > ARRAY_SIZE(elem->in_addr)),
> > +                        1);
> > +    virtqueue_map_iovec(vdev, elem->out_sg, elem->out_addr, &elem->out_num,
> > +                        MIN(ARRAY_SIZE(elem->out_sg),
> > +                        ARRAY_SIZE(elem->out_addr)),
> > +                        0);
> 
> Coverity reports that ARRAY_SIZE(elem->out_sg) (and all the others too)
> is wrong because elem->out_sg is a pointer.
> 
> However, the check is not in the right place and the max_size argument
> of virtqueue_map_iovec can be removed.  The check on in_num/out_num can
> be moved to qemu_get_virtqueue_element instead, before the call to
> virtqueue_alloc_element.
> 
> Thanks,
> 
> Paolo

I guess the effect of this bug is basically false-positive asserts, correct?

-- 
MST
reply via email to
[Prev in Thread] Current Thread [Next in Thread]