Re: [Qemu-devel] [PATCH v2] virtio dataplane: adapt dataplane for virtio Version 1

[Stefan Hajnoczi]

On Wed, Aug 26, 2015 at 03:24:42PM +0200, Pierre Morel wrote:
> diff --git a/hw/virtio/dataplane/vring.c b/hw/virtio/dataplane/vring.c
> index 07fd69c..ad86be5 100644
> --- a/hw/virtio/dataplane/vring.c
> +++ b/hw/virtio/dataplane/vring.c
> @@ -65,24 +65,34 @@ static void vring_unmap(void *buffer, bool is_write)
>  }
>  
>  /* Map the guest's vring to host memory */
> +
> +#define MAP_VRING_DESCRIPTOR(d) {                                       \
> +        hwaddr addr;                                                    \
> +        hwaddr size;                                                    \
> +        void *ptr;                                                      \
> +                                                                        \
> +        addr = virtio_queue_get_##d##_addr(vdev, n);                    \
> +        size = virtio_queue_get_##d## _size(vdev, n);                   \
> +        ptr = vring_map(&vring->mr_##d, addr, size, true);              \
> +        if (!ptr) {                                                     \
> +            error_report("Failed to map vring "#d" "                    \
> +                         "addr %#" HWADDR_PRIx " size %" HWADDR_PRIu,   \
> +                         addr, size);                                   \
> +            goto out_err_##d;                                           \
> +        }                                                               \
> +        vr->d = ptr;                                                    \
> +    }

Not a fan of the macro, IMO it just obfuscates the code.

Also, normally do ... while (0) is used for statement-like macros to
keep it a single statement instead of a compound statement (where the
trailing semicolon would break if, while, etc).

> +
>  bool vring_setup(Vring *vring, VirtIODevice *vdev, int n)
>  {
> -    hwaddr vring_addr = virtio_queue_get_ring_addr(vdev, n);
> -    hwaddr vring_size = virtio_queue_get_ring_size(vdev, n);
> -    void *vring_ptr;
> +    struct vring *vr = &vring->vr;
>  
>      vring->broken = false;
> +    vr->num = virtio_queue_get_num(vdev, n);
>  
> -    vring_ptr = vring_map(&vring->mr, vring_addr, vring_size, true);
> -    if (!vring_ptr) {
> -        error_report("Failed to map vring "
> -                     "addr %#" HWADDR_PRIx " size %" HWADDR_PRIu,
> -                     vring_addr, vring_size);
> -        vring->broken = true;
> -        return false;
> -    }
> -
> -    vring_init(&vring->vr, virtio_queue_get_num(vdev, n), vring_ptr, 4096);
> +    MAP_VRING_DESCRIPTOR(desc);
> +    MAP_VRING_DESCRIPTOR(avail);
> +    MAP_VRING_DESCRIPTOR(used);

This doesn't take VIRTIO_RING_F_EVENT_IDX into account, where we access
beyond the end of the rings.  Please check that code path and map the
memory.