[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 28/97] virtio: update MemoryRegionCaches when guest
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 28/97] virtio: update MemoryRegionCaches when guest negotiates features |
Date: |
Mon, 1 Apr 2019 15:59:02 -0500 |
From: Paolo Bonzini <address@hidden>
Because the cache is sized to include the rings and the event indices,
negotiating the VIRTIO_RING_F_EVENT_IDX feature will result in the size
of the cache changing. And because MemoryRegionCache accesses are
range-checked, if we skip this we end up with an assertion failure.
This happens with OpenBSD 6.3.
Reported-by: Fam Zheng <address@hidden>
Fixes: 97cd965c070152bc626c7507df9fb356bbe1cd81
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
Tested-by: Fam Zheng <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit db812c4073c77c8a64db8d6663b3416a587c7b4a)
Signed-off-by: Michael Roth <address@hidden>
---
hw/virtio/virtio.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index d4e4d98b59..f6a588ab57 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2006,14 +2006,25 @@ static int virtio_set_features_nocheck(VirtIODevice
*vdev, uint64_t val)
int virtio_set_features(VirtIODevice *vdev, uint64_t val)
{
- /*
+ int ret;
+ /*
* The driver must not attempt to set features after feature negotiation
* has finished.
*/
if (vdev->status & VIRTIO_CONFIG_S_FEATURES_OK) {
return -EINVAL;
}
- return virtio_set_features_nocheck(vdev, val);
+ ret = virtio_set_features_nocheck(vdev, val);
+ if (!ret && virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
+ /* VIRTIO_RING_F_EVENT_IDX changes the size of the caches. */
+ int i;
+ for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
+ if (vdev->vq[i].vring.num != 0) {
+ virtio_init_region_cache(vdev, i);
+ }
+ }
+ }
+ return ret;
}
int virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
--
2.17.1
- [Qemu-devel] [PATCH 13/97] target/arm: Adjust FPCR_MASK for FZ16, (continued)
- [Qemu-devel] [PATCH 13/97] target/arm: Adjust FPCR_MASK for FZ16, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 12/97] spapr_cpu_core: vmstate_[un]register per-CPU data from (un)realizefn, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 11/97] target/arm: Add sve-max-vq cpu property to -cpu max, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 17/97] block/qapi: Fix memory leak in qmp_query_blockstats(), Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 16/97] target/arm: Use FZ not FZ16 for SVE FCVT single-half and double-half, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 19/97] qemu-img: fix regression copying secrets during convert, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 20/97] nvme: Fix nvme_init error handling, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 27/97] block: iotest to catch abort on forced blockjob cancel, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 24/97] vnc: fix memleak of the "vnc-worker-output" name, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 26/97] block: for jobs, do not clear user_paused until after the resume, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 28/97] virtio: update MemoryRegionCaches when guest negotiates features,
Michael Roth <=
- [Qemu-devel] [PATCH 31/97] slirp: Add sanity check for str option length, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 25/97] i386: Disable TOPOEXT by default on "-cpu host", Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 36/97] job: Fix nested aio_poll() hanging in job_txn_apply, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 18/97] mirror: Fail gracefully for source == target, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 37/97] target/xtensa: fix s32c1i TCGMemOp flags, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 38/97] nbd/server: fix bitmap export, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 39/97] clean up callback when del virtqueue, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 43/97] block/rbd: add deprecation documentation for filename keyvalue pairs, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 42/97] block/rbd: add iotest for rbd legacy keyvalue filename parsing, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 45/97] ne2000: fix possible out of bound access in ne2000_receive, Michael Roth, 2019/04/01