On 10/07/2024 10:52, Ilias Stamatis wrote:
The following calculation used in coalesced_mmio_has_room() to check
whether the ring buffer is full is wrong and only allows half the buffer
to be used.
avail = (ring->first - last - 1) % KVM_COALESCED_MMIO_MAX;
if (avail == 0)
/* full */
The % operator in C is not the modulo operator but the remainder
operator. Modulo and remainder operators differ with respect to negative
values. But all values are unsigned in this case anyway.
The above might have worked as expected in python for example:
(-86) % 170
84
However it doesn't work the same way in C.
printf("avail: %d\n", (-86) % 170);
printf("avail: %u\n", (-86) % 170);
printf("avail: %u\n", (-86u) % 170u);
Using gcc-11 these print:
avail: -86
avail: 4294967210
avail: 0
Fix the calculation and allow all but one entries in the buffer to be
used as originally intended.
Fixes: 105f8d40a737 ("KVM: Calculate available entries in coalesced mmio ring")
Signed-off-by: Ilias Stamatis <ilstam@xxxxxxxxxx>
---
virt/kvm/coalesced_mmio.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
Reviewed-by: Paul Durrant <paul@xxxxxxx>
