On Mon, Oct 19, 2009 at 01:04:20PM +1030, Rusty Russell wrote:
> On Mon, 5 Oct 2009 01:07:34 am Michael S. Tsirkin wrote:
> > Hi!
> > I note that chaining INDIRECT descriptors with NEXT
> > currently is broken in lguest, because current
> > ring index gets overwritten.
>
> I agree this should be fixed, but not quite sure what you're referring to.
>
> I could force indirect and reproduce it, but I figure asking you for details
> would be more efficient :)
>
> Thanks!
> Rusty.
I refer to this code in lguest:
/*
* If this is an indirect entry, then this buffer contains a descriptor
* table which we handle as if it's any normal descriptor chain.
*/
if (desc[i].flags & VRING_DESC_F_INDIRECT) {
if (desc[i].len % sizeof(struct vring_desc))
errx(1, "Invalid size for indirect buffer table");
max = desc[i].len / sizeof(struct vring_desc);
desc = check_pointer(desc[i].addr, desc[i].len);
i = 0;
}
do {
/* Grab the first descriptor, and check it's OK. */
iov[*out_num + *in_num].iov_len = desc[i].len;
iov[*out_num + *in_num].iov_base
= check_pointer(desc[i].addr, desc[i].len);
/* If this is an input descriptor, increment that count. */
if (desc[i].flags & VRING_DESC_F_WRITE)
(*in_num)++;
else {
/*
* If it's an output descriptor, they're all supposed
* to come before any input descriptors.
*/
if (*in_num)
errx(1, "Descriptor has out after in");
(*out_num)++;
}
/* If we've got too many, that implies a descriptor loop. */
if (*out_num + *in_num > max)
errx(1, "Looped descriptor");
} while ((i = next_desc(desc, i, max)) != max);
Imagine an indirect entry where NEXT bit is also set.
This would be useful for when we can't fit a descriptor
in a single indirect entry. This won't work now because
we set 'i = 0' above. A solution would be to move handling
indirect entry out to a separate function.
--
MST
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/virtualization
