[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 4/4] virtio-net: do not leak cpu mappings

To: <qemu-devel@xxxxxxxxxx>
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Tue, 25 Nov 2014 14:43:23 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, wency@xxxxxxxxxxxxxx, mst@xxxxxxxxxx, jasowang@xxxxxxxxxx, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, pbonzini@xxxxxxxxxx
Delivery-date: Tue, 25 Nov 2014 14:43:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

In virtio_net_handle_ctrl unmap the previously mapped out_sg, not a
subset of it.

This patch fixes an abort() when running on Xen.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
CC: jasowang@xxxxxxxxxx
CC: wency@xxxxxxxxxxxxxx
CC: mst@xxxxxxxxxx
CC: pbonzini@xxxxxxxxxx
---
 hw/net/virtio-net.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 5035313..c9b82f3 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -773,6 +773,7 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, 
VirtQueue *vq)
     VirtQueueElement elem;
     size_t s;
     struct iovec *iov;
+    struct iovec iov_copy[VIRTQUEUE_MAX_SIZE];
     unsigned int iov_cnt;
 
     while (virtqueue_pop(vq, &elem)) {
@@ -782,6 +783,7 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, 
VirtQueue *vq)
             exit(1);
         }
 
+        memcpy(iov_copy, elem.out_sg, elem.out_num*sizeof(struct iovec));
         iov = elem.out_sg;
         iov_cnt = elem.out_num;
         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
@@ -804,7 +806,7 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, 
VirtQueue *vq)
         assert(s == sizeof(status));
 
         virtqueue_unmap_sg(elem.in_sg, elem.in_num, 1, sizeof(status));
-        virtqueue_unmap_sg(elem.out_sg, elem.out_num, 0, UINT_MAX);
+        virtqueue_unmap_sg(iov_copy, elem.out_num, 0, UINT_MAX);
         virtqueue_fill(vq, &elem, sizeof(status), 0);
         virtqueue_flush(vq, 1);
         virtio_notify(vdev, vq);
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 0/4] virtio-net: do not leak cpu mappings
  - From: Stefano Stabellini

Prev by Date: [Xen-devel] [PATCH 2/4] use virtqueue_unmap_sg in virtqueue_fill
Next by Date: Re: [Xen-devel] [v2 2/4] Qemu-Xen-vTPM: Register Xen stubdom vTPM frontend driver
Previous by thread: [Xen-devel] [PATCH 2/4] use virtqueue_unmap_sg in virtqueue_fill
Next by thread: [Xen-devel] [PATCH 3/4] move virtqueue_unmap_sg calls from virtqueue_fill to virtqueue_push
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.