Commit 808a2b05 authored by Dariusz Stojaczyk's avatar Dariusz Stojaczyk Committed by Jim Harris
Browse files

vhost: fix overflow of avail entries count 



Virtio 1.0 says that the effective capacity of vrings
is equal to the virtqueue size. When avail ring was full,
we detected it as empty.

Change-Id: I72f5d45cdc14db6b934ce7780e603a3de3131594
Signed-off-by: default avatarDariusz Stojaczyk <dariuszx.stojaczyk@intel.com>
Reviewed-on: https://review.gerrithub.io/396804


Tested-by: default avatarSPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: default avatarPawel Wodkowski <pawelx.wodkowski@intel.com>
Reviewed-by: default avatarDaniel Verkamp <daniel.verkamp@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
parent a78c8963

lib/vhost/vhost.c

+10 −2
Original line number Diff line number Diff line
@@ -102,13 +102,21 @@ spdk_vhost_vq_avail_ring_get(struct spdk_vhost_virtqueue *virtqueue, uint16_t *r 
	struct vring_avail *avail = vring->avail;

	uint16_t size_mask = vring->size - 1;

	uint16_t last_idx = vring->last_avail_idx, avail_idx = avail->idx;

	uint16_t count = RTE_MIN((avail_idx - last_idx) & size_mask, reqs_len);

	uint16_t i;

	uint16_t count, i;



	count = avail_idx - last_idx;

	if (spdk_likely(count == 0)) {

		return 0;

	}



	if (spdk_unlikely(count > vring->size)) {

		/* TODO: the queue is unrecoverably broken and should be marked so.

		 * For now we will fail silently and report there are no new avail entries.

		 */

		return 0;

	}



	count = spdk_min(count, reqs_len);

	vring->last_avail_idx += count;

	for (i = 0; i < count; i++) {

		reqs[i] = vring->avail->ring[(last_idx + i) & size_mask];