1. Patchew
  2. QEMU
  3. View series

[PATCH] virtio-iommu: Fix the partial copy of probe request

Zhenzhong Duan posted 1 patch 1 year, 11 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20220617034348.3162918-1-zhenzhong.duan@intel.com
Maintainers: Eric Auger <eric.auger@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>
There is a newer version of this series
hw/virtio/virtio-iommu.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
[PATCH] virtio-iommu: Fix the partial copy of probe request
Posted by Zhenzhong Duan 1 year, 11 months ago 
The structure of probe request doesn't include the tail, this lead to
a few field is missed to be copied. Currently this isn't an issue as
those missed field belong to reserved field, just in case reserved
field will be used in the future.

By this chance, also remove a few useless code.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 hw/virtio/virtio-iommu.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
index 7c122ab95780..bc96caf37c0c 100644
--- a/hw/virtio/virtio-iommu.c
+++ b/hw/virtio/virtio-iommu.c
@@ -656,19 +656,16 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
                               uint8_t *buf)
 {
     uint32_t ep_id = le32_to_cpu(req->endpoint);
-    size_t free = VIOMMU_PROBE_SIZE;
     ssize_t count;
 
     if (!virtio_iommu_mr(s, ep_id)) {
         return VIRTIO_IOMMU_S_NOENT;
     }
 
-    count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, free);
+    count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, VIOMMU_PROBE_SIZE);
     if (count < 0) {
         return VIRTIO_IOMMU_S_INVAL;
     }
-    buf += count;
-    free -= count;
 
     return VIRTIO_IOMMU_S_OK;
 }
@@ -708,7 +705,8 @@ static int virtio_iommu_handle_probe(VirtIOIOMMU *s,
                                      uint8_t *buf)
 {
     struct virtio_iommu_req_probe req;
-    int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req));
+    int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req,
+                    sizeof(req) + sizeof(struct virtio_iommu_req_tail));
 
     return ret ? ret : virtio_iommu_probe(s, &req, buf);
 }
-- 
2.25.1
Re: [PATCH] virtio-iommu: Fix the partial copy of probe request
Posted by Michael S. Tsirkin 1 year, 11 months ago 
On Fri, Jun 17, 2022 at 11:43:48AM +0800, Zhenzhong Duan wrote:
> The structure of probe request doesn't include the tail, this lead to
> a few field is missed to be copied. Currently this isn't an issue as
> those missed field belong to reserved field, just in case reserved
> field will be used in the future.
> 
> By this chance, also remove a few useless code.

I think this code is there to future proof in case more fields are
added. Please just post a bugfix patch. Also a Fixes tag can't hurt.
Probably

commit 5442b854eaf921588e24d5711640ab71e59cb1b8
Author: Eric Auger <eric.auger@redhat.com>
Date:   Fri Feb 14 14:27:37 2020 +0100

    virtio-iommu: Decode the command payload
    

Thanks!

> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
> ---
>  hw/virtio/virtio-iommu.c | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
> index 7c122ab95780..bc96caf37c0c 100644
> --- a/hw/virtio/virtio-iommu.c
> +++ b/hw/virtio/virtio-iommu.c
> @@ -656,19 +656,16 @@ static int virtio_iommu_probe(VirtIOIOMMU *s,
>                                uint8_t *buf)
>  {
>      uint32_t ep_id = le32_to_cpu(req->endpoint);
> -    size_t free = VIOMMU_PROBE_SIZE;
>      ssize_t count;
>  
>      if (!virtio_iommu_mr(s, ep_id)) {
>          return VIRTIO_IOMMU_S_NOENT;
>      }
>  
> -    count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, free);
> +    count = virtio_iommu_fill_resv_mem_prop(s, ep_id, buf, VIOMMU_PROBE_SIZE);
>      if (count < 0) {
>          return VIRTIO_IOMMU_S_INVAL;
>      }
> -    buf += count;
> -    free -= count;
>  
>      return VIRTIO_IOMMU_S_OK;
>  }
> @@ -708,7 +705,8 @@ static int virtio_iommu_handle_probe(VirtIOIOMMU *s,
>                                       uint8_t *buf)
>  {
>      struct virtio_iommu_req_probe req;
> -    int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req, sizeof(req));
> +    int ret = virtio_iommu_iov_to_req(iov, iov_cnt, &req,
> +                    sizeof(req) + sizeof(struct virtio_iommu_req_tail));
>  
>      return ret ? ret : virtio_iommu_probe(s, &req, buf);
>  }
> -- 
> 2.25.1
RE: [PATCH] virtio-iommu: Fix the partial copy of probe request
Posted by Duan, Zhenzhong 1 year, 11 months ago 

>-----Original Message-----
>From: Michael S. Tsirkin <mst@redhat.com>
>Sent: Friday, June 17, 2022 1:31 PM
>To: Duan, Zhenzhong <zhenzhong.duan@intel.com>
>Cc: qemu-devel@nongnu.org; eric.auger@redhat.com
>Subject: Re: [PATCH] virtio-iommu: Fix the partial copy of probe request
>
>On Fri, Jun 17, 2022 at 11:43:48AM +0800, Zhenzhong Duan wrote:
>> The structure of probe request doesn't include the tail, this lead to
>> a few field is missed to be copied. Currently this isn't an issue as
>> those missed field belong to reserved field, just in case reserved
>> field will be used in the future.
>>
>> By this chance, also remove a few useless code.
>
>I think this code is there to future proof in case more fields are added.
>Please just post a bugfix patch. Also a Fixes tag can't hurt.

Got it, will do.

Thanks
Zhenzhong

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.