subprojects/libvduse/libvduse.c | 11 ++++++----- subprojects/libvhost-user/libvhost-user.c | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-)
Hello! I have found a problem with virtqueue_read_indirect_desc function, which was advancing pointer to struct as it was a byte pointer, so every element comming after first chunk would be copied somewhere out of buffer. As I understand this is cold path, but nevertheless worth fixing. Also, exacly same problem in vduse_queue_read_indirect_desc function, because as I understand it is a copy of virtqueue_read_indirect_desc with vduse backend. I was not sure if element of scattered buffer may end in the middle of vring_desc struct data, so instead of writing desc += read_len/sizeof(struct vring_desc) have implemented fix with proper byte pointer arithmetic. Sincerely, Temir. Temir Zharaspayev (2): libvhost-user: Fix pointer arithmetic in indirect read libvduse: Fix pointer arithmetic in indirect read subprojects/libvduse/libvduse.c | 11 ++++++----- subprojects/libvhost-user/libvhost-user.c | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) -- 2.34.1
Hello, I am very sorry for bothering community on a such minor problem again, but I got no response for a few weeks, so maybe I have started thread on a wrong mailing list, so I made an issue in gitlab issue tracker: https://gitlab.com/qemu-project/qemu/-/issues/2149 referencing this thread. Maybe, it would help attract proper eyes to such a simple problem, so no one bothers in trying to fix it, albeit it lives in the codebase for some time already and is being copied around. Sincerely, Temir. сб, 13 янв. 2024 г. в 04:28, Temir Zharaspayev <masscry@gmail.com>: > Hello! I have found a problem with virtqueue_read_indirect_desc function, > which > was advancing pointer to struct as it was a byte pointer, so every element > comming after first chunk would be copied somewhere out of buffer. > > As I understand this is cold path, but nevertheless worth fixing. > > Also, exacly same problem in vduse_queue_read_indirect_desc function, > because > as I understand it is a copy of virtqueue_read_indirect_desc with vduse > backend. > > I was not sure if element of scattered buffer may end in the middle of > vring_desc struct data, so instead of writing > desc += read_len/sizeof(struct vring_desc) > have implemented fix with proper byte pointer arithmetic. > > Sincerely, > Temir. > > Temir Zharaspayev (2): > libvhost-user: Fix pointer arithmetic in indirect read > libvduse: Fix pointer arithmetic in indirect read > > subprojects/libvduse/libvduse.c | 11 ++++++----- > subprojects/libvhost-user/libvhost-user.c | 11 ++++++----- > 2 files changed, 12 insertions(+), 10 deletions(-) > > -- > 2.34.1 > >
Adding Michael back to the CC, since he's the designated maintainer for libvhost-user/ Michael, could you give these patches a review since they've been pending for many months now. On Sun, Feb 04, 2024 at 12:41:31PM +0300, Тимур wrote: > Hello, I am very sorry for bothering community on a such minor problem > again, but I got no response for a few weeks, so maybe I have started > thread on a wrong mailing list, so I made an issue in gitlab issue tracker: > https://gitlab.com/qemu-project/qemu/-/issues/2149 referencing this thread. > > Maybe, it would help attract proper eyes to such a simple problem, so no > one bothers in trying to fix it, albeit it lives in the codebase for some > time already and is being copied around. > > Sincerely, > Temir. > > сб, 13 янв. 2024 г. в 04:28, Temir Zharaspayev <masscry@gmail.com>: > > > Hello! I have found a problem with virtqueue_read_indirect_desc function, > > which > > was advancing pointer to struct as it was a byte pointer, so every element > > comming after first chunk would be copied somewhere out of buffer. > > > > As I understand this is cold path, but nevertheless worth fixing. > > > > Also, exacly same problem in vduse_queue_read_indirect_desc function, > > because > > as I understand it is a copy of virtqueue_read_indirect_desc with vduse > > backend. > > > > I was not sure if element of scattered buffer may end in the middle of > > vring_desc struct data, so instead of writing > > desc += read_len/sizeof(struct vring_desc) > > have implemented fix with proper byte pointer arithmetic. > > > > Sincerely, > > Temir. > > > > Temir Zharaspayev (2): > > libvhost-user: Fix pointer arithmetic in indirect read > > libvduse: Fix pointer arithmetic in indirect read > > > > subprojects/libvduse/libvduse.c | 11 ++++++----- > > subprojects/libvhost-user/libvhost-user.c | 11 ++++++----- > > 2 files changed, 12 insertions(+), 10 deletions(-) > > > > -- > > 2.34.1 > > > > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Temir: yeah, this was our fault, apologies for not responding. Michael, David, Raphael -- looks like we unfortunately lost track of this patchset -- could one of you have a look and review it, please? thanks -- PMM On Sun, 4 Feb 2024 at 09:42, Тимур <masscry@gmail.com> wrote: > > Hello, I am very sorry for bothering community on a such minor problem again, but I got no response for a few weeks, so maybe I have started thread on a wrong mailing list, so I made an issue in gitlab issue tracker: https://gitlab.com/qemu-project/qemu/-/issues/2149 referencing this thread. > > Maybe, it would help attract proper eyes to such a simple problem, so no one bothers in trying to fix it, albeit it lives in the codebase for some time already and is being copied around. > > Sincerely, > Temir. > > сб, 13 янв. 2024 г. в 04:28, Temir Zharaspayev <masscry@gmail.com>: >> >> Hello! I have found a problem with virtqueue_read_indirect_desc function, which >> was advancing pointer to struct as it was a byte pointer, so every element >> comming after first chunk would be copied somewhere out of buffer. >> >> As I understand this is cold path, but nevertheless worth fixing. >> >> Also, exacly same problem in vduse_queue_read_indirect_desc function, because >> as I understand it is a copy of virtqueue_read_indirect_desc with vduse >> backend. >> >> I was not sure if element of scattered buffer may end in the middle of >> vring_desc struct data, so instead of writing >> desc += read_len/sizeof(struct vring_desc) >> have implemented fix with proper byte pointer arithmetic. >> >> Sincerely, >> Temir. >> >> Temir Zharaspayev (2): >> libvhost-user: Fix pointer arithmetic in indirect read >> libvduse: Fix pointer arithmetic in indirect read >> >> subprojects/libvduse/libvduse.c | 11 ++++++----- >> subprojects/libvhost-user/libvhost-user.c | 11 ++++++----- >> 2 files changed, 12 insertions(+), 10 deletions(-) >> >> -- >> 2.34.
© 2016 - 2024 Red Hat, Inc.