superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers
History
Yuan Yao ad8900dd8a virtio_ring: fix avail_wrap_counter in virtqueue_add_packed 
[ Upstream commit 1acfe2c122 ]

In current packed virtqueue implementation, the avail_wrap_counter won't
flip, in the case when the driver supplies a descriptor chain with a
length equals to the queue size; total_sg == vq->packed.vring.num.

Let’s assume the following situation:
vq->packed.vring.num=4
vq->packed.next_avail_idx: 1
vq->packed.avail_wrap_counter: 0

Then the driver adds a descriptor chain containing 4 descriptors.

We expect the following result with avail_wrap_counter flipped:
vq->packed.next_avail_idx: 1
vq->packed.avail_wrap_counter: 1

But, the current implementation gives the following result:
vq->packed.next_avail_idx: 1
vq->packed.avail_wrap_counter: 0

To reproduce the bug, you can set a packed queue size as small as
possible, so that the driver is more likely to provide a descriptor
chain with a length equal to the packed queue size. For example, in
qemu run following commands:
sudo qemu-system-x86_64 \
-enable-kvm \
-nographic \
-kernel "path/to/kernel_image" \
-m 1G \
-drive file="path/to/rootfs",if=none,id=disk \
-device virtio-blk,drive=disk \
-drive file="path/to/disk_image",if=none,id=rwdisk \
-device virtio-blk,drive=rwdisk,packed=on,queue-size=4,\
indirect_desc=off \
-append "console=ttyS0 root=/dev/vda rw init=/bin/bash"

Inside the VM, create a directory and mount the rwdisk device on it. The
rwdisk will hang and mount operation will not complete.

This commit fixes the wrap counter error by flipping the
packed.avail_wrap_counter, when start of descriptor chain equals to the
end of descriptor chain (head == i).

Fixes: 1ce9e6055f ("virtio_ring: introduce packed ring support")
Signed-off-by: Yuan Yao <yuanyaogoog@chromium.org>
Message-Id: <20230808051110.3492693-1-yuanyaogoog@chromium.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-13 09:42:59 +02:00
..
accessibility
acpi ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table 2023-09-13 09:42:29 +02:00
amba amba: bus: fix refcount leak 2023-09-13 09:42:56 +02:00
android binder: fix memory leak in binder_init() 2023-08-16 18:27:24 +02:00
ata ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer() 2023-09-13 09:42:23 +02:00
atm
auxdisplay
base drivers: base: Free devm resources when unregistering a device 2023-09-13 09:42:54 +02:00
bcma
block ublk: remove check IO_URING_F_SQE128 in ublk_ch_uring_cmd 2023-08-30 16:11:11 +02:00
bluetooth Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() 2023-09-13 09:42:34 +02:00
bus bus: ti-sysc: Fix cast to enum warning 2023-09-13 09:42:43 +02:00
cdrom
char ipmi:ssif: Fix a memory leak when scanning for an adapter 2023-09-13 09:42:44 +02:00
clk clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op 2023-09-13 09:42:47 +02:00
clocksource clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe 2023-07-19 16:20:59 +02:00
comedi
connector
counter
cpufreq cpufreq: Fix the race condition while updating the transition_task of policy 2023-09-13 09:42:59 +02:00
cpuidle powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT 2023-09-13 09:42:48 +02:00
crypto crypto: caam - fix unchecked return value error 2023-09-13 09:42:33 +02:00
cxl cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws() 2023-08-03 10:24:04 +02:00
dax dax/kmem: Pass valid argument to memory_group_register_static 2023-07-19 16:21:43 +02:00
dca
devfreq
dio
dma dmaengine: ste_dma40: Add missing IRQ check in d40_probe 2023-09-13 09:42:58 +02:00
dma-buf dma-buf/sw_sync: Avoid recursive lock during fence signal 2023-08-30 16:11:12 +02:00
edac EDAC/igen6: Fix the issue of no error events 2023-09-13 09:42:45 +02:00
eisa
extcon extcon: cht_wc: add POWER_SUPPLY dependency 2023-09-13 09:42:53 +02:00
firewire firewire: net: fix use after free in fwnet_finish_incoming_packet() 2023-08-23 17:52:24 +02:00
firmware firmware: cs_dsp: Fix new control name check 2023-09-13 09:42:44 +02:00
fpga
fsi fsi: aspeed: Reset master errors after CFAM reset 2023-09-13 09:42:54 +02:00
gnss
gpio gpio: sim: pass the GPIO device's software node to irq domain 2023-08-30 16:11:13 +02:00
gpu drm/radeon: Use RMW accessors for changing LNKCTL 2023-09-13 09:42:47 +02:00
greybus
hid HID: multitouch: Correct devm device reference for hidinput input_dev name 2023-09-13 09:42:57 +02:00
hsi
hte
hv Drivers: hv: vmbus: Don't dereference ACPI root object handle 2023-09-13 09:42:59 +02:00
hwmon hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() 2023-09-13 09:42:35 +02:00
hwspinlock
hwtracing coresight: trbe: Fix TRBE potential sleep in atomic context 2023-09-13 09:42:56 +02:00
i2c i2c: designware: Handle invalid SMBus block data response length value 2023-08-23 17:52:31 +02:00
i3c i3c: master: svc: fix cpu schedule in spin lock 2023-07-19 16:21:54 +02:00
idle
iio iio: accel: adxl313: Fix adxl313_i2c_id[] table 2023-09-13 09:42:52 +02:00
infiniband RDMA/efa: Fix wrong resources deallocation order 2023-09-13 09:42:57 +02:00
input Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN 2023-09-13 09:42:26 +02:00
interconnect interconnect: qcom: bcm-voter: Use enable_maks for keepalive voting 2023-09-13 09:42:56 +02:00
iommu iommu/vt-d: Fix to flush cache of PASID directory table 2023-09-13 09:42:54 +02:00
ipack
irqchip irqchip/loongson-eiointc: Fix return value checking of eiointc_index 2023-09-13 09:42:29 +02:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:27:26 +02:00
leds leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead 2023-09-13 09:42:58 +02:00
macintosh
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-07-19 16:22:03 +02:00
mcb
md md: raid0: account for split bio in iostat accounting 2023-09-13 09:42:44 +02:00
media media: i2c: rdacm21: Fix uninitialized value 2023-09-13 09:42:55 +02:00
memory memory: brcmstb_dpfe: fix testing array offset after use 2023-07-19 16:21:24 +02:00
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-07-19 16:21:08 +02:00
message
mfd mfd: pm8008: Fix module autoloading 2023-07-23 13:49:37 +02:00
misc accel/habanalabs: add pci health check during heartbeat 2023-08-23 17:52:21 +02:00
mmc mmc: au1xmmc: force non-modular build and remove symbol_get usage 2023-09-06 21:26:59 +01:00
most
mtd mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() 2023-09-13 09:42:58 +02:00
mux
net wifi: ath10k: Use RMW accessors for changing LNKCTL 2023-09-13 09:42:48 +02:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 11:12:36 +02:00
ntb NTB: ntb_tool: Add check for devm_kcalloc 2023-07-23 13:49:24 +02:00
nubus nubus: Partially revert proc_create_single_data() conversion 2023-07-05 18:27:37 +01:00
nvdimm nvdimm: Fix dereference after free in register_nvdimm_pmu() 2023-09-13 09:42:47 +02:00
nvme nvme-rdma: fix potential unbalanced freeze & unfreeze 2023-08-16 18:27:30 +02:00
nvmem nvmem: rmem: Use NVMEM_DEVID_AUTO 2023-07-19 16:21:57 +02:00
of of: unittest: Fix overlay type in apply/revert check 2023-09-13 09:42:44 +02:00
opp OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() 2023-09-13 09:42:28 +02:00
parisc
parport
pci PCI/ASPM: Use RMW accessors for changing LNKCTL 2023-09-13 09:42:46 +02:00
pcmcia pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() 2023-08-23 17:52:24 +02:00
peci
perf perf/imx_ddr: don't enable counter0 if none of 4 counters are used 2023-09-13 09:42:29 +02:00
phy phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write 2023-09-13 09:42:58 +02:00
pinctrl pinctrl: mcp23s08: check return value of devm_kasprintf() 2023-09-13 09:42:46 +02:00
platform platform/x86/amd/pmf: Fix a missing cleanup path 2023-09-13 09:42:57 +02:00
pnp
power power: supply: Fix logic checking if system is running from battery 2023-06-21 16:00:52 +02:00
powercap powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 2023-07-19 16:21:00 +02:00
pps
ps3
ptp
pwm pwm: meson: fix handling of period/duty if greater than UINT_MAX 2023-07-23 13:49:46 +02:00
rapidio
ras
regulator regulator: tps65219: Fix matching interrupts for their regulators 2023-07-19 16:22:14 +02:00
remoteproc
reset
rpmsg rpmsg: glink: Add check for kstrdup 2023-09-13 09:42:58 +02:00
rtc rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff 2023-09-06 21:27:00 +01:00
s390 s390/pkey: fix PKEY_TYPE_EP11_AES handling for sysfs attributes 2023-09-13 09:42:29 +02:00
sbus
scsi scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock 2023-09-13 09:42:56 +02:00
sh
siox
slimbus
soc soc: qcom: smem: Fix incompatible types in comparison 2023-09-13 09:42:42 +02:00
soundwire soundwire: fix enumeration completion 2023-08-03 10:24:15 +02:00
spi spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() 2023-09-13 09:42:31 +02:00
spmi
ssb
staging media: rkvdec: increase max supported height for H.264 2023-09-13 09:42:50 +02:00
target scsi: target: iscsi: Prevent login threads from racing between each other 2023-06-28 11:12:35 +02:00
tc
tee tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta' 2023-06-14 11:15:28 +02:00
thermal thermal/of: Fix potential uninitialized value access 2023-09-13 09:42:29 +02:00
thunderbolt thunderbolt: Fix a backport error for display flickering issue 2023-09-02 09:16:20 +02:00
tty serial: tegra: handle clk prepare error in tegra_uart_hw_init() 2023-09-13 09:42:56 +02:00
ufs scsi: ufs: Try harder to change the power mode 2023-09-13 09:42:20 +02:00
uio
usb USB: gadget: f_mass_storage: Fix unused variable warning 2023-09-13 09:42:54 +02:00
vdpa vdpa: Enable strict validation for netlinks ops 2023-08-23 17:52:31 +02:00
vfio vfio/type1: fix cap_migration information leak 2023-09-13 09:42:47 +02:00
vhost vhost_net: revert upend_idx only on retriable error 2023-06-28 11:12:40 +02:00
video video/aperture: Move vga handling to pci function 2023-08-30 16:10:58 +02:00
virt virt: sevguest: Add CONFIG_CRYPTO dependency 2023-07-19 16:20:55 +02:00
virtio virtio_ring: fix avail_wrap_counter in virtqueue_add_packed 2023-09-13 09:42:59 +02:00
vlynq
w1 w1: fix loop in w1_fini() 2023-07-19 16:21:48 +02:00
watchdog watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) 2023-08-23 17:52:25 +02:00
xen xen: speed up grant-table reclaim 2023-08-03 10:24:14 +02:00
zorro
Kconfig
Makefile