| Message ID | 1426748752-13385-2-git-send-email-jasowang@redhat.com |
|---|---|
| State | New |
| Headers | show |
On Thu, Mar 19, 2015 at 03:05:52PM +0800, Jason Wang wrote: > Virtqueue were indexed from zero, so don't delete virtqueue whose > index is n->max_queues * 2 + 1. But what's the current behaviour? Can it lead to aborts? virtio_del_queue does: if (n < 0 || n >= VIRTIO_PCI_QUEUE_MAX) { abort(); } > Cc: Michael S. Tsirkin <mst@redhat.com> > Cc: qemu-stable <qemu-stable@nongnu.org> > Signed-off-by: Jason Wang <jasowang@redhat.com> > --- > hw/net/virtio-net.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c > index 59f76bc..b6fac9c 100644 > --- a/hw/net/virtio-net.c > +++ b/hw/net/virtio-net.c > @@ -1309,7 +1309,7 @@ static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue) > > n->multiqueue = multiqueue; > > - for (i = 2; i <= n->max_queues * 2 + 1; i++) { > + for (i = 2; i < n->max_queues * 2 + 1; i++) { > virtio_del_queue(vdev, i); > } > > -- > 2.1.0
On Thu, Mar 19, 2015 at 6:12 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Thu, Mar 19, 2015 at 03:05:52PM +0800, Jason Wang wrote: >> Virtqueue were indexed from zero, so don't delete virtqueue whose >> index is n->max_queues * 2 + 1. > > But what's the current behaviour? > > Can it lead to aborts? virtio_del_queue does: > if (n < 0 || n >= VIRTIO_PCI_QUEUE_MAX) { > abort(); > } Yes, it will hit abort() above. > > > >> Cc: Michael S. Tsirkin <mst@redhat.com> >> Cc: qemu-stable <qemu-stable@nongnu.org> >> Signed-off-by: Jason Wang <jasowang@redhat.com> >> --- >> hw/net/virtio-net.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c >> index 59f76bc..b6fac9c 100644 >> --- a/hw/net/virtio-net.c >> +++ b/hw/net/virtio-net.c >> @@ -1309,7 +1309,7 @@ static void >> virtio_net_set_multiqueue(VirtIONet *n, int multiqueue) >> >> n->multiqueue = multiqueue; >> >> - for (i = 2; i <= n->max_queues * 2 + 1; i++) { >> + for (i = 2; i < n->max_queues * 2 + 1; i++) { >> virtio_del_queue(vdev, i); >> } >> >> -- >> 2.1.0 >
On Fri, Mar 20, 2015 at 1:53 PM, Jason Wang <jasowang@redhat.com> wrote: > > > On Thu, Mar 19, 2015 at 6:12 PM, Michael S. Tsirkin <mst@redhat.com> > wrote: >> On Thu, Mar 19, 2015 at 03:05:52PM +0800, Jason Wang wrote: >>> Virtqueue were indexed from zero, so don't delete virtqueue whose >>> index is n->max_queues * 2 + 1. >> >> But what's the current behaviour? >> >> Can it lead to aborts? virtio_del_queue does: >> if (n < 0 || n >= VIRTIO_PCI_QUEUE_MAX) { >> abort(); >> } > > Yes, it will hit abort() above. With patch 1/1 on top, there will be no crash. Will drop this from V2. This patch was only needed for more virtio queues series. > >> >> >> >>> Cc: Michael S. Tsirkin <mst@redhat.com> >>> Cc: qemu-stable <qemu-stable@nongnu.org> >>> Signed-off-by: Jason Wang <jasowang@redhat.com> >>> --- >>> hw/net/virtio-net.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c >>> index 59f76bc..b6fac9c 100644 >>> --- a/hw/net/virtio-net.c >>> +++ b/hw/net/virtio-net.c >>> @@ -1309,7 +1309,7 @@ static void >>> virtio_net_set_multiqueue(VirtIONet *n, int multiqueue) >>> n->multiqueue = multiqueue; >>> - for (i = 2; i <= n->max_queues * 2 + 1; i++) { >>> + for (i = 2; i < n->max_queues * 2 + 1; i++) { >>> virtio_del_queue(vdev, i); >>> } >>> -- 2.1.0 >> >
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 59f76bc..b6fac9c 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1309,7 +1309,7 @@ static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue) n->multiqueue = multiqueue; - for (i = 2; i <= n->max_queues * 2 + 1; i++) { + for (i = 2; i < n->max_queues * 2 + 1; i++) { virtio_del_queue(vdev, i); }
Virtqueue were indexed from zero, so don't delete virtqueue whose index is n->max_queues * 2 + 1. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Jason Wang <jasowang@redhat.com> --- hw/net/virtio-net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)