From patchwork Thu Sep 15 14:21:46 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 670446 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3sZgsP0Ss5z9sC3 for ; Fri, 16 Sep 2016 00:34:17 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=OsRgRsAg; dkim-atps=neutral Received: from localhost ([::1]:35158 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkXjy-0006rn-FR for incoming@patchwork.ozlabs.org; Thu, 15 Sep 2016 10:34:14 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45468) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkXZU-0006N8-2X for qemu-devel@nongnu.org; Thu, 15 Sep 2016 10:23:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bkXZO-0001b0-La for qemu-devel@nongnu.org; Thu, 15 Sep 2016 10:23:22 -0400 Received: from mail-lf0-f65.google.com ([209.85.215.65]:34113) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bkXZO-0001au-Dh; Thu, 15 Sep 2016 10:23:18 -0400 Received: by mail-lf0-f65.google.com with SMTP id k12so2788641lfb.1; Thu, 15 Sep 2016 07:23:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=h9a4V4ss6AzinbziqSeEU3LRmqzseyN+CJn6WFnloGk=; b=OsRgRsAgu+PWk5Qx7yAeLsYbBYivXbmwZy9WjSYqRccbNXOt7hY84G5bsTHJck0MFC A8/tyKwQYNQ+ytCCDqKzpv0AY0hRUw5bR3pYOihQZ2Dh02r9oPlYGLEUpUhTzDN3E72y v/wjwwsUcAriAvjXoqThz8VPdKsaXC+d95ew+2S+jq5j3i3TZEsulJpQ5UsgH9ZuwMND t0KrUQBd+DQh38vQY86fZZjF3sQh1ZfImGL35S6vLa9AUt4FCz/xzq48eTsyoMtinsyR /+Pk05S+i9l4X2EKYoEE/cU+M0GVpWeUDc/q0ZaucK4t++mUUVdSL9RdtI+qrKhyXL8i Pf8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=h9a4V4ss6AzinbziqSeEU3LRmqzseyN+CJn6WFnloGk=; b=UAPTwl/CnqqGkrgIxpmW2jAbzXwre16YQyfo5sVvxi3X7uOhSeLId67Q8ngkhUCt5k JkwyQuoAcnTL8JRrCBy1h3qvUaXAeHV6x0IhDQJDe6RXXE88oGZdGYTf2PVorK4uWiH8 dPuRbp4TaXFQgblKylCBoye2EyTiPYRikvXzF0mZBPZwOnsyYD4RyFH/UqOl/n7a+8X2 Y7AwNmtWbZGYBDRm+Pac82kUM3PKQurM1mA0ixwp3V1zeedH2HEiVNkxuMj2of1ZNNnQ P5WoKei2arRo6mMRISpUhYLyCWYHyJb/SN5Y003zG5oFA2lgmIGGPKyxykgzvYyTwjHU j84A== X-Gm-Message-State: AE9vXwNdM7Z56bIbl7sajk7KW1zop78krocl6KRDEkke4LvKGUk8bhNCiZuno1YZmyPv/g== X-Received: by 10.28.8.130 with SMTP id 124mr3124668wmi.81.1473949337633; Thu, 15 Sep 2016 07:22:17 -0700 (PDT) Received: from 640k.lan (94-39-176-182.adsl-ull.clienti.tiscali.it. [94.39.176.182]) by smtp.gmail.com with ESMTPSA id ml1sm3686151wjb.46.2016.09.15.07.22.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Sep 2016 07:22:16 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Date: Thu, 15 Sep 2016 16:21:46 +0200 Message-Id: <1473949316-31264-8-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1473949316-31264-1-git-send-email-pbonzini@redhat.com> References: <1473949316-31264-1-git-send-email-pbonzini@redhat.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.85.215.65 Subject: [Qemu-devel] [PULL 07/17] scsi: pvscsi: limit process IO loop to ring size X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Prasad J Pandit , qemu-stable@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Prasad J Pandit Vmware Paravirtual SCSI emulator while processing IO requests could run into an infinite loop if 'pvscsi_ring_pop_req_descr' always returned positive value. Limit IO loop to the ring size. Cc: qemu-stable@nongnu.org Reported-by: Li Qiang Signed-off-by: Prasad J Pandit Message-Id: <1473845952-30785-1-git-send-email-ppandit@redhat.com> Signed-off-by: Paolo Bonzini --- hw/scsi/vmw_pvscsi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c index babac5a..a5ce7de 100644 --- a/hw/scsi/vmw_pvscsi.c +++ b/hw/scsi/vmw_pvscsi.c @@ -247,8 +247,11 @@ static hwaddr pvscsi_ring_pop_req_descr(PVSCSIRingInfo *mgr) { uint32_t ready_ptr = RS_GET_FIELD(mgr, reqProdIdx); + uint32_t ring_size = PVSCSI_MAX_NUM_PAGES_REQ_RING + * PVSCSI_MAX_NUM_REQ_ENTRIES_PER_PAGE; - if (ready_ptr != mgr->consumed_ptr) { + if (ready_ptr != mgr->consumed_ptr + && ready_ptr - mgr->consumed_ptr < ring_size) { uint32_t next_ready_ptr = mgr->consumed_ptr++ & mgr->txr_len_mask; uint32_t next_ready_page =