From: Thomas Huth <thuth@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Daniel Henrique Barboza <dbarboza@ventanamicro.com>,
Alistair Francis <alistair.francis@wdc.com>
Subject: [PULL 2/6] libqos/virtio.c: fix 'avail_event' offset in qvring_init()
Date: Fri, 1 Mar 2024 09:09:49 +0100 [thread overview]
Message-ID: <20240301080953.66448-3-thuth@redhat.com> (raw)
In-Reply-To: <20240301080953.66448-1-thuth@redhat.com>
From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
In qvring_init() we're writing vq->used->avail_event at "vq->used + 2 +
array_size". The struct pointed by vq->used is, from virtio_ring.h
Linux header):
* // A ring of used descriptor heads with free-running index.
* __virtio16 used_flags;
* __virtio16 used_idx;
* struct vring_used_elem used[num];
* __virtio16 avail_event_idx;
So 'flags' is the word right at vq->used. 'idx' is vq->used + 2. We need
to skip 'used_idx' by adding + 2 bytes, and then sum the vector size, to
reach avail_event_idx. An example on how to properly access this field
can be found in qvirtqueue_kick():
avail_event = qvirtio_readw(d, qts, vq->used + 4 +
sizeof(struct vring_used_elem) * vq->size);
This error was detected when enabling the RISC-V 'virt' libqos machine.
The 'idx' test from vhost-user-blk-test.c errors out with a timeout in
qvirtio_wait_used_elem(). The timeout happens because when processing
the first element, 'avail_event' is read in qvirtqueue_kick() as non-zero
because we didn't initialize it properly (and the memory at that point
happened to be non-zero). 'idx' is 0.
All of this makes this condition fail because "idx - avail_event" will
overflow and be non-zero:
/* < 1 because we add elements to avail queue one by one */
if ((flags & VRING_USED_F_NO_NOTIFY) == 0 &&
(!vq->event || (uint16_t)(idx-avail_event) < 1)) {
d->bus->virtqueue_kick(d, vq);
}
As a result the virtqueue is never kicked and we'll timeout waiting for it.
Fixes: 1053587c3f ("libqos: Added EVENT_IDX support")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20240217192607.32565-3-dbarboza@ventanamicro.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
tests/qtest/libqos/virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qtest/libqos/virtio.c b/tests/qtest/libqos/virtio.c
index 4f39124eba..82a6e122bf 100644
--- a/tests/qtest/libqos/virtio.c
+++ b/tests/qtest/libqos/virtio.c
@@ -265,7 +265,7 @@ void qvring_init(QTestState *qts, const QGuestAllocator *alloc, QVirtQueue *vq,
/* vq->used->idx */
qvirtio_writew(vq->vdev, qts, vq->used + 2, 0);
/* vq->used->avail_event */
- qvirtio_writew(vq->vdev, qts, vq->used + 2 +
+ qvirtio_writew(vq->vdev, qts, vq->used + 4 +
sizeof(struct vring_used_elem) * vq->size, 0);
}
--
2.44.0
next prev parent reply other threads:[~2024-03-01 8:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-01 8:09 [PULL 0/6] Misc fixes (libqos vring, Kconfig, TLS io channels, ...) Thomas Huth
2024-03-01 8:09 ` [PULL 1/6] libqos/virtio.c: init all elems in qvring_indirect_desc_setup() Thomas Huth
2024-03-01 8:09 ` Thomas Huth [this message]
2024-03-01 8:09 ` [PULL 3/6] hw/intc/Kconfig: Fix GIC settings when using "--without-default-devices" Thomas Huth
2024-03-01 8:09 ` [PULL 4/6] hw/usb/bus.c: PCAP adding 0xA in Windows version Thomas Huth
2024-03-01 8:09 ` [PULL 5/6] tests/unit/test-util-sockets: Remove temporary file after test Thomas Huth
2024-03-01 8:09 ` [PULL 6/6] chardev/char-socket: Fix TLS io channels sending too much data to the backend Thomas Huth
2024-03-01 14:39 ` [PULL 0/6] Misc fixes (libqos vring, Kconfig, TLS io channels, ...) Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240301080953.66448-3-thuth@redhat.com \
--to=thuth@redhat.com \
--cc=alistair.francis@wdc.com \
--cc=dbarboza@ventanamicro.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.