aboutsummaryrefslogtreecommitdiff
path: root/hw/virtio/vdpa-dev.c
diff options
context:
space:
mode:
authorWafer <wafer@jaguarmicro.com>2024-04-07 09:54:51 +0800
committerMichael S. Tsirkin <mst@redhat.com>2024-04-09 02:31:19 -0400
commit2d9a31b3c27311eca1682cb2c076d7a300441960 (patch)
tree39ca348cdf0f5a27eb9d69ba65fcf9390981e1d7 /hw/virtio/vdpa-dev.c
parent731655f87f319fd06f27282c6cafbc2467ac8045 (diff)
hw/virtio: Fix packed virtqueue flush used_idx
In the event of writing many chains of descriptors, the device must write just the id of the last buffer in the descriptor chain, skip forward the number of descriptors in the chain, and then repeat the operations for the rest of chains. Current QEMU code writes all the buffer ids consecutively, and then skips all the buffers altogether. This is a bug, and can be reproduced with a VirtIONet device with _F_MRG_RXBUB and without _F_INDIRECT_DESC: If a virtio-net device has the VIRTIO_NET_F_MRG_RXBUF feature but not the VIRTIO_RING_F_INDIRECT_DESC feature, 'VirtIONetQueue->rx_vq' will use the merge feature to store data in multiple 'elems'. The 'num_buffers' in the virtio header indicates how many elements are merged. If the value of 'num_buffers' is greater than 1, all the merged elements will be filled into the descriptor ring. The 'idx' of the elements should be the value of 'vq->used_idx' plus 'ndescs'. Fixes: 86044b24e8 ("virtio: basic packed virtqueue support") Acked-by: Eugenio PĂ©rez <eperezma@redhat.com> Signed-off-by: Wafer <wafer@jaguarmicro.com> Message-Id: <20240407015451.5228-2-wafer@jaguarmicro.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/virtio/vdpa-dev.c')
0 files changed, 0 insertions, 0 deletions