On 07/16/2015 03:29 PM, Michael S. Tsirkin wrote: > On Thu, Jul 16, 2015 at 02:49:48PM +0800, Jason Wang wrote: >> > >> > >> > On 07/16/2015 02:42 PM, Michael S. Tsirkin wrote: >>> > > On Wed, Jul 15, 2015 at 03:56:07PM +0800, Jason Wang wrote: >>>> > >> Commit 032a74a1c0fcdd5fd1c69e56126b4c857ee36611 >>>> > >> ("virtio-net: byteswap virtio-net header") breaks any layout by >>>> > >> requiring out_sg[0].iov_len >= n->guest_hdr_len. Fixing this by >>>> > >> copying header to temporary buffer if swap is needed, and then use >>>> > >> this buffer as part of out_sg. >>>> > >> >>>> > >> Fixes 032a74a1c0fcdd5fd1c69e56126b4c857ee36611 >>>> > >> ("virtio-net: byteswap virtio-net header") >>>> > >> Cc: qemu-sta...@nongnu.org >>>> > >> Cc: c...@fr.ibm.com >>>> > >> Signed-off-by: Jason Wang <jasow...@redhat.com> >>>> > >> --- >>>> > >> Changes from V1: >>>> > >> - avoid header copying if there's no need to do header swap >>>> > >> - don't write the header back >>>> > >> --- >>>> > >> hw/net/virtio-net.c | 17 ++++++++++++++--- >>>> > >> include/hw/virtio/virtio-access.h | 9 +++++++++ >>>> > >> 2 files changed, 23 insertions(+), 3 deletions(-) >>>> > >> >>>> > >> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c >>>> > >> index e3c2db3..12322bd 100644 >>>> > >> --- a/hw/net/virtio-net.c >>>> > >> +++ b/hw/net/virtio-net.c >>>> > >> @@ -1142,7 +1142,8 @@ static int32_t >>>> > >> virtio_net_flush_tx(VirtIONetQueue *q) >>>> > >> ssize_t ret, len; >>>> > >> unsigned int out_num = elem.out_num; >>>> > >> struct iovec *out_sg = &elem.out_sg[0]; >>>> > >> - struct iovec sg[VIRTQUEUE_MAX_SIZE]; >>>> > >> + struct iovec sg[VIRTQUEUE_MAX_SIZE], sg2[VIRTQUEUE_MAX_SIZE]; >>>> > >> + struct virtio_net_hdr hdr; >>>> > >> >>>> > >> if (out_num < 1) { >>>> > >> error_report("virtio-net header not in first element"); >>>> > >> @@ -1150,11 +1151,21 @@ static int32_t >>>> > >> virtio_net_flush_tx(VirtIONetQueue *q) >>>> > >> } >>>> > >> >>>> > >> if (n->has_vnet_hdr) { >>>> > >> - if (out_sg[0].iov_len < n->guest_hdr_len) { >>>> > >> + if (iov_size(out_sg, out_num) < n->guest_hdr_len) { >>>> > >> error_report("virtio-net header incorrect"); >>>> > >> exit(1); >>>> > >> } >>> > > this scans the iov unnecessarily. How about checking return >>> > > code from iov_to_buf instead? >> > >> > Looks ok since hdr is very short anyway. > but iov_size scans the whole iov, not just the header. >
Right.