On Fri, Jan 20, 2017 at 06:07:53PM +0100, Paolo Bonzini wrote:
> @@ -455,10 +455,18 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned
> int *in_bytes,
> goto err;
> }
>
> - desc_pa = vq->vring.desc;
> - vring_desc_read(vdev, &desc, desc_pa, i);
> + len = max * sizeof(VRingDesc);
> + desc_ptr = address_space_map(vdev->dma_as, vq->vring.desc, &len,
> false);
> + if (len < max * sizeof(VRingDesc)) {
> + virtio_error(vdev, "Cannot map descriptor ring");
> + goto err;
> + }
> +
> + vring_desc_read(vdev, &desc, desc_ptr, i);
>
> if (desc.flags & VRING_DESC_F_INDIRECT) {
> + address_space_unmap(vdev->dma_as, desc_ptr, len, false, 0);
Missing "dest_ptr = NULL" to prevent double unmap if the next goto err
is taken.
> @@ -689,18 +706,33 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
> }
>
> i = head;
> - vring_desc_read(vdev, &desc, desc_pa, i);
> +
> + len = max * sizeof(VRingDesc);
> + desc_ptr = address_space_map(vdev->dma_as, vq->vring.desc, &len, false);
> + if (len < max * sizeof(VRingDesc)) {
> + virtio_error(vdev, "Cannot map descriptor ring");
> + return NULL;
desc_ptr still needs to be unmapped if non-NULL. The same applies
below in virtqueue_pop().
signature.asc
Description: PGP signature
