On 24/01/2017 13:30, Stefan Hajnoczi wrote:
> On Fri, Jan 20, 2017 at 06:07:53PM +0100, Paolo Bonzini wrote:
>> @@ -455,10 +455,18 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned
>> int *in_bytes,
>> goto err;
>> }
>>
>> - desc_pa = vq->vring.desc;
>> - vring_desc_read(vdev, &desc, desc_pa, i);
>> + len = max * sizeof(VRingDesc);
>> + desc_ptr = address_space_map(vdev->dma_as, vq->vring.desc, &len,
>> false);
>> + if (len < max * sizeof(VRingDesc)) {
>> + virtio_error(vdev, "Cannot map descriptor ring");
>> + goto err;
>> + }
>> +
>> + vring_desc_read(vdev, &desc, desc_ptr, i);
>>
>> if (desc.flags & VRING_DESC_F_INDIRECT) {
>> + address_space_unmap(vdev->dma_as, desc_ptr, len, false, 0);
>
> Missing "dest_ptr = NULL" to prevent double unmap if the next goto err
> is taken.
>
>> @@ -689,18 +706,33 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
>> }
>>
>> i = head;
>> - vring_desc_read(vdev, &desc, desc_pa, i);
>> +
>> + len = max * sizeof(VRingDesc);
>> + desc_ptr = address_space_map(vdev->dma_as, vq->vring.desc, &len, false);
>> + if (len < max * sizeof(VRingDesc)) {
>> + virtio_error(vdev, "Cannot map descriptor ring");
>> + return NULL;
>
> desc_ptr still needs to be unmapped if non-NULL. The same applies
> below in virtqueue_pop().
>
I'll redo this patch to look a lot more like 4/7.
Paolo
