Home » Mailing list archives » linux-kernel » 2007 » November » 7

[PATCH] Fix used_idx wrap-around in virtio

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Anthony Liguori <aliguori@...>
To: <linux-kernel@...>
Cc: Anthony Liguori <aliguori@...>, Rusty Russell <rusty@...>, <virtualization@...>
Subject: [PATCH] Fix used_idx wrap-around in virtio
Date: Wednesday, November 7, 2007 - 5:49 pm

The more_used() function compares the vq->vring.used->idx with last_used_idx.
Since vq->vring.used->idx is a 16-bit integer, and last_used_idx is an
unsigned int, this results in unpredictable behavior when vq->vring.used->idx
wraps around.

This patch corrects this by changing last_used_idx to the correct type.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 0e4baca..0e1bf05 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -53,7 +53,7 @@ struct vring_virtqueue
 	unsigned int num_added;
 
 	/* Last used index we've seen. */
-	unsigned int last_used_idx;
+	u16 last_used_idx;
 
 	/* How to notify other side. FIXME: commonalize hcalls! */
 	void (*notify)(struct virtqueue *vq);
-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH] Fix used_idx wrap-around in virtio, Anthony Liguori, (Wed Nov 7, 5:49 pm)