From 44332f7167dfb1ca04af96a2cff938c5e23433db Mon Sep 17 00:00:00 2001 From: Anthony Liguori Date: Wed, 7 Nov 2007 16:31:52 +1100 Subject: virtio: fix vring_init for 64 bits This patch fixes a typo in vring_init(). This happens to work today in lguest because the sizeof(struct vring_desc) is 16 and struct vring contains 3 pointers and an unsigned int so on 32-bit sizeof(struct vring_desc) == sizeof(struct vring). However, this is no longer true on 64-bit where the bug is exposed. Signed-off-by: Anthony Liguori Signed-off-by: Rusty Russell --- include/linux/virtio_ring.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/virtio_ring.h b/include/linux/virtio_ring.h index ac69e7bb5a1..5b88d215af5 100644 --- a/include/linux/virtio_ring.h +++ b/include/linux/virtio_ring.h @@ -92,8 +92,8 @@ static inline void vring_init(struct vring *vr, unsigned int num, void *p) { vr->num = num; vr->desc = p; - vr->avail = p + num*sizeof(struct vring); - vr->used = p + (num+1)*(sizeof(struct vring) + sizeof(__u16)); + vr->avail = p + num*sizeof(struct vring_desc); + vr->used = p + (num+1)*(sizeof(struct vring_desc) + sizeof(__u16)); } static inline unsigned vring_size(unsigned int num) -- cgit v1.2.3 From 4d125de3a5d130054df2285e542c1491d214d3e8 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Wed, 7 Nov 2007 16:34:49 +1100 Subject: virtio: more fallout from scatterlist changes. This fixes OOPS in network driver when CONFIG_DEBUG_SG=y. Signed-off-by: Rusty Russell --- drivers/net/virtio_net.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e396c9d2af8..a75be57fb20 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -146,6 +146,7 @@ static void try_fill_recv(struct virtnet_info *vi) struct scatterlist sg[1+MAX_SKB_FRAGS]; int num, err; + sg_init_table(sg, 1+MAX_SKB_FRAGS); for (;;) { skb = netdev_alloc_skb(vi->dev, MAX_PACKET_LEN); if (unlikely(!skb)) @@ -231,6 +232,8 @@ static int start_xmit(struct sk_buff *skb, struct net_device *dev) const unsigned char *dest = ((struct ethhdr *)skb->data)->h_dest; DECLARE_MAC_BUF(mac); + sg_init_table(sg, 1+MAX_SKB_FRAGS); + pr_debug("%s: xmit %p %s\n", dev->name, skb, print_mac(mac, dest)); free_old_xmit_skbs(vi); -- cgit v1.2.3 From 1bc4953ed44454c7f53d0b609445d1534981ee75 Mon Sep 17 00:00:00 2001 From: Anthony Liguori Date: Wed, 7 Nov 2007 15:49:24 -0600 Subject: virtio: Fix used_idx wrap-around The more_used() function compares the vq->vring.used->idx with last_used_idx. Since vq->vring.used->idx is a 16-bit integer, and last_used_idx is an unsigned int, this results in unpredictable behavior when vq->vring.used->idx wraps around. This patch corrects this by changing last_used_idx to the correct type. Signed-off-by: Anthony Liguori Signed-off-by: Rusty Russell --- drivers/virtio/virtio_ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 0e4baca21b8..0e1bf053d8c 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -53,7 +53,7 @@ struct vring_virtqueue unsigned int num_added; /* Last used index we've seen. */ - unsigned int last_used_idx; + u16 last_used_idx; /* How to notify other side. FIXME: commonalize hcalls! */ void (*notify)(struct virtqueue *vq); -- cgit v1.2.3 From 1200e646ae238afc536be70257290eb33fb6e364 Mon Sep 17 00:00:00 2001 From: Anthony Liguori Date: Thu, 8 Nov 2007 21:13:44 -0600 Subject: lguest: Fix lguest virtio-blk backend size computation This seems like an obvious typo but it's worked in the past because the virtio blk frontend just ignores the length field on completion. Signed-off-by: Anthony Liguori Signed-off-by: Rusty Russell --- Documentation/lguest/lguest.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/lguest/lguest.c b/Documentation/lguest/lguest.c index f2668390e8f..157f6a26b93 100644 --- a/Documentation/lguest/lguest.c +++ b/Documentation/lguest/lguest.c @@ -1342,7 +1342,7 @@ static bool service_io(struct device *dev) if (out->type & VIRTIO_BLK_T_SCSI_CMD) { fprintf(stderr, "Scsi commands unsupported\n"); in->status = VIRTIO_BLK_S_UNSUPP; - wlen = sizeof(in); + wlen = sizeof(*in); } else if (out->type & VIRTIO_BLK_T_OUT) { /* Write */ @@ -1363,7 +1363,7 @@ static bool service_io(struct device *dev) /* Die, bad Guest, die. */ errx(1, "Write past end %llu+%u", off, ret); } - wlen = sizeof(in); + wlen = sizeof(*in); in->status = (ret >= 0 ? VIRTIO_BLK_S_OK : VIRTIO_BLK_S_IOERR); } else { /* Read */ @@ -1376,10 +1376,10 @@ static bool service_io(struct device *dev) ret = readv(vblk->fd, iov+1, in_num-1); verbose("READ from sector %llu: %i\n", out->sector, ret); if (ret >= 0) { - wlen = sizeof(in) + ret; + wlen = sizeof(*in) + ret; in->status = VIRTIO_BLK_S_OK; } else { - wlen = sizeof(in); + wlen = sizeof(*in); in->status = VIRTIO_BLK_S_IOERR; } } -- cgit v1.2.3 From 42b36cc0ce717deeb10030141a43dede763a3ebe Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 12 Nov 2007 13:39:18 +1100 Subject: virtio: Force use of power-of-two for descriptor ring sizes The virtio descriptor rings of size N-1 were nicely set up to be aligned to an N-byte boundary. But as Anthony Liguori points out, the free-running indices used by virtio require that the sizes be a power of 2, otherwise we get problems on wrap (demonstrated with lguest). So we replace the clever "2^n-1" scheme with a simple "align to page boundary" scheme: this means that all virtio rings take at least two pages, but it's safer than guessing cache alignment. Signed-off-by: Rusty Russell --- Documentation/lguest/lguest.c | 9 +++++---- drivers/lguest/lguest_device.c | 3 ++- drivers/virtio/virtio_ring.c | 8 +++++++- include/linux/virtio_ring.h | 19 +++++++++++-------- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/Documentation/lguest/lguest.c b/Documentation/lguest/lguest.c index 157f6a26b93..42008395534 100644 --- a/Documentation/lguest/lguest.c +++ b/Documentation/lguest/lguest.c @@ -62,8 +62,8 @@ typedef uint8_t u8; #endif /* We can have up to 256 pages for devices. */ #define DEVICE_PAGES 256 -/* This fits nicely in a single 4096-byte page. */ -#define VIRTQUEUE_NUM 127 +/* This will occupy 2 pages: it must be a power of 2. */ +#define VIRTQUEUE_NUM 128 /*L:120 verbose is both a global flag and a macro. The C preprocessor allows * this, and although I wouldn't recommend it, it works quite nicely here. */ @@ -1036,7 +1036,8 @@ static void add_virtqueue(struct device *dev, unsigned int num_descs, void *p; /* First we need some pages for this virtqueue. */ - pages = (vring_size(num_descs) + getpagesize() - 1) / getpagesize(); + pages = (vring_size(num_descs, getpagesize()) + getpagesize() - 1) + / getpagesize(); p = get_pages(pages); /* Initialize the configuration. */ @@ -1045,7 +1046,7 @@ static void add_virtqueue(struct device *dev, unsigned int num_descs, vq->config.pfn = to_guest_phys(p) / getpagesize(); /* Initialize the vring. */ - vring_init(&vq->vring, num_descs, p); + vring_init(&vq->vring, num_descs, p, getpagesize()); /* Add the configuration information to this device's descriptor. */ add_desc_field(dev, VIRTIO_CONFIG_F_VIRTQUEUE, diff --git a/drivers/lguest/lguest_device.c b/drivers/lguest/lguest_device.c index 8904f72f97c..66f38722253 100644 --- a/drivers/lguest/lguest_device.c +++ b/drivers/lguest/lguest_device.c @@ -200,7 +200,8 @@ static struct virtqueue *lg_find_vq(struct virtio_device *vdev, /* Figure out how many pages the ring will take, and map that memory */ lvq->pages = lguest_map((unsigned long)lvq->config.pfn << PAGE_SHIFT, - DIV_ROUND_UP(vring_size(lvq->config.num), + DIV_ROUND_UP(vring_size(lvq->config.num, + PAGE_SIZE), PAGE_SIZE)); if (!lvq->pages) { err = -ENOMEM; diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 0e1bf053d8c..1dc04b6684e 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -277,11 +277,17 @@ struct virtqueue *vring_new_virtqueue(unsigned int num, struct vring_virtqueue *vq; unsigned int i; + /* We assume num is a power of 2. */ + if (num & (num - 1)) { + dev_warn(&vdev->dev, "Bad virtqueue length %u\n", num); + return NULL; + } + vq = kmalloc(sizeof(*vq) + sizeof(void *)*num, GFP_KERNEL); if (!vq) return NULL; - vring_init(&vq->vring, num, pages); + vring_init(&vq->vring, num, pages, PAGE_SIZE); vq->vq.callback = callback; vq->vq.vdev = vdev; vq->vq.vq_ops = &vring_vq_ops; diff --git a/include/linux/virtio_ring.h b/include/linux/virtio_ring.h index 5b88d215af5..1a4ed49f647 100644 --- a/include/linux/virtio_ring.h +++ b/include/linux/virtio_ring.h @@ -67,7 +67,7 @@ struct vring { }; /* The standard layout for the ring is a continuous chunk of memory which looks - * like this. The used fields will be aligned to a "num+1" boundary. + * like this. We assume num is a power of 2. * * struct vring * { @@ -79,8 +79,8 @@ struct vring { * __u16 avail_idx; * __u16 available[num]; * - * // Padding so a correctly-chosen num value will cache-align used_idx. - * char pad[sizeof(struct vring_desc) - sizeof(avail_flags)]; + * // Padding to the next page boundary. + * char pad[]; * * // A ring of used descriptor heads with free-running index. * __u16 used_flags; @@ -88,18 +88,21 @@ struct vring { * struct vring_used_elem used[num]; * }; */ -static inline void vring_init(struct vring *vr, unsigned int num, void *p) +static inline void vring_init(struct vring *vr, unsigned int num, void *p, + unsigned int pagesize) { vr->num = num; vr->desc = p; vr->avail = p + num*sizeof(struct vring_desc); - vr->used = p + (num+1)*(sizeof(struct vring_desc) + sizeof(__u16)); + vr->used = (void *)(((unsigned long)&vr->avail->ring[num] + pagesize-1) + & ~(pagesize - 1)); } -static inline unsigned vring_size(unsigned int num) +static inline unsigned vring_size(unsigned int num, unsigned int pagesize) { - return (num + 1) * (sizeof(struct vring_desc) + sizeof(__u16)) - + sizeof(__u32) + num * sizeof(struct vring_used_elem); + return ((sizeof(struct vring_desc) * num + sizeof(__u16) * (2 + num) + + pagesize - 1) & ~(pagesize - 1)) + + sizeof(__u16) * 2 + sizeof(struct vring_used_elem) * num; } #ifdef __KERNEL__ -- cgit v1.2.3