| Message ID | 1372338255-3934-4-git-send-email-peter.maydell@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
Peter Maydell <peter.maydell@linaro.org> writes: > The MMIO virtio transport spec allows the guest to tell the host how > large the queue size is. Add virtio_queue_set_num() function which > implements this in the QEMU common virtio support code. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > hw/virtio/virtio.c | 6 ++++++ > include/hw/virtio/virtio.h | 1 + > 2 files changed, 7 insertions(+) > > diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c > index 8176c14..8805b8a 100644 > --- a/hw/virtio/virtio.c > +++ b/hw/virtio/virtio.c > @@ -667,6 +667,12 @@ hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n) > return vdev->vq[n].pa; > } > > +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num) > +{ > + vdev->vq[n].vring.num = num; > + virtqueue_init(&vdev->vq[n]); I think some level of checking is probably needed on num since we do a tremendous amount of math on it. I doubt it's exploitable since it's always treated as a PA, but better to be safe than sorry. Regards, Anthony Liguori > +} > + > int virtio_queue_get_num(VirtIODevice *vdev, int n) > { > return vdev->vq[n].vring.num; > diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h > index a6c5c53..95c4772 100644 > --- a/include/hw/virtio/virtio.h > +++ b/include/hw/virtio/virtio.h > @@ -198,6 +198,7 @@ void virtio_config_writew(VirtIODevice *vdev, uint32_t addr, uint32_t data); > void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data); > void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr); > hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n); > +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num); > int virtio_queue_get_num(VirtIODevice *vdev, int n); > void virtio_queue_notify(VirtIODevice *vdev, int n); > uint16_t virtio_queue_vector(VirtIODevice *vdev, int n); > -- > 1.7.9.5
On 8 July 2013 20:39, Anthony Liguori <aliguori@us.ibm.com> wrote: > Peter Maydell <peter.maydell@linaro.org> writes: >> +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num) >> +{ >> + vdev->vq[n].vring.num = num; >> + virtqueue_init(&vdev->vq[n]); > > I think some level of checking is probably needed on num since we do a > tremendous amount of math on it. I doubt it's exploitable since it's > always treated as a PA, but better to be safe than sorry. So at the moment we do that in the transport: + if (value <= VIRTQUEUE_MAX_SIZE) { + DPRINTF("calling virtio_queue_set_num\n"); + virtio_queue_set_num(vdev, vdev->queue_sel, value); + } but I agree it would be better done here in the generic code. -- PMM
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 8176c14..8805b8a 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -667,6 +667,12 @@ hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n) return vdev->vq[n].pa; } +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num) +{ + vdev->vq[n].vring.num = num; + virtqueue_init(&vdev->vq[n]); +} + int virtio_queue_get_num(VirtIODevice *vdev, int n) { return vdev->vq[n].vring.num; diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index a6c5c53..95c4772 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -198,6 +198,7 @@ void virtio_config_writew(VirtIODevice *vdev, uint32_t addr, uint32_t data); void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data); void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr); hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n); +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num); int virtio_queue_get_num(VirtIODevice *vdev, int n); void virtio_queue_notify(VirtIODevice *vdev, int n); uint16_t virtio_queue_vector(VirtIODevice *vdev, int n);
The MMIO virtio transport spec allows the guest to tell the host how large the queue size is. Add virtio_queue_set_num() function which implements this in the QEMU common virtio support code. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/virtio/virtio.c | 6 ++++++ include/hw/virtio/virtio.h | 1 + 2 files changed, 7 insertions(+)