From: "Michael S. Tsirkin" <mst at redhat.com>
virtio ring was changed to return an error code on OOM,
but one caller was missed and still checks for vq->vring.num.
The fix is just to check for <0 error code.
Long term it might make sense to change goto add_head to
just return an error on oom instead, but let's apply
a minimal fix for 2.6.35.
Reported-by: Chris Mason <chris.mason at oracle.com>
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
Tested-by: Chris Mason <chris.mason at oracle.com>
---
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index dd35b34..bffec32 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -164,7 +164,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq,
gfp_t gfp)
{
struct vring_virtqueue *vq = to_vvq(_vq);
- unsigned int i, avail, head, uninitialized_var(prev);
+ unsigned int i, avail, uninitialized_var(prev);
+ int head;
START_USE(vq);
@@ -174,8 +175,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq,
* buffers, then go indirect. FIXME: tune this threshold */
if (vq->indirect && (out + in) > 1 && vq->num_free) {
head = vring_add_indirect(vq, sg, out, in, gfp);
- if (head != vq->vring.num)
+ if (likely(head >= 0))
goto add_head;
}
BUG_ON(out + in > vq->vring.num);
On Fri, 23 Jul 2010 15:48:37 +0930 Rusty Russell <rusty at rustcorp.com.au> wrote: Note that commit 686d363786a53ed28ee875b84ef24e6d5126ef6f, which caused this problem, is already queued for -stable, so it should either be removed or this should be sent for -stable as well.> From: "Michael S. Tsirkin" <mst at redhat.com> > > virtio ring was changed to return an error code on OOM, > but one caller was missed and still checks for vq->vring.num. > The fix is just to check for <0 error code. > > Long term it might make sense to change goto add_head to > just return an error on oom instead, but let's apply > a minimal fix for 2.6.35. > > Reported-by: Chris Mason <chris.mason at oracle.com> > Signed-off-by: Michael S. Tsirkin <mst at redhat.com> > Signed-off-by: Rusty Russell <rusty at rustcorp.com.au> > Tested-by: Chris Mason <chris.mason at oracle.com> > --- > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c > index dd35b34..bffec32 100644 > --- a/drivers/virtio/virtio_ring.c > +++ b/drivers/virtio/virtio_ring.c > @@ -164,7 +164,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq, > gfp_t gfp) > { > struct vring_virtqueue *vq = to_vvq(_vq); > - unsigned int i, avail, head, uninitialized_var(prev); > + unsigned int i, avail, uninitialized_var(prev); > + int head; > > START_USE(vq); > > @@ -174,8 +175,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq, > * buffers, then go indirect. FIXME: tune this threshold */ > if (vq->indirect && (out + in) > 1 && vq->num_free) { > head = vring_add_indirect(vq, sg, out, in, gfp); > - if (head != vq->vring.num) > + if (likely(head >= 0)) > goto add_head; > } > > BUG_ON(out + in > vq->vring.num); > --
From: "Michael S. Tsirkin" <mst at redhat.com>
virtio ring was changed to return an error code on OOM,
but one caller was missed and still checks for vq->vring.num.
The fix is just to check for <0 error code.
Long term it might make sense to change goto add_head to
just return an error on oom instead, but let's apply
a minimal fix for 2.6.35.
Reported-by: Chris Mason <chris.mason at oracle.com>
Signed-off-by: Michael S. Tsirkin <mst at redhat.com>
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
Tested-by: Chris Mason <chris.mason at oracle.com>
Cc: stable at kernel.org # .34.x
---
drivers/virtio/virtio_ring.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index dd35b34..bffec32 100644
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -164,7 +164,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq,
gfp_t gfp)
{
struct vring_virtqueue *vq = to_vvq(_vq);
- unsigned int i, avail, head, uninitialized_var(prev);
+ unsigned int i, avail, uninitialized_var(prev);
+ int head;
START_USE(vq);
@@ -174,8 +175,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq,
* buffers, then go indirect. FIXME: tune this threshold */
if (vq->indirect && (out + in) > 1 && vq->num_free) {
head = vring_add_indirect(vq, sg, out, in, gfp);
- if (head != vq->vring.num)
+ if (likely(head >= 0))
goto add_head;
}
BUG_ON(out + in > vq->vring.num);
Apparently Analagous Threads
- [PATCH] virtio: fix oops on OOM
- [PATCH] virtio-ring: Use threshold for switching to indirect descriptors
- [PATCH] virtio-ring: Use threshold for switching to indirect descriptors
- [PATCH 2 of 5] virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf
- [PATCH 2 of 5] virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf