On Wed, Dec 12, 2012 at 04:55:47PM +0100, Stefan Hajnoczi wrote:
> On Tue, Dec 11, 2012 at 04:18:20PM +0200, Michael S. Tsirkin wrote:
> > On Mon, Dec 10, 2012 at 02:09:37PM +0100, Stefan Hajnoczi wrote:
> > > + iov->iov_base = hostmem_lookup(&vring->hostmem, desc.addr,
> > > desc.len,
> > > + desc.flags & VRING_DESC_F_WRITE);
> > > + if (!iov->iov_base) {
> > > + error_report("Failed to map indirect descriptor"
> > > + "addr %#" PRIx64 " len %u",
> > > + (uint64_t)desc.addr, desc.len);
> > > + vring->broken = true;
> > > + return -EFAULT;
> > > + }
> > > + iov->iov_len = desc.len;
> > > + iov++;
> >
> > Hmm, this assumes a descriptor can not cross a memory
> > region boundary. Is this really guaranteed?
> > vhost does not make such assumptions.
>
> Just responded in the other subthread.
>
> hw/virtio.c doesn't split across memory region boundaries. This suggest
> we don't hit this in practice. If it does we'll print the error and
> disable the device until virtio reset.
>
> I can add it to my TODO list. hw/virtio.c also uses exit(1) for
> guest-triggerable errors at runtime and I'd like it to do something like
> vring->broken above.
>
> IMO it's not worth trying to perfect these things here. The next step
> after this series should be looking at thread-safe memory API so that we
> can use hw/virtio.c and improve it for all users.
>
> Stefan
OK
