Il 05/12/2013 10:24, Stefan Hajnoczi ha scritto: >> > >> > That's what already happens actually. vring_push has >> > >> > >> > + g_slice_free(VirtQueueElement, elem); >> > + >> > /* Don't touch vring if a fatal error occurred */ >> > if (vring->broken) { >> > return; >> > >> > in this patch and >> > >> > + for (i = 0; i < elem->out_num; i++) { >> > + vring_unmap(elem->out_sg[i].iov_base, false); >> > + } >> > + >> > + for (i = 0; i < elem->in_num; i++) { >> > + vring_unmap(elem->in_sg[i].iov_base, true); >> > + } >> > >> > g_slice_free(VirtQueueElement, elem); >> > >> > in the next one. >> > >> > Though I admit vring_push isn't such a great name and API. I can add >> > instead a vring_free_element function. Do you think vring_push should >> > call it, or should the caller do that? > I think vring_push() should free the VirtQueueElement. > > We just need to expose vring_free_element() so that handle_notify() can > call it without pushing bogus buffers back to the guest.
It's not pushing back bogus buffer, see the "if (vring->broken)" above. But if you prefer handle_notify() to call vring_free_element(), I can of course do that. Paolo