Commit fe82203b authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio fixes from Michael Tsirkin:
 "Fixes to multiple issues in virtio.

  Most notably a regression fix for crashes reported by Fedora users.
  Hibernate is still reportedly broken, working on it"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio_balloon: prevent uninitialized variable use
  virtio-balloon: use actual number of stats for stats queue buffers
  virtio_balloon: init 1st buffer in stats vq
  virtio_pci: fix out of bound access for msix_names
parents 050fc52d f0bb2d50
...@@ -242,11 +242,11 @@ static inline void update_stat(struct virtio_balloon *vb, int idx, ...@@ -242,11 +242,11 @@ static inline void update_stat(struct virtio_balloon *vb, int idx,
#define pages_to_bytes(x) ((u64)(x) << PAGE_SHIFT) #define pages_to_bytes(x) ((u64)(x) << PAGE_SHIFT)
static void update_balloon_stats(struct virtio_balloon *vb) static unsigned int update_balloon_stats(struct virtio_balloon *vb)
{ {
unsigned long events[NR_VM_EVENT_ITEMS]; unsigned long events[NR_VM_EVENT_ITEMS];
struct sysinfo i; struct sysinfo i;
int idx = 0; unsigned int idx = 0;
long available; long available;
all_vm_events(events); all_vm_events(events);
...@@ -254,18 +254,22 @@ static void update_balloon_stats(struct virtio_balloon *vb) ...@@ -254,18 +254,22 @@ static void update_balloon_stats(struct virtio_balloon *vb)
available = si_mem_available(); available = si_mem_available();
#ifdef CONFIG_VM_EVENT_COUNTERS
update_stat(vb, idx++, VIRTIO_BALLOON_S_SWAP_IN, update_stat(vb, idx++, VIRTIO_BALLOON_S_SWAP_IN,
pages_to_bytes(events[PSWPIN])); pages_to_bytes(events[PSWPIN]));
update_stat(vb, idx++, VIRTIO_BALLOON_S_SWAP_OUT, update_stat(vb, idx++, VIRTIO_BALLOON_S_SWAP_OUT,
pages_to_bytes(events[PSWPOUT])); pages_to_bytes(events[PSWPOUT]));
update_stat(vb, idx++, VIRTIO_BALLOON_S_MAJFLT, events[PGMAJFAULT]); update_stat(vb, idx++, VIRTIO_BALLOON_S_MAJFLT, events[PGMAJFAULT]);
update_stat(vb, idx++, VIRTIO_BALLOON_S_MINFLT, events[PGFAULT]); update_stat(vb, idx++, VIRTIO_BALLOON_S_MINFLT, events[PGFAULT]);
#endif
update_stat(vb, idx++, VIRTIO_BALLOON_S_MEMFREE, update_stat(vb, idx++, VIRTIO_BALLOON_S_MEMFREE,
pages_to_bytes(i.freeram)); pages_to_bytes(i.freeram));
update_stat(vb, idx++, VIRTIO_BALLOON_S_MEMTOT, update_stat(vb, idx++, VIRTIO_BALLOON_S_MEMTOT,
pages_to_bytes(i.totalram)); pages_to_bytes(i.totalram));
update_stat(vb, idx++, VIRTIO_BALLOON_S_AVAIL, update_stat(vb, idx++, VIRTIO_BALLOON_S_AVAIL,
pages_to_bytes(available)); pages_to_bytes(available));
return idx;
} }
/* /*
...@@ -291,14 +295,14 @@ static void stats_handle_request(struct virtio_balloon *vb) ...@@ -291,14 +295,14 @@ static void stats_handle_request(struct virtio_balloon *vb)
{ {
struct virtqueue *vq; struct virtqueue *vq;
struct scatterlist sg; struct scatterlist sg;
unsigned int len; unsigned int len, num_stats;
update_balloon_stats(vb); num_stats = update_balloon_stats(vb);
vq = vb->stats_vq; vq = vb->stats_vq;
if (!virtqueue_get_buf(vq, &len)) if (!virtqueue_get_buf(vq, &len))
return; return;
sg_init_one(&sg, vb->stats, sizeof(vb->stats)); sg_init_one(&sg, vb->stats, sizeof(vb->stats[0]) * num_stats);
virtqueue_add_outbuf(vq, &sg, 1, vb, GFP_KERNEL); virtqueue_add_outbuf(vq, &sg, 1, vb, GFP_KERNEL);
virtqueue_kick(vq); virtqueue_kick(vq);
} }
...@@ -423,13 +427,16 @@ static int init_vqs(struct virtio_balloon *vb) ...@@ -423,13 +427,16 @@ static int init_vqs(struct virtio_balloon *vb)
vb->deflate_vq = vqs[1]; vb->deflate_vq = vqs[1];
if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) { if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
struct scatterlist sg; struct scatterlist sg;
unsigned int num_stats;
vb->stats_vq = vqs[2]; vb->stats_vq = vqs[2];
/* /*
* Prime this virtqueue with one buffer so the hypervisor can * Prime this virtqueue with one buffer so the hypervisor can
* use it to signal us later (it can't be broken yet!). * use it to signal us later (it can't be broken yet!).
*/ */
sg_init_one(&sg, vb->stats, sizeof vb->stats); num_stats = update_balloon_stats(vb);
sg_init_one(&sg, vb->stats, sizeof(vb->stats[0]) * num_stats);
if (virtqueue_add_outbuf(vb->stats_vq, &sg, 1, vb, GFP_KERNEL) if (virtqueue_add_outbuf(vb->stats_vq, &sg, 1, vb, GFP_KERNEL)
< 0) < 0)
BUG(); BUG();
......
...@@ -147,7 +147,7 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs, ...@@ -147,7 +147,7 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs,
{ {
struct virtio_pci_device *vp_dev = to_vp_device(vdev); struct virtio_pci_device *vp_dev = to_vp_device(vdev);
const char *name = dev_name(&vp_dev->vdev.dev); const char *name = dev_name(&vp_dev->vdev.dev);
int i, err = -ENOMEM, allocated_vectors, nvectors; int i, j, err = -ENOMEM, allocated_vectors, nvectors;
unsigned flags = PCI_IRQ_MSIX; unsigned flags = PCI_IRQ_MSIX;
bool shared = false; bool shared = false;
u16 msix_vec; u16 msix_vec;
...@@ -212,7 +212,7 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs, ...@@ -212,7 +212,7 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs,
if (!vp_dev->msix_vector_map) if (!vp_dev->msix_vector_map)
goto out_disable_config_irq; goto out_disable_config_irq;
allocated_vectors = 1; /* vector 0 is the config interrupt */ allocated_vectors = j = 1; /* vector 0 is the config interrupt */
for (i = 0; i < nvqs; ++i) { for (i = 0; i < nvqs; ++i) {
if (!names[i]) { if (!names[i]) {
vqs[i] = NULL; vqs[i] = NULL;
...@@ -236,18 +236,19 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs, ...@@ -236,18 +236,19 @@ static int vp_find_vqs_msix(struct virtio_device *vdev, unsigned nvqs,
continue; continue;
} }
snprintf(vp_dev->msix_names[i + 1], snprintf(vp_dev->msix_names[j],
sizeof(*vp_dev->msix_names), "%s-%s", sizeof(*vp_dev->msix_names), "%s-%s",
dev_name(&vp_dev->vdev.dev), names[i]); dev_name(&vp_dev->vdev.dev), names[i]);
err = request_irq(pci_irq_vector(vp_dev->pci_dev, msix_vec), err = request_irq(pci_irq_vector(vp_dev->pci_dev, msix_vec),
vring_interrupt, IRQF_SHARED, vring_interrupt, IRQF_SHARED,
vp_dev->msix_names[i + 1], vqs[i]); vp_dev->msix_names[j], vqs[i]);
if (err) { if (err) {
/* don't free this irq on error */ /* don't free this irq on error */
vp_dev->msix_vector_map[i] = VIRTIO_MSI_NO_VECTOR; vp_dev->msix_vector_map[i] = VIRTIO_MSI_NO_VECTOR;
goto out_remove_vqs; goto out_remove_vqs;
} }
vp_dev->msix_vector_map[i] = msix_vec; vp_dev->msix_vector_map[i] = msix_vec;
j++;
/* /*
* Use a different vector for each queue if they are available, * Use a different vector for each queue if they are available,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment