virtio: order used ring after used index read
authorMichael S. Tsirkin <mst@redhat.com>
Sun, 25 Oct 2009 13:28:53 +0000 (15:28 +0200)
committerRusty Russell <rusty@rustcorp.com.au>
Wed, 28 Oct 2009 22:20:37 +0000 (08:50 +1030)
On SMP guests, reads from the ring might bypass used index reads. This
causes guest crashes because host writes to used index to signal ring
data readiness.  Fix this by inserting rmb before used ring reads.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: stable@kernel.org
drivers/virtio/virtio_ring.c

index f536005807269728f3285f7bbf6f176cd790e5c2..fbd2ecde93e409ea9287d068d3f2322297c910cc 100644 (file)
@@ -285,6 +285,9 @@ static void *vring_get_buf(struct virtqueue *_vq, unsigned int *len)
                return NULL;
        }
 
+       /* Only get used array entries after they have been exposed by host. */
+       rmb();
+
        i = vq->vring.used->ring[vq->last_used_idx%vq->vring.num].id;
        *len = vq->vring.used->ring[vq->last_used_idx%vq->vring.num].len;