From 4e94ebdd06d5dc72b7a40fc12fc496d601fb7bbc Mon Sep 17 00:00:00 2001 From: Ladi Prosek Date: Mon, 1 Feb 2016 19:36:31 +0100 Subject: [PATCH 1/2] virtio-pci: read the right virtio_pci_notify_cap field Looks like a copy-paste bug. The value is used as an optimization and a wrong value probably isn't causing any serious damage. Found when porting this code to Windows. Signed-off-by: Ladi Prosek Signed-off-by: Michael S. Tsirkin --- drivers/virtio/virtio_pci_modern.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c index c0c11fad4611..7760fc1a2218 100644 --- a/drivers/virtio/virtio_pci_modern.c +++ b/drivers/virtio/virtio_pci_modern.c @@ -679,7 +679,7 @@ int virtio_pci_modern_probe(struct virtio_pci_device *vp_dev) pci_read_config_dword(pci_dev, notify + offsetof(struct virtio_pci_notify_cap, - cap.length), + cap.offset), ¬ify_offset); /* We don't know how many VQs we'll map, ahead of the time. From e1f33be9186363da7955bcb5f0b03e6685544c50 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Tue, 16 Feb 2016 15:54:28 +0100 Subject: [PATCH 2/2] vhost: fix error path in vhost_init_used() We don't want side effects. If something fails, we rollback vq->is_le to its previous value. Signed-off-by: Greg Kurz Signed-off-by: Michael S. Tsirkin --- drivers/vhost/vhost.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index ad2146a9ab2d..236553e81027 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1156,6 +1156,8 @@ int vhost_init_used(struct vhost_virtqueue *vq) { __virtio16 last_used_idx; int r; + bool is_le = vq->is_le; + if (!vq->private_data) { vq->is_le = virtio_legacy_is_little_endian(); return 0; @@ -1165,15 +1167,20 @@ int vhost_init_used(struct vhost_virtqueue *vq) r = vhost_update_used_flags(vq); if (r) - return r; + goto err; vq->signalled_used_valid = false; - if (!access_ok(VERIFY_READ, &vq->used->idx, sizeof vq->used->idx)) - return -EFAULT; + if (!access_ok(VERIFY_READ, &vq->used->idx, sizeof vq->used->idx)) { + r = -EFAULT; + goto err; + } r = __get_user(last_used_idx, &vq->used->idx); if (r) - return r; + goto err; vq->last_used_idx = vhost16_to_cpu(vq, last_used_idx); return 0; +err: + vq->is_le = is_le; + return r; } EXPORT_SYMBOL_GPL(vhost_init_used);