The following commit has been merged in the linux branch: commit 2d61ba95034f1abbdec7729d52c740870a5eddb6 Author: Michael S. Tsirkin mst@redhat.com Date: Sun Oct 25 15:28:53 2009 +0200
virtio: order used ring after used index read
On SMP guests, reads from the ring might bypass used index reads. This causes guest crashes because host writes to used index to signal ring data readiness. Fix this by inserting rmb before used ring reads.
Signed-off-by: Michael S. Tsirkin mst@redhat.com Signed-off-by: Rusty Russell rusty@rustcorp.com.au Cc: stable@kernel.org
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index f536005..fbd2ecd 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -285,6 +285,9 @@ static void *vring_get_buf(struct virtqueue *_vq, unsigned int *len) return NULL; }
+ /* Only get used array entries after they have been exposed by host. */ + rmb(); + i = vq->vring.used->ring[vq->last_used_idx%vq->vring.num].id; *len = vq->vring.used->ring[vq->last_used_idx%vq->vring.num].len;