-
Hans de Goede authoredThis one took me eons to debug, but I've finally found it now, oh well. The usage of the MIN macro in this line: last_out = MIN(len, qemu_chr_be_can_write(scd->chr)); Causes qemu_chr_be_can_write to be called *twice*, since the MIN macro evaluates its arguments twice (bad MIN macro, bad!). And the result of the call can change between the 2 calls since the guest may have consumed some data from the virtio ringbuffer between the calls! When this happens it is possible for qemu_chr_be_can_write to return less then len in the call made for the comparision, and then to return more then len in the actual call for the return-value of MIN, after which we will end up writing len data + some extra garbage, not good. This patch fixes this by only calling qemu_chr_be_can_write once. Signed-off-by:
Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>Hans de Goede authoredThis one took me eons to debug, but I've finally found it now, oh well. The usage of the MIN macro in this line: last_out = MIN(len, qemu_chr_be_can_write(scd->chr)); Causes qemu_chr_be_can_write to be called *twice*, since the MIN macro evaluates its arguments twice (bad MIN macro, bad!). And the result of the call can change between the 2 calls since the guest may have consumed some data from the virtio ringbuffer between the calls! When this happens it is possible for qemu_chr_be_can_write to return less then len in the call made for the comparision, and then to return more then len in the actual call for the return-value of MIN, after which we will end up writing len data + some extra garbage, not good. This patch fixes this by only calling qemu_chr_be_can_write once. Signed-off-by:Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Loading