Hi all,
this patch series fixes a cpu mapping leak in virtio-net.
The bug is caused by virtio_net_handle_ctrl: it maps the entire out_sg
iov, but then modifies it and reduces it (iov_discard_front), and only
unmap the reduced version of the iov.
This causes a crash when running on Xen, but the behaviour is obviously
incorrect without Xen too.
The patch series fixes the issue by allowing virtio_net_handle_ctrl to
unmap the original out_sg iov but still call virtqueue_fill and
virtqueue_flush on the modified iov.
The first three patches do not introduce any functional changes.
Stefano Stabellini (4):
introduce virtqueue_unmap_sg
use virtqueue_unmap_sg in virtqueue_fill
move virtqueue_unmap_sg calls from virtqueue_fill to virtqueue_push
virtio-net: do not leak cpu mappings
hw/net/virtio-net.c | 9 ++++++++-
hw/virtio/virtio.c | 43 ++++++++++++++++++++++++-------------------
include/hw/virtio/virtio.h | 2 ++
3 files changed, 34 insertions(+), 20 deletions(-)
