From 16b7f98db096e8e8829bc0b89aa7afbf6afd50f0 Mon Sep 17 00:00:00 2001
From: Chen Qun <kuhn.chenqun@huawei.com>
Date: Thu, 10 Feb 2022 11:16:26 +0800
Subject: [PATCH] virtio: bugfix: add rcu_read_lock when vring_avail_idx is
 called

viring_avail_idx should be called within rcu_read_lock(),
or may get NULL caches in vring_get_region_caches() and
trigger assert().

Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
---
 ...d-rcu_read_lock-when-vring_avail_idx.patch | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 virtio-bugfix-add-rcu_read_lock-when-vring_avail_idx.patch

diff --git a/virtio-bugfix-add-rcu_read_lock-when-vring_avail_idx.patch b/virtio-bugfix-add-rcu_read_lock-when-vring_avail_idx.patch
new file mode 100644
index 0000000..39551a7
--- /dev/null
+++ b/virtio-bugfix-add-rcu_read_lock-when-vring_avail_idx.patch
@@ -0,0 +1,38 @@
+From 41aa66e37d04246d48b5417c57967425ecc466a0 Mon Sep 17 00:00:00 2001
+From: Jinhua Cao <caojinhua1@huawei.com>
+Date: Thu, 10 Feb 2022 11:16:26 +0800
+Subject: [PATCH] virtio: bugfix: add rcu_read_lock when vring_avail_idx is
+ called
+
+viring_avail_idx should be called within rcu_read_lock(),
+or may get NULL caches in vring_get_region_caches() and
+trigger assert().
+
+Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
+---
+ hw/virtio/virtio.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 007f4c9e26..0af9684881 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -2864,6 +2864,7 @@ static void check_vring_avail_num(VirtIODevice *vdev, int index)
+ {
+     uint16_t nheads;
+ 
++    rcu_read_lock();
+     /* Check it isn't doing strange things with descriptor numbers. */
+     nheads = vring_avail_idx(&vdev->vq[index]) - vdev->vq[index].last_avail_idx;
+     if (nheads > vdev->vq[index].vring.num) {
+@@ -2874,6 +2875,7 @@ static void check_vring_avail_num(VirtIODevice *vdev, int index)
+                  vring_avail_idx(&vdev->vq[index]),
+                  vdev->vq[index].last_avail_idx, nheads);
+     }
++    rcu_read_unlock();
+ }
+ 
+ int virtio_save(VirtIODevice *vdev, QEMUFile *f)
+-- 
+2.27.0
+