Continuing the theme of making the virtio code resilient against corruption of the buffers shared with the device, this series focusses on the vring. This series is simpler and more self-contained than the series for virtio-pci!
It follows the example of Linux by keeping a private copy of the descriptors and metadata for state tracking and only ever writing to the descriptors that are shared with the device.
I was able to test these hardening steps in the sandbox by simulating device writes to the queues. I was also looking into testing the device drivers against a simulated device but the lack of an API to access the virtqueues meant this ended up being a hack. I've included that hack and the at the end of the series as an RFC.
Andrew Scull (11): virtio_ring: Merge identical variables virtio_ring: Add helper to attach vring descriptor virtio_ring: Maintain a shadow copy of descriptors virtio_ring: Check used descriptors are chain heads dm: test: virtio: Test the virtio ring virtio: sandbox: Fix device features bitfield test: dm: virtio: Test notify before del_vqs virtio: sandbox: Bind RNG rather than block device test: dm: virtio: Test virtio device driver probing virtio: rng: Check length before copying RFC: test: dm: virtio: Test virtio-rng with faked device
drivers/virtio/virtio_ring.c | 90 ++++++++++++++-------- drivers/virtio/virtio_rng.c | 3 + drivers/virtio/virtio_sandbox.c | 4 +- include/virtio_ring.h | 12 +++ test/dm/virtio.c | 129 ++++++++++++++++++++++++++++++-- 5 files changed, 199 insertions(+), 39 deletions(-)