Make the virtio ring code resilient against corruption of the buffers shared with the device.
It follows the example of Linux by keeping a private copy of the descriptors and metadata for state tracking and only ever writing to the descriptors that are shared with the device. I was able to test these hardening steps in the sandbox by simulating device writes to the queues.
From v1:
- Fix build errors on SPL by making dependency on virtio drivers explicit
From v2:
- Refactor vring init loop per review
Andrew Scull (12): virtio_ring: Merge identical variables virtio_ring: Add helper to attach vring descriptor virtio_ring: Maintain a shadow copy of descriptors virtio_ring: Check used descriptors are chain heads dm: test: virtio: Test the virtio ring virtio: sandbox: Fix device features bitfield test: dm: virtio: Test notify before del_vqs test: dm: virtio: Split out virtio device tests virtio: sandbox: Bind RNG rather than block device test: dm: virtio: Test virtio device driver probing virtio: rng: Check length before copying test: dm: virtio_rng: Test virtio-rng with faked device
drivers/virtio/virtio_ring.c | 96 ++++++++++------ drivers/virtio/virtio_rng.c | 3 + drivers/virtio/virtio_sandbox.c | 4 +- include/virtio_ring.h | 12 ++ test/dm/Makefile | 6 +- test/dm/virtio.c | 99 ---------------- test/dm/virtio_device.c | 195 ++++++++++++++++++++++++++++++++ test/dm/virtio_rng.c | 52 +++++++++ 8 files changed, 330 insertions(+), 137 deletions(-) create mode 100644 test/dm/virtio_device.c create mode 100644 test/dm/virtio_rng.c