From 162ddb1fdbbafeb0006cb567319f9180fb1af976 Mon Sep 17 00:00:00 2001 From: Norman Feske Date: Wed, 8 Dec 2021 16:47:19 +0100 Subject: [PATCH] virtio: fix len calculation Thanks to Piotr Tworek for the fix and his explanation as follows: The basic idea is to try to fit payload data into the descriptor used to send the header. If there is no payload, or the payload fits exactly into the remaining space in the header decriptor, len should be 0 and only one descriptor should be used. In such case the "next" and "flags" members of the descriptor structure should be set to 0. In case there is some extra payload data to send, but its size is bigger than the remaining free space in the descriptor used to send the header, len should contain the remaining size of the payload that can't be sent via the header descriptor. The code will then chain additional descriptors to handle this remainder. With the len variable shadowing, the code will never queue the remaining data. Issue #4327 --- repos/os/include/virtio/queue.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repos/os/include/virtio/queue.h b/repos/os/include/virtio/queue.h index f291de9581..a4df06a523 100644 --- a/repos/os/include/virtio/queue.h +++ b/repos/os/include/virtio/queue.h @@ -415,7 +415,7 @@ class Virtio::Queue Genode::size_t len = 0; if (data != nullptr && data_size > 0) { - Genode::size_t len = Genode::min(_buffer_size - sizeof(header), data_size); + len = Genode::min(_buffer_size - sizeof(header), data_size); Genode::memcpy((char *)_buffer_local_addr(desc) + desc->len, data, len); desc->len += len; len = data_size + sizeof(header) - desc->len;