I've figured out the actual problem, and I've made a patch that fixes the issue, not sure if it will apply cleanly as mine is based off the rhel version but thought I'd share it since it gave me a headache and many others it seems.
This is what happens
vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx - vdev->vq[i].used_idx);
if (vdev->vq[i].inuse > vdev->vq[i].vring.num)
Random example with last_avail_idx 0x1 used_idx 0x2, size 0x80:
1 - 2 = -1 however cast as unsigned it ends up being 65535
so if (65535 > 80) = headache
The patch I made basically checks if it's a negative and sets it to 0 as well as adding inuse to the error_report. I am sure if the error_report initially actually showed the true values being compared and not the source values, it would have been figured out sooner.
Hi,
I've figured out the actual problem, and I've made a patch that fixes the issue, not sure if it will apply cleanly as mine is based off the rhel version but thought I'd share it since it gave me a headache and many others it seems.
This is what happens t)(vdev- >vq[i]. last_avail_ idx - vdev->vq[ i].used_ idx);
vdev->vq[i].inuse = (uint16_
if (vdev->vq[i].inuse > vdev->vq[ i].vring. num)
Random example with last_avail_idx 0x1 used_idx 0x2, size 0x80:
1 - 2 = -1 however cast as unsigned it ends up being 65535
so if (65535 > 80) = headache
The patch I made basically checks if it's a negative and sets it to 0 as well as adding inuse to the error_report. I am sure if the error_report initially actually showed the true values being compared and not the source values, it would have been figured out sooner.