lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 14 Feb 2020 13:17:17 +0100
From:   Eugenio Pérez <eperezma@...hat.com>
To:     Christian Borntraeger <borntraeger@...ibm.com>
Cc:     "Michael S. Tsirkin" <mst@...hat.com>,
        "virtualization@...ts.linux-foundation.org" 
        <virtualization@...ts.linux-foundation.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        kvm list <kvm@...r.kernel.org>,
        Halil Pasic <pasic@...ux.ibm.com>,
        Cornelia Huck <cohuck@...hat.com>
Subject: Re: vhost changes (batched) in linux-next after 12/13 trigger
 random crashes in KVM guests after reboot

On Fri, 2020-02-14 at 08:47 +0100, Christian Borntraeger wrote:
> repro
> 
> 
> On 14.02.20 08:43, Christian Borntraeger wrote:
> > 
> > On 14.02.20 08:40, Eugenio Perez Martin wrote:
> > > Hi.
> > > 
> > > Were the vhost and vhost_net modules loaded with dyndbg='+plt'? I miss
> > > all the others regular debug traces on that one.
> > 
> > I did 
> > 
> >  echo -n 'file drivers/vhost/vhost.c +plt' > control
> > and
> > echo -n 'file drivers/vhost/net.c +plt'  > control
> > 
> > but apparently it did not work...me hates dynamic debug.

Sorry about use dyndbg, but it is the easiest way to obtain accurate line numbers, threads id...

I usually load the module with that option (modprobe vhost dyndbg=+pfmlt && modprobe vhost_net dyndbg=+pfmlt), so it is
available from the very beginning.

> > 
> > > Thanks!
> > > 
> > > On Fri, Feb 14, 2020 at 8:34 AM Christian Borntraeger
> > > <borntraeger@...ibm.com> wrote:
> > > > I did
> > > > ping -c 20 -f ... ; reboot
> > > > twice
> > > > 
> > > > The ping after the first reboot showed .......E
> > > > 
> > > > this was on the host console
> > > > 
> > > > [   55.951885] CPU: 34 PID: 1908 Comm: CPU 0/KVM Not tainted 5.5.0+ #21
> > > > [   55.951891] Hardware name: IBM 3906 M04 704 (LPAR)
> > > > [   55.951892] Call Trace:
> > > > [   55.951902]  [<0000001ede114132>] show_stack+0x8a/0xd0
> > > > [   55.951906]  [<0000001edeb0672a>] dump_stack+0x8a/0xb8
> > > > [   55.951915]  [<000003ff803736a6>] vhost_vring_ioctl+0x6fe/0x858 [vhost]
> > > > [   55.951919]  [<000003ff8042a608>] vhost_net_ioctl+0x510/0x570 [vhost_net]
> > > > [   55.951924]  [<0000001ede3c4dd8>] do_vfs_ioctl+0x430/0x6f8
> > > > [   55.951926]  [<0000001ede3c5124>] ksys_ioctl+0x84/0xb0
> > > > [   55.951927]  [<0000001ede3c51ba>] __s390x_sys_ioctl+0x2a/0x38
> > > > [   55.951931]  [<0000001edeb27f72>] system_call+0x2a6/0x2c8
> > > > [   55.951949] CPU: 34 PID: 1908 Comm: CPU 0/KVM Not tainted 5.5.0+ #21
> > > > [   55.951950] Hardware name: IBM 3906 M04 704 (LPAR)
> > > > [   55.951951] Call Trace:
> > > > [   55.951952]  [<0000001ede114132>] show_stack+0x8a/0xd0
> > > > [   55.951954]  [<0000001edeb0672a>] dump_stack+0x8a/0xb8
> > > > [   55.951956]  [<000003ff803736a6>] vhost_vring_ioctl+0x6fe/0x858 [vhost]
> > > > [   55.951958]  [<000003ff8042a608>] vhost_net_ioctl+0x510/0x570 [vhost_net]
> > > > [   55.951959]  [<0000001ede3c4dd8>] do_vfs_ioctl+0x430/0x6f8
> > > > [   55.951961]  [<0000001ede3c5124>] ksys_ioctl+0x84/0xb0
> > > > [   55.951962]  [<0000001ede3c51ba>] __s390x_sys_ioctl+0x2a/0x38
> > > > [   55.951964]  [<0000001edeb27f72>] system_call+0x2a6/0x2c8
> > > > [   55.951997] Guest moved vq 0000000063d896c6 used index from 44 to 0
> > > > [   56.609831] unexpected descriptor format for RX: out 0, in 0
> > > > [   86.540460] CPU: 6 PID: 1908 Comm: CPU 0/KVM Not tainted 5.5.0+ #21
> > > > [   86.540464] Hardware name: IBM 3906 M04 704 (LPAR)
> > > > [   86.540466] Call Trace:
> > > > [   86.540473]  [<0000001ede114132>] show_stack+0x8a/0xd0
> > > > [   86.540477]  [<0000001edeb0672a>] dump_stack+0x8a/0xb8
> > > > [   86.540486]  [<000003ff803736a6>] vhost_vring_ioctl+0x6fe/0x858 [vhost]
> > > > [   86.540490]  [<000003ff8042a608>] vhost_net_ioctl+0x510/0x570 [vhost_net]
> > > > [   86.540494]  [<0000001ede3c4dd8>] do_vfs_ioctl+0x430/0x6f8
> > > > [   86.540496]  [<0000001ede3c5124>] ksys_ioctl+0x84/0xb0
> > > > [   86.540498]  [<0000001ede3c51ba>] __s390x_sys_ioctl+0x2a/0x38
> > > > [   86.540501]  [<0000001edeb27f72>] system_call+0x2a6/0x2c8
> > > > [   86.540524] CPU: 6 PID: 1908 Comm: CPU 0/KVM Not tainted 5.5.0+ #21
> > > > [   86.540525] Hardware name: IBM 3906 M04 704 (LPAR)
> > > > [   86.540526] Call Trace:
> > > > [   86.540527]  [<0000001ede114132>] show_stack+0x8a/0xd0
> > > > [   86.540528]  [<0000001edeb0672a>] dump_stack+0x8a/0xb8
> > > > [   86.540531]  [<000003ff803736a6>] vhost_vring_ioctl+0x6fe/0x858 [vhost]
> > > > [   86.540532]  [<000003ff8042a608>] vhost_net_ioctl+0x510/0x570 [vhost_net]
> > > > [   86.540534]  [<0000001ede3c4dd8>] do_vfs_ioctl+0x430/0x6f8
> > > > [   86.540536]  [<0000001ede3c5124>] ksys_ioctl+0x84/0xb0
> > > > [   86.540537]  [<0000001ede3c51ba>] __s390x_sys_ioctl+0x2a/0x38
> > > > [   86.540538]  [<0000001edeb27f72>] system_call+0x2a6/0x2c8
> > > > [   86.540570] unexpected descriptor format for RX: out 0, in 0
> > > > [   86.540577] Unexpected header len for TX: 0 expected 0
> > > > 
> > > > 
> > > > On 14.02.20 08:06, Eugenio Pérez wrote:
> > > > > Hi Christian.
> > > > > 
> > > > > Sorry, that was meant to be applied over previous debug patch.
> > > > > 
> > > > > Here I inline the one meant to be applied over eccb852f1fe6bede630e2e4f1a121a81e34354ab.
> > > > > 
> > > > > Thanks!
> > > > > 
> > > > > From d978ace99e4844b49b794d768385db3d128a4cc0 Mon Sep 17 00:00:00 2001
> > > > > From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@...hat.com>
> > > > > Date: Fri, 14 Feb 2020 08:02:26 +0100
> > > > > Subject: [PATCH] vhost: disable all features and trace last_avail_idx and
> > > > >  ioctl calls
> > > > > 
> > > > > ---
> > > > >  drivers/vhost/net.c   | 20 +++++++++++++++++---
> > > > >  drivers/vhost/vhost.c | 25 +++++++++++++++++++++++--
> > > > >  drivers/vhost/vhost.h | 10 +++++-----
> > > > >  3 files changed, 45 insertions(+), 10 deletions(-)
> > > > > 
> > > > > diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
> > > > > index e158159671fa..e4d5f843f9c0 100644
> > > > > --- a/drivers/vhost/net.c
> > > > > +++ b/drivers/vhost/net.c
> > > > > @@ -1505,10 +1505,13 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
> > > > > 
> > > > >       mutex_lock(&n->dev.mutex);
> > > > >       r = vhost_dev_check_owner(&n->dev);
> > > > > -     if (r)
> > > > > +     if (r) {
> > > > > +             pr_debug("vhost_dev_check_owner index=%u fd=%d rc r=%d", index, fd, r);
> > > > >               goto err;
> > > > > +     }
> > > > > 
> > > > >       if (index >= VHOST_NET_VQ_MAX) {
> > > > > +             pr_debug("vhost_dev_check_owner index=%u fd=%d MAX=%d", index, fd, VHOST_NET_VQ_MAX);
> > > > >               r = -ENOBUFS;
> > > > >               goto err;
> > > > >       }
> > > > > @@ -1518,22 +1521,26 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
> > > > > 
> > > > >       /* Verify that ring has been setup correctly. */
> > > > >       if (!vhost_vq_access_ok(vq)) {
> > > > > +             pr_debug("vhost_net_set_backend index=%u fd=%d !vhost_vq_access_ok", index, fd);
> > > > >               r = -EFAULT;
> > > > >               goto err_vq;
> > > > >       }
> > > > >       sock = get_socket(fd);
> > > > >       if (IS_ERR(sock)) {
> > > > >               r = PTR_ERR(sock);
> > > > > +             pr_debug("vhost_net_set_backend index=%u fd=%d get_socket err r=%d", index, fd, r);
> > > > >               goto err_vq;
> > > > >       }
> > > > > 
> > > > >       /* start polling new socket */
> > > > >       oldsock = vq->private_data;
> > > > >       if (sock != oldsock) {
> > > > > +             pr_debug("sock=%p != oldsock=%p index=%u fd=%d vq=%p", sock, oldsock, index, fd, vq);
> > > > >               ubufs = vhost_net_ubuf_alloc(vq,
> > > > >                                            sock && vhost_sock_zcopy(sock));
> > > > >               if (IS_ERR(ubufs)) {
> > > > >                       r = PTR_ERR(ubufs);
> > > > > +                     pr_debug("ubufs index=%u fd=%d err r=%d vq=%p", index, fd, r, vq);
> > > > >                       goto err_ubufs;
> > > > >               }
> > > > > 
> > > > > @@ -1541,11 +1548,15 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
> > > > >               vq->private_data = sock;
> > > > >               vhost_net_buf_unproduce(nvq);
> > > > >               r = vhost_vq_init_access(vq);
> > > > > -             if (r)
> > > > > +             if (r) {
> > > > > +                     pr_debug("init_access index=%u fd=%d r=%d vq=%p", index, fd, r, vq);
> > > > >                       goto err_used;
> > > > > +             }
> > > > >               r = vhost_net_enable_vq(n, vq);
> > > > > -             if (r)
> > > > > +             if (r) {
> > > > > +                     pr_debug("enable_vq index=%u fd=%d r=%d vq=%p", index, fd, r, vq);
> > > > >                       goto err_used;
> > > > > +             }
> > > > >               if (index == VHOST_NET_VQ_RX)
> > > > >                       nvq->rx_ring = get_tap_ptr_ring(fd);
> > > > > 
> > > > > @@ -1559,6 +1570,8 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
> > > > > 
> > > > >       mutex_unlock(&vq->mutex);
> > > > > 
> > > > > +     pr_debug("sock=%p", sock);
> > > > > +
> > > > >       if (oldubufs) {
> > > > >               vhost_net_ubuf_put_wait_and_free(oldubufs);
> > > > >               mutex_lock(&vq->mutex);
> > > > > @@ -1710,6 +1723,7 @@ static long vhost_net_ioctl(struct file *f, unsigned int ioctl,
> > > > > 
> > > > >       switch (ioctl) {
> > > > >       case VHOST_NET_SET_BACKEND:
> > > > > +             pr_debug("VHOST_NET_SET_BACKEND");
> > > > >               if (copy_from_user(&backend, argp, sizeof backend))
> > > > >                       return -EFAULT;
> > > > >               return vhost_net_set_backend(n, backend.index, backend.fd);
> > > > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> > > > > index b5a51b1f2e79..ec25ba32fe81 100644
> > > > > --- a/drivers/vhost/vhost.c
> > > > > +++ b/drivers/vhost/vhost.c
> > > > > @@ -1642,15 +1642,30 @@ long vhost_vring_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *arg
> > > > >                       r = -EINVAL;
> > > > >                       break;
> > > > >               }
> > > > > +
> > > > > +             if (vq->last_avail_idx || vq->avail_idx) {
> > > > > +                     pr_debug(
> > > > > +                             "strange VHOST_SET_VRING_BASE [vq=%p][s.index=%u][s.num=%u]",
> > > > > +                             vq, s.index, s.num);
> > > > > +                     dump_stack();
> > > > > +                     r = 0;
> > > > > +                     break;
> > > > > +             }
> > > > >               vq->last_avail_idx = s.num;
> > > > >               /* Forget the cached index value. */
> > > > >               vq->avail_idx = vq->last_avail_idx;
> > > > > +             pr_debug(
> > > > > +                     "VHOST_SET_VRING_BASE [vq=%p][vq->last_avail_idx=%u][vq-
> > > > > >avail_idx=%u][s.index=%u][s.num=%u]",
> > > > > +                     vq, vq->last_avail_idx, vq->avail_idx, s.index, s.num);
> > > > >               break;
> > > > >       case VHOST_GET_VRING_BASE:
> > > > >               s.index = idx;
> > > > >               s.num = vq->last_avail_idx;
> > > > >               if (copy_to_user(argp, &s, sizeof s))
> > > > >                       r = -EFAULT;
> > > > > +             pr_debug(
> > > > > +                     "VHOST_GET_VRING_BASE [vq=%p][vq->last_avail_idx=%u][vq-
> > > > > >avail_idx=%u][s.index=%u][s.num=%u]",
> > > > > +                     vq, vq->last_avail_idx, vq->avail_idx, s.index, s.num);
> > > > >               break;
> > > > >       case VHOST_SET_VRING_KICK:
> > > > >               if (copy_from_user(&f, argp, sizeof f)) {
> > > > > @@ -2239,8 +2254,8 @@ static int fetch_buf(struct vhost_virtqueue *vq)
> > > > >               vq->avail_idx = vhost16_to_cpu(vq, avail_idx);
> > > > > 
> > > > >               if (unlikely((u16)(vq->avail_idx - last_avail_idx) > vq->num)) {
> > > > > -                     vq_err(vq, "Guest moved used index from %u to %u",
> > > > > -                             last_avail_idx, vq->avail_idx);
> > > > > +                     vq_err(vq, "Guest moved vq %p used index from %u to %u",
> > > > > +                             vq, last_avail_idx, vq->avail_idx);
> > > > >                       return -EFAULT;
> > > > >               }
> > > > > 
> > > > > @@ -2316,6 +2331,9 @@ static int fetch_buf(struct vhost_virtqueue *vq)
> > > > >       BUG_ON(!(vq->used_flags & VRING_USED_F_NO_NOTIFY));
> > > > > 
> > > > >       /* On success, increment avail index. */
> > > > > +     pr_debug(
> > > > > +             "[vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][vq->ndescs=%d][vq->first_desc=%d]",
> > > > > +             vq, vq->last_avail_idx, vq->avail_idx, vq->ndescs, vq->first_desc);
> > > > >       vq->last_avail_idx++;
> > > > > 
> > > > >       return 0;
> > > > > @@ -2432,6 +2450,9 @@ EXPORT_SYMBOL_GPL(vhost_get_vq_desc);
> > > > >  /* Reverse the effect of vhost_get_vq_desc. Useful for error handling. */
> > > > >  void vhost_discard_vq_desc(struct vhost_virtqueue *vq, int n)
> > > > >  {
> > > > > +     pr_debug(
> > > > > +             "DISCARD [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][n=%d]",
> > > > > +             vq, vq->last_avail_idx, vq->avail_idx, n);
> > > > >       vq->last_avail_idx -= n;
> > > > >  }
> > > > >  EXPORT_SYMBOL_GPL(vhost_discard_vq_desc);
> > > > > diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
> > > > > index 661088ae6dc7..08f6d2ccb697 100644
> > > > > --- a/drivers/vhost/vhost.h
> > > > > +++ b/drivers/vhost/vhost.h
> > > > > @@ -250,11 +250,11 @@ int vhost_init_device_iotlb(struct vhost_dev *d, bool enabled);
> > > > >       } while (0)
> > > > > 
> > > > >  enum {
> > > > > -     VHOST_FEATURES = (1ULL << VIRTIO_F_NOTIFY_ON_EMPTY) |
> > > > > -                      (1ULL << VIRTIO_RING_F_INDIRECT_DESC) |
> > > > > -                      (1ULL << VIRTIO_RING_F_EVENT_IDX) |
> > > > > -                      (1ULL << VHOST_F_LOG_ALL) |
> > > > > -                      (1ULL << VIRTIO_F_ANY_LAYOUT) |
> > > > > +     VHOST_FEATURES = /* (1ULL << VIRTIO_F_NOTIFY_ON_EMPTY) | */
> > > > > +                      /* (1ULL << VIRTIO_RING_F_INDIRECT_DESC) | */
> > > > > +                      /* (1ULL << VIRTIO_RING_F_EVENT_IDX) | */
> > > > > +                      /* (1ULL << VHOST_F_LOG_ALL) | */
> > > > > +                      /* (1ULL << VIRTIO_F_ANY_LAYOUT) | */
> > > > >                        (1ULL << VIRTIO_F_VERSION_1)
> > > > >  };
> > > > > 
> > > > > 

Can you try the inlined patch over 52c36ce7f334 ("vhost: use batched version by default")? My intention is to check if
"strange VHOST_SET_VRING_BASE" line appears. In previous tests, it appears very fast, but maybe it takes some time for
it to appear, or it does not appear anymore.

Thanks!

>From 756a96e489688b2c04230580770aac17c8a46265 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@...hat.com>
Date: Fri, 14 Feb 2020 08:02:26 +0100
Subject: [PATCH] vhost: disable all features and trace last_avail_idx and
 ioctl calls

---
 drivers/vhost/net.c   | 20 +++++++++++++++++---
 drivers/vhost/vhost.c | 25 +++++++++++++++++++++++--
 drivers/vhost/vhost.h | 10 +++++-----
 3 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
index e158159671fa..e4d5f843f9c0 100644
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -1505,10 +1505,13 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
 
 	mutex_lock(&n->dev.mutex);
 	r = vhost_dev_check_owner(&n->dev);
-	if (r)
+	if (r) {
+		pr_debug("vhost_dev_check_owner index=%u fd=%d rc r=%d", index, fd, r);
 		goto err;
+	}
 
 	if (index >= VHOST_NET_VQ_MAX) {
+		pr_debug("vhost_dev_check_owner index=%u fd=%d MAX=%d", index, fd, VHOST_NET_VQ_MAX);
 		r = -ENOBUFS;
 		goto err;
 	}
@@ -1518,22 +1521,26 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
 
 	/* Verify that ring has been setup correctly. */
 	if (!vhost_vq_access_ok(vq)) {
+		pr_debug("vhost_net_set_backend index=%u fd=%d !vhost_vq_access_ok", index, fd);
 		r = -EFAULT;
 		goto err_vq;
 	}
 	sock = get_socket(fd);
 	if (IS_ERR(sock)) {
 		r = PTR_ERR(sock);
+		pr_debug("vhost_net_set_backend index=%u fd=%d get_socket err r=%d", index, fd, r);
 		goto err_vq;
 	}
 
 	/* start polling new socket */
 	oldsock = vq->private_data;
 	if (sock != oldsock) {
+		pr_debug("sock=%p != oldsock=%p index=%u fd=%d vq=%p", sock, oldsock, index, fd, vq);
 		ubufs = vhost_net_ubuf_alloc(vq,
 					     sock && vhost_sock_zcopy(sock));
 		if (IS_ERR(ubufs)) {
 			r = PTR_ERR(ubufs);
+			pr_debug("ubufs index=%u fd=%d err r=%d vq=%p", index, fd, r, vq);
 			goto err_ubufs;
 		}
 
@@ -1541,11 +1548,15 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
 		vq->private_data = sock;
 		vhost_net_buf_unproduce(nvq);
 		r = vhost_vq_init_access(vq);
-		if (r)
+		if (r) {
+			pr_debug("init_access index=%u fd=%d r=%d vq=%p", index, fd, r, vq);
 			goto err_used;
+		}
 		r = vhost_net_enable_vq(n, vq);
-		if (r)
+		if (r) {
+			pr_debug("enable_vq index=%u fd=%d r=%d vq=%p", index, fd, r, vq);
 			goto err_used;
+		}
 		if (index == VHOST_NET_VQ_RX)
 			nvq->rx_ring = get_tap_ptr_ring(fd);
 
@@ -1559,6 +1570,8 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
 
 	mutex_unlock(&vq->mutex);
 
+	pr_debug("sock=%p", sock);
+
 	if (oldubufs) {
 		vhost_net_ubuf_put_wait_and_free(oldubufs);
 		mutex_lock(&vq->mutex);
@@ -1710,6 +1723,7 @@ static long vhost_net_ioctl(struct file *f, unsigned int ioctl,
 
 	switch (ioctl) {
 	case VHOST_NET_SET_BACKEND:
+		pr_debug("VHOST_NET_SET_BACKEND");
 		if (copy_from_user(&backend, argp, sizeof backend))
 			return -EFAULT;
 		return vhost_net_set_backend(n, backend.index, backend.fd);
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 56c5253056ee..babc48c8a8c4 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1640,15 +1640,30 @@ long vhost_vring_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *arg
 			r = -EINVAL;
 			break;
 		}
+
+		if (vq->last_avail_idx || vq->avail_idx) {
+			pr_debug(
+				"strange VHOST_SET_VRING_BASE [vq=%p][s.index=%u][s.num=%u]",
+				vq, s.index, s.num);
+			dump_stack();
+			r = 0;
+			break;
+		}
 		vq->last_avail_idx = s.num;
 		/* Forget the cached index value. */
 		vq->avail_idx = vq->last_avail_idx;
+		pr_debug(
+			"VHOST_SET_VRING_BASE [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][s.index=%u][s.num=%u]",
+			vq, vq->last_avail_idx, vq->avail_idx, s.index, s.num);
 		break;
 	case VHOST_GET_VRING_BASE:
 		s.index = idx;
 		s.num = vq->last_avail_idx;
 		if (copy_to_user(argp, &s, sizeof s))
 			r = -EFAULT;
+		pr_debug(
+			"VHOST_GET_VRING_BASE [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][s.index=%u][s.num=%u]",
+			vq, vq->last_avail_idx, vq->avail_idx, s.index, s.num);
 		break;
 	case VHOST_SET_VRING_KICK:
 		if (copy_from_user(&f, argp, sizeof f)) {
@@ -2233,8 +2248,8 @@ static int fetch_descs(struct vhost_virtqueue *vq)
 		vq->avail_idx = vhost16_to_cpu(vq, avail_idx);
 
 		if (unlikely((u16)(vq->avail_idx - last_avail_idx) > vq->num)) {
-			vq_err(vq, "Guest moved used index from %u to %u",
-				last_avail_idx, vq->avail_idx);
+			vq_err(vq, "Guest moved vq %p used index from %u to %u",
+				vq, last_avail_idx, vq->avail_idx);
 			return -EFAULT;
 		}
 
@@ -2310,6 +2325,9 @@ static int fetch_descs(struct vhost_virtqueue *vq)
 	BUG_ON(!(vq->used_flags & VRING_USED_F_NO_NOTIFY));
 
 	/* On success, increment avail index. */
+	pr_debug(
+		"[vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][vq->ndescs=%d][vq->first_desc=%d]",
+		vq, vq->last_avail_idx, vq->avail_idx, vq->ndescs, vq->first_desc);
 	vq->last_avail_idx++;
 
 	return 0;
@@ -2403,6 +2421,9 @@ EXPORT_SYMBOL_GPL(vhost_get_vq_desc);
 /* Reverse the effect of vhost_get_vq_desc. Useful for error handling. */
 void vhost_discard_vq_desc(struct vhost_virtqueue *vq, int n)
 {
+	pr_debug(
+		"DISCARD [vq=%p][vq->last_avail_idx=%u][vq->avail_idx=%u][n=%d]",
+		vq, vq->last_avail_idx, vq->avail_idx, n);
 	vq->last_avail_idx -= n;
 }
 EXPORT_SYMBOL_GPL(vhost_discard_vq_desc);
diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
index a0bcf8bffa43..2ce2d3a97c31 100644
--- a/drivers/vhost/vhost.h
+++ b/drivers/vhost/vhost.h
@@ -248,11 +248,11 @@ int vhost_init_device_iotlb(struct vhost_dev *d, bool enabled);
 	} while (0)
 
 enum {
-	VHOST_FEATURES = (1ULL << VIRTIO_F_NOTIFY_ON_EMPTY) |
-			 (1ULL << VIRTIO_RING_F_INDIRECT_DESC) |
-			 (1ULL << VIRTIO_RING_F_EVENT_IDX) |
-			 (1ULL << VHOST_F_LOG_ALL) |
-			 (1ULL << VIRTIO_F_ANY_LAYOUT) |
+	VHOST_FEATURES = /* (1ULL << VIRTIO_F_NOTIFY_ON_EMPTY) | */
+			 /* (1ULL << VIRTIO_RING_F_INDIRECT_DESC) | */
+			 /* (1ULL << VIRTIO_RING_F_EVENT_IDX) | */
+			 /* (1ULL << VHOST_F_LOG_ALL) | */
+			 /* (1ULL << VIRTIO_F_ANY_LAYOUT) | */
 			 (1ULL << VIRTIO_F_VERSION_1)
 };
 
-- 
2.18.1


Powered by blists - more mailing lists