virtio: order used ring after used index read

commit 2d61ba95034f1abbdec7729d52c740870a5eddb6 upstream.

On SMP guests, reads from the ring might bypass used index reads. This
causes guest crashes because host writes to used index to signal ring
data readiness.  Fix this by inserting rmb before used ring reads.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index a882f2606515796334e403baa411ebcbe45c592a..0ffff9ed4eb08c5d42e319b74d7f9d339b3568b2 100644 (file)
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -281,6 +281,9 @@ static void *vring_get_buf(struct virtqueue *_vq, unsigned int *len)
                return NULL;
        }
 
+       /* Only get used array entries after they have been exposed by host. */
+       rmb();
+
        i = vq->vring.used->ring[vq->last_used_idx%vq->vring.num].id;
        *len = vq->vring.used->ring[vq->last_used_idx%vq->vring.num].len;