[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] xenfb.c: avoid expensive loops when prod <= out
From: |
Paul Durrant |
Subject: |
Re: [Qemu-devel] [PATCH] xenfb.c: avoid expensive loops when prod <= out_cons |
Date: |
Wed, 6 Jan 2016 12:27:49 +0000 |
> -----Original Message-----
> From: address@hidden
> [mailto:address@hidden On
> Behalf Of Stefano Stabellini
> Sent: 06 January 2016 12:08
> To: address@hidden
> Cc: address@hidden; address@hidden; Stefano Stabellini
> Subject: [Qemu-devel] [PATCH] xenfb.c: avoid expensive loops when prod
> <= out_cons
>
> If the frontend sets out_cons to a value higher than out_prod, it will
> cause xenfb_handle_events to loop about 2^32 times. Avoid that by using
> better checks at the beginning of the function.
>
What happens when out_prod wraps?
Paul
> Signed-off-by: Stefano Stabellini <address@hidden>
>
> diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
> index 4e2a27a..f963cf2 100644
> --- a/hw/display/xenfb.c
> +++ b/hw/display/xenfb.c
> @@ -789,10 +789,11 @@ static void xenfb_handle_events(struct XenFB
> *xenfb)
>
> prod = page->out_prod;
> out_cons = page->out_cons;
> - if (prod == out_cons)
> - return;
> + if (prod <= out_cons) {
> + return;
> + }
> xen_rmb(); /* ensure we see ring contents up to prod */
> - for (cons = out_cons; cons != prod; cons++) {
> + for (cons = out_cons; cons < prod; cons++) {
> union xenfb_out_event *event = &XENFB_OUT_RING_REF(page,
> cons);
> uint8_t type = event->type;
> int x, y, w, h;