Re: [Qemu-devel] [PATCH] util: Relax assertion in iov_copy()

[Paolo Bonzini]

On 25/07/2016 13:43, Shmulik Ladkani wrote:
> From: Shmulik Ladkani <address@hidden>
> 
> In cases where iov_copy() is passed with zero 'bytes' argument and a
> non-zero 'offset' argument, nothing gets copied - as expected.
> 
> However since no copy iterations are performed, 'offset' is left
> unaltered, leading to the final assert(offset == 0) to fail.
> 
> Relax the assertion: if j (number of dst elements assigned) is zero, no
> need to err.
> 
> Only if j!=0 (some dst elements assigned) AND offset!=0 we should err.

This is actually intended; the comment in qemu_iovec_concat_iov says why:

    assert(soffset == 0); /* offset beyond end of src */

so the pedantic fix could be (if I understand the issue correctly) to
check for "offset || bytes" in the for condition.  This is similar to
what the other functions do (e.g. iov_from_buf_full).  The performance
effect should practically be absent.

Paolo

> Signed-off-by: Shmulik Ladkani <address@hidden>
> ---
>  util/iov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Flow that led to the assertion was:
>   net_tx_pkt_rebuild_payload()
>     iov_copy(... , pkt->payload_len)
> 
> where pkt->payload_len was correctly calculated to be 0 (a packet
> carrying just ipv4 header, without any payload).
> 
> An alternative is to place the below code, early in iov_copy():
>     if (!bytes)
>         return 0;
> 
> diff --git a/util/iov.c b/util/iov.c
> index 003fcce..17de52d 100644
> --- a/util/iov.c
> +++ b/util/iov.c
> @@ -260,7 +260,7 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int 
> dst_iov_cnt,
>          bytes -= len;
>          offset = 0;
>      }
> -    assert(offset == 0);
> +    assert(j == 0 || offset == 0);
>      return j;
>  }
>  
>