virtio_ring: Maintain a shadow copy of descriptors
The shared descriptors should only be written by the guest driver,
however, the device is still able to overwrite and corrupt them.
Maintain a private shadow copy of the descriptors for the driver to
use for state tracking, removing the need to read from the shared
descriptors.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/include/virtio_ring.h b/include/virtio_ring.h
index 6fc0593..52cbe77 100644
--- a/include/virtio_ring.h
+++ b/include/virtio_ring.h
@@ -55,6 +55,14 @@
__virtio16 next;
};
+/* Shadow of struct vring_desc in guest byte order. */
+struct vring_desc_shadow {
+ u64 addr;
+ u32 len;
+ u16 flags;
+ u16 next;
+};
+
struct vring_avail {
__virtio16 flags;
__virtio16 idx;
@@ -89,6 +97,7 @@
* @index: the zero-based ordinal number for this queue
* @num_free: number of elements we expect to be able to fit
* @vring: actual memory layout for this queue
+ * @vring_desc_shadow: guest-only copy of descriptors
* @event: host publishes avail event idx
* @free_head: head of free buffer list
* @num_added: number we've added since last sync
@@ -102,6 +111,7 @@
unsigned int index;
unsigned int num_free;
struct vring vring;
+ struct vring_desc_shadow *vring_desc_shadow;
bool event;
unsigned int free_head;
unsigned int num_added;