Re: [PATCH RFC] vhost: fix vhost_get_avail_idx for a non empty ring

Next message: Chen, Yu C: "Re: [RFC][PATCH 5/6] x86/topo: Fix SNC topology mess"
Previous message: Bingfang Guo: "Re: [PATCH] mm/mglru: fix cgroup OOM during MGLRU state switching"
In reply to: Michael S. Tsirkin: "Re: [PATCH RFC] vhost: fix vhost_get_avail_idx for a non empty ring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Wang

Date: Tue Mar 03 2026 - 01:39:41 EST

On Mon, Mar 2, 2026 at 4:51 PM Michael S. Tsirkin <mst@xxxxxxxxxx> wrote:
>
> vhost_get_avail_idx is supposed to report whether it has updated
> vq->avail_idx. Instead, it returns whether all entries have been
> consumed, which is usually the same. But not always - in
> drivers/vhost/net.c and when mergeable buffers have been enabled, the
> driver checks whether the combined entries are big enough to store an
> incoming packet. If not, the driver re-enables notifications with
> available entries still in the ring. The incorrect return value from
> vhost_get_avail_idx propagates through vhost_enable_notify and causes
> the host to livelock if the guest is not making progress, as vhost will
> immediately disable notifications and retry using the available entries.
>
> The obvious fix is to make vhost_get_avail_idx do what the comment
> says it does and report whether new entries have been added.
>
> Reported-by: ShuangYu <shuangyu@xxxxxxxxx>
> Fixes: d3bb267bbdcb ("vhost: cache avail index in vhost_enable_notify()")
> Cc: Stefano Garzarella <sgarzare@xxxxxxxxxx>
> Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
> Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
> ---
>

Acked-by: Jason Wang <jasowang@xxxxxxxxxx>

Thanks