On Tue, May 01, 2018 at 09:22:31AM +0100, Roger Pau Monné wrote:
On Mon, Apr 30, 2018 at 11:01:50PM +0200, Marek Marczykowski-Górecki wrote:
struct request *req,
struct blkif_request **ring_req)
struct blkif_request *ring_req){ unsigned long id;
- *ring_req = RING_GET_REQUEST(&rinfo->ring, rinfo->ring.req_prod_pvt);
- rinfo->ring.req_prod_pvt++;
- id = get_id_from_freelist(rinfo); rinfo->shadow[id].request = req; rinfo->shadow[id].status = REQ_WAITING; rinfo->shadow[id].associated_id = NO_ASSOCIATED_ID;
- (*ring_req)->u.rw.id = id;
- ring_req->u.rw.id = id;
return id; } @@ -545,23 +542,28 @@ static unsigned long blkif_ring_get_request(struct blkfront_ring_info *rinfo, static int blkif_queue_discard_req(struct request *req, struct blkfront_ring_info *rinfo) { struct blkfront_info *info = rinfo->dev_info;
- struct blkif_request *ring_req;
- struct blkif_request ring_req = { 0 }; unsigned long id;
/* Fill out a communications ring structure. */ id = blkif_ring_get_request(rinfo, req, &ring_req);
Maybe I'm missing something obvious here, but you are adding a struct allocated on the stack to the shadow ring copy, isn't this dangerous?
The above comment is wrong, you are storing a pointer to 'req' in the shadow ring copy, which is fine and is not the ring request.
Roger.