-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: virtio 1.0 cs02
-
Fix Version/s: virtio 1.0 cs03
-
Labels:None
-
Environment:
Rusty Russell <rusty@au1.ibm.com>
-
Proposal:
-
Resolution:
When debugging qemu (which gets this wrong), I noted that the used ring's len field is only documented as follows:
\field
{len}the total of bytes written into the buffer.
Followed by a (presumably non-normative) note:
... is extremely useful for drivers using untrusted buffers: if you do not know exactly how much has been written by the device, you usually have to zero the buffer to ensure no data leakage occurs.
There is thus an implication that 'len' indicates the amount which was definitely overwritten by the device, but it should be clearly spelled out (such as what happens in the error case where the device may not know how much was actually overwritten).