From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 61228A04DC;
	Mon, 19 Oct 2020 19:36:57 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 5B9B2FC5C;
	Mon, 19 Oct 2020 19:34:48 +0200 (CEST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by dpdk.org (Postfix) with ESMTP id 33022FC43
 for <dev@dpdk.org>; Mon, 19 Oct 2020 19:34:41 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1603128879;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=9c78PomoiinOtXMEYzFgC5T4ohVIK2EWZwv0g5z+hxo=;
 b=QgLzpa/6PjjOOxCHpCAJrE4/vGNT+ocKU1BUpa3BYyASFV4KQj2KXz2RZZveuODU2V9cds
 QfOpu8p8t2JshNnHCh59B8tj0GVc3rW3H0p2VcPArasMNLUpRBaPrvz6i5CBzaoipTW+gH
 E13WChjDZ0vWSJB5+MCy0TYKFRZC1W8=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-111-f2ZbkmMwP72PeRlZm6eZqQ-1; Mon, 19 Oct 2020 13:34:36 -0400
X-MC-Unique: f2ZbkmMwP72PeRlZm6eZqQ-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CA9871006C83;
 Mon, 19 Oct 2020 17:34:35 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.36.110.40])
 by smtp.corp.redhat.com (Postfix) with ESMTP id BBAC26EF59;
 Mon, 19 Oct 2020 17:34:34 +0000 (UTC)
From: Maxime Coquelin <maxime.coquelin@redhat.com>
To: dev@dpdk.org,
	chenbo.xia@intel.com,
	amorenoz@redhat.com
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Mon, 19 Oct 2020 19:34:15 +0200
Message-Id: <20201019173415.582407-8-maxime.coquelin@redhat.com>
In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com>
References: <20201019173415.582407-1-maxime.coquelin@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
Subject: [dpdk-dev] [PATCH 7/7] vhost: check virtqueue metadata pointer
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch checks whether the virtqueue metadata pointer
is valid before dereferencing it. It is not considered
a fix as earlier patch ensures there are no holes in the
array of virtqueue metadata pointers.

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost.c      | 11 +++++++++++
 lib/librte_vhost/vhost_user.c | 12 ++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index e92ff618ac..8a151a9c1d 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -544,6 +544,11 @@ init_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
 	}
 
 	vq = dev->virtqueue[vring_idx];
+	if (!vq) {
+		VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n",
+				vring_idx);
+		return;
+	}
 
 	memset(vq, 0, sizeof(struct vhost_virtqueue));
 
@@ -570,6 +575,12 @@ reset_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
 	}
 
 	vq = dev->virtqueue[vring_idx];
+	if (!vq) {
+		VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n",
+				vring_idx);
+		return;
+	}
+
 	callfd = vq->callfd;
 	init_vring_queue(dev, vring_idx);
 	vq->callfd = callfd;
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index d20c8c57ad..8a8726f8b8 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1235,6 +1235,9 @@ vhost_user_set_mem_table(struct virtio_net **pdev, struct VhostUserMsg *msg,
 	for (i = 0; i < dev->nr_vring; i++) {
 		struct vhost_virtqueue *vq = dev->virtqueue[i];
 
+		if (!vq)
+			continue;
+
 		if (vq->desc || vq->avail || vq->used) {
 			/*
 			 * If the memory table got updated, the ring addresses
@@ -1556,6 +1559,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
 
 	for (i = 0; i < num_queues; i++) {
 		vq = dev->virtqueue[i];
+		if (!vq)
+			continue;
+
 		if (vq_is_packed(dev)) {
 			vq->inflight_packed = addr;
 			vq->inflight_packed->desc_num = queue_size;
@@ -2310,6 +2316,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
 		for (i = 0; i < dev->nr_vring; i++) {
 			struct vhost_virtqueue *vq = dev->virtqueue[i];
 
+			if (!vq)
+				continue;
+
 			vhost_user_iotlb_cache_insert(vq, imsg->iova, vva,
 					len, imsg->perm);
 
@@ -2321,6 +2330,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
 		for (i = 0; i < dev->nr_vring; i++) {
 			struct vhost_virtqueue *vq = dev->virtqueue[i];
 
+			if (!vq)
+				continue;
+
 			vhost_user_iotlb_cache_remove(vq, imsg->iova,
 					imsg->size);
 
-- 
2.26.2