From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C5CA9A0032; Wed, 14 Sep 2022 09:14:52 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A1E3240151; Wed, 14 Sep 2022 09:14:52 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id 6318240141 for ; Wed, 14 Sep 2022 09:14:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1663139690; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lreJCGIMy/jj8P6x/Oav4/9/94IUDp0vqxnc6/fKBJQ=; b=K1OkLZoxJhlTGkanApX1t/rhkl3xmWXL0gPlPX3ImYZwNod/oz/YJs63xUk67DJfxV9h7m QvDjM2ffZb8HfROS34x7Zz052VOb2fVn9Z1aEQQv3NUL0gIK6ph5Q7kKoRNGDmls7C61pK wtCbJQaJVaBQ289/mMP8aGdjMZ2+B4s= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-619-2GbGm0STNd2B7CwocCjmSg-1; Wed, 14 Sep 2022 03:14:49 -0400 X-MC-Unique: 2GbGm0STNd2B7CwocCjmSg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6B2253815D23; Wed, 14 Sep 2022 07:14:49 +0000 (UTC) Received: from [10.39.208.26] (unknown [10.39.208.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 539F4403A9B5; Wed, 14 Sep 2022 07:14:48 +0000 (UTC) Message-ID: <8e7d0748-afa9-0ed0-443a-62b2523d7403@redhat.com> Date: Wed, 14 Sep 2022 09:14:46 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: [PATCH v3 1/4] vhost: fix vq use after free on NUMA reallocation To: "Xia, Chenbo" , David Marchand , Thomas Monjalon Cc: "stable@dpdk.org" , "dev@dpdk.org" References: <20220722135320.109269-1-david.marchand@redhat.com> <20220725203206.427083-1-david.marchand@redhat.com> <20220725203206.427083-2-david.marchand@redhat.com> <0ea85d1e-e741-b6ae-1426-638e219e4058@redhat.com> From: Maxime Coquelin In-Reply-To: X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Chenbo, On 9/14/22 03:05, Xia, Chenbo wrote: > Hi Maxime, > >> -----Original Message----- >> From: Maxime Coquelin >> Sent: Tuesday, September 13, 2022 11:03 PM >> To: David Marchand ; Xia, Chenbo >> ; Thomas Monjalon >> Cc: stable@dpdk.org; dev@dpdk.org >> Subject: Re: [PATCH v3 1/4] vhost: fix vq use after free on NUMA >> reallocation >> >> Hi, >> >> On 7/26/22 09:55, Maxime Coquelin wrote: >>> >>> >>> On 7/25/22 22:32, David Marchand wrote: >>>> translate_ring_addresses (via numa_realloc) may change a virtio device >>>> and >>>> virtio queue. >>>> The virtqueue object must be refreshed before accessing the lock. >>>> >>>> Fixes: 04c27cb673b9 ("vhost: fix unsafe vring addresses modifications") >>>> Cc: stable@dpdk.org >>>> >>>> Signed-off-by: David Marchand >>>> --- >>>>   lib/vhost/vhost_user.c | 1 + >>>>   1 file changed, 1 insertion(+) >>>> >>>> diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c >>>> index 4ad28bac45..91d40e32fc 100644 >>>> --- a/lib/vhost/vhost_user.c >>>> +++ b/lib/vhost/vhost_user.c >>>> @@ -2596,6 +2596,7 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, >>>>               if (is_vring_iotlb(dev, vq, imsg)) { >>>>                   rte_spinlock_lock(&vq->access_lock); >>>>                   *pdev = dev = translate_ring_addresses(dev, i); >>>> +                vq = dev->virtqueue[i]; >>>>                   rte_spinlock_unlock(&vq->access_lock); >>>>               } >>>>           } >>> >>> Reviewed-by: Maxime Coquelin >>> >>> Thanks, >>> Maxime >> >> The bug this patch is fixing is being reproduced downstream. >> It would be great it gets merged in main branch rapidly so that we can >> perform the backport. >> >> Chenbo, are you planning a pull request for vhost/virtio in the next few >> days? If not, should the main branch maintainer pick this single patch >> directly and let the rest of the series more time for reviews? > > Based on the status of all patches in the list, I guess PR will not happen > this week. So it will be good if David/Thomas can directly pick up this. OK, sounds good to me. Thomas/David, is that good on your side? Thanks, Maxime > Thanks, > Chenbo > >> >> Thanks, >> Maxime >