From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E3C4641E14; Fri, 10 Mar 2023 03:52:46 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C563A40685; Fri, 10 Mar 2023 03:52:46 +0100 (CET) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id E364740150 for ; Fri, 10 Mar 2023 03:52:44 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1678416765; x=1709952765; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=d7ubtqd06Hw9QirwRR5ekfPYgXAGLfVnHwcYvByPotY=; b=EdBmyt690oiuCP82ijR60krJj8encR0opj0oAoJoKK+PjMqYP5sYktwg xrkucTImvo8pQnIYm2F01A8AlB692qzJD5c6ns45fUYQX6knXxYSO2+0s WH+YqN83HEVwlMB8H7FqWvQ89OyJ2UN4sYcRj2ToZAAr7/blqOj+o9j9M ZAIISS6x++ymFYQIwMbmj/a/mD0RccvCssF7iAz1GcJFzlXskyPt7g41V YP8fypVjdbnrs4hliyYKd5D6qd9m/Lsl3xwKydjbvuVhyPbKeiko9FXNY QqBY6LHXgxC20PsfNZ0GMVxZxrorEUfPMJcJFaKG6XIUPjjFXIlZfFFv3 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10644"; a="401490525" X-IronPort-AV: E=Sophos;i="5.98,248,1673942400"; d="scan'208";a="401490525" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Mar 2023 18:52:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10644"; a="655022491" X-IronPort-AV: E=Sophos;i="5.98,248,1673942400"; d="scan'208";a="655022491" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga006.jf.intel.com with ESMTP; 09 Mar 2023 18:52:39 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Thu, 9 Mar 2023 18:52:36 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Thu, 9 Mar 2023 18:52:36 -0800 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.173) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Thu, 9 Mar 2023 18:52:35 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nUEskyjyE0eC2TZhZCIU33KO9mc9vFlJmMzeyPLtkHLu+89h61bxD6wJMZUAOK+ykdd1OO25H2AcL6JzVjm3uunOYJLRlvFLpl6oBDKNUpFD6M62vva5CcMDqOCir9fQHI/nzScUVxX7kOuAVuhzNqYozbrmXnDZ3VjTQ3g2TTk3CYrqRc8UZyYDCEL+6K4MENVkL8J83y+axzXATKc1M/UgF75/qxcuC7HUGmIIEnAELBNQ2+5GBtN2NgOgyOllH5vH6lN4pPGfa0O5T4APY5wMZWKPsnqZ2Fq+ebTCfJwMnrSer3H53/Lrsc0BU85S63DnKVezhbDXiD+qqfYeog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q7sn0g2m/VCRU/QD5vC+Jgs9edh1hUix7sArsm5jWgY=; b=ZhaaAxUSYfA7+p1TUtore7I9BO2NigfceoH5Kkt//u1yiKBudSxW2Vl5fKjWPUItZ1fWfruqgIytS5BlWiswyBL0wdFJbbsbJQ914npHsm2FvsETtdVUwNGcGfP7ZvWuPvHX7mwcAKf/jaX9aZx++Nvir3V3Q177wLi26NOLH7f34UkkOhb3pgoUocA6dz2VOfOGkbDO4BoamPwQKzXl5bClJB0pOWwbogLUQVmDZ9KrFLkdFSgSNWSRN9YOjxX5Ym0wro7sepAeiG9D5udDQVjdmy5LpG/8XSTJ+TK+UPbEra6Hp/dZJHmi7+TrY6yx64j+U0FOEh6fLcCO2kHTxQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN6PR11MB3504.namprd11.prod.outlook.com (2603:10b6:805:d0::17) by SA2PR11MB5116.namprd11.prod.outlook.com (2603:10b6:806:fa::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.17; Fri, 10 Mar 2023 02:52:34 +0000 Received: from SN6PR11MB3504.namprd11.prod.outlook.com ([fe80::930b:6671:e4f0:4ebc]) by SN6PR11MB3504.namprd11.prod.outlook.com ([fe80::930b:6671:e4f0:4ebc%3]) with mapi id 15.20.6178.019; Fri, 10 Mar 2023 02:52:34 +0000 From: "Xia, Chenbo" To: Maxime Coquelin , "dev@dpdk.org" , "mkp@redhat.com" , "david.marchand@redhat.com" Subject: RE: [PATCH] vhost: fix possible null pointer dereference Thread-Topic: [PATCH] vhost: fix possible null pointer dereference Thread-Index: AQHZUnt7ZXTKMLNU+0O2M9f8MBHhYa7zUbfw Date: Fri, 10 Mar 2023 02:52:34 +0000 Message-ID: References: <20230309113631.300351-1-maxime.coquelin@redhat.com> In-Reply-To: <20230309113631.300351-1-maxime.coquelin@redhat.com> Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN6PR11MB3504:EE_|SA2PR11MB5116:EE_ x-ms-office365-filtering-correlation-id: 8dd394e0-f2d3-4ed2-9a5d-08db21127fff x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: T4zNEkK7PpKaLnqkBwhY7H4nalJB3BVKXQ6Ray0KwMXZ753RsovwRoLu+8sgTugtFew5BSc1N206GLAB5cGAsG4Lip1C4a8WKpPDkcyPP2KedX81n76qHW8v2VYD2Xe84MMvZUKxS9FkupjaO/bbxA+TTl9xuyHJjSWcidxkf5PTiCscpCnau6jxlP5ZgsiIBSh+Z9EfMWVVKuU2Vk90965X7Dnln9+Ly2W7RNTvi/EBHKiSwW5gULXScSNdMs5D3vh0Xjwbgeb28n/+tA0M4x0OgwyxL95x3Z3qvcQDuTyTcir9DDt4Qr/WYoRkyaq2ivAkMAdSzN9Y4qqizrjhdJ04H/2mgeNXPPGQ/sDTxAM7IKPqnlZecjdwEXCi3sf2kzGrj7wpGjWJ7cbge5vT0EjHURO1Xf64g+4Df4WkNdLS7qRnLKk5dtriSq2xwp+ez4mm3NZH8WFedu2dbybd3i/VhRFropYD4Xvp7buFGGiSJN9aU2kvXoFn56bXKckwEAvQOLnw0QshBRExDx5Kxhf1bLdTZ+ZXTEbOBaEr2Vjqh/1e9dLcK3NDBJSZS65IyqUy6oJ50EJQBM9I0V8totx3+ZJOIUgy9vVLEZL+df2l0IdbQ7/PQ0zYX2EMc6T+gOvYojxUGQe4S/eo/k7FiNxnivpvXNFqHTnhP3WYM0pYkg7YRO9rRfYfISs76ebscdZ3UySptbi91JG9JbcrXg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR11MB3504.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(39860400002)(136003)(376002)(346002)(366004)(396003)(451199018)(26005)(6506007)(110136005)(55016003)(53546011)(478600001)(38100700002)(5660300002)(86362001)(52536014)(8936002)(122000001)(7696005)(66946007)(8676002)(64756008)(66446008)(66556008)(33656002)(76116006)(83380400001)(66476007)(186003)(316002)(2906002)(71200400001)(82960400001)(41300700001)(38070700005)(9686003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?acKhAyW+DcZVy1zuv3L/IpQWA/VkpwPp706ks8XqbTC09B00mgYox1Kfg8iV?= =?us-ascii?Q?Q2OwtsgCS297wrSMNb27+l8IyBQCD9eYi2f9oLtB3PbgzLXeXxNm6MmG8s5/?= =?us-ascii?Q?2whkdpA5wrIW0jt4RryT1iaglNCKyrbGFcAW82WpAdlRqIoUMtFP68WYHj+4?= =?us-ascii?Q?ttuZE9GeAKRyFIruDNFomtM0uxjW77/C38RkWehPdlxIQBrntWIRIjdl6GR6?= =?us-ascii?Q?hBXt72zSz0DkXWR6dRX95zPyXxmPjCIlBo6+97XjPH7s5ng/J6bM/Q84Thvo?= =?us-ascii?Q?OvnrmxUWY1bAgCHpCM4OUpeiFCzB+q5f1ptij6oCGzdfLxZrXHq/Y+bdCIhP?= =?us-ascii?Q?lkIg8ifGHbJ7hTiSB75OUFj3m7BvTo1HnZNonujH4f6FY+Am6PsqJxXR7wlu?= =?us-ascii?Q?4tCpC+nY6EXU7LsTT/prKuiEL0TU3PSxVh0hGxDBcr4ZLT0r+s5lzKudvLOI?= =?us-ascii?Q?hIHEInwZ/qZDpZHA5d9/EMPO8SG0CIJMQRqT4log9iU2Tu0dvJ3yrsZjAOb8?= =?us-ascii?Q?KTNuZg+Blsx8dJ3iRzntnVGupbOPd411ahqmBiT6a8xyejX0SN1KBzt98nv7?= =?us-ascii?Q?97mNgCdkwqB8LInBz84aPTCkKL1N0uT0v0WG1RClR03Ms8a2IOMY+4sQ01Q1?= =?us-ascii?Q?axlayUxmWR3K3RMJbKPQGbdvZqJJDgeHczueXFRu9EHmXibRDIEo/ueQr44v?= =?us-ascii?Q?rpXKoDyixVIUC0vkCUvAZehFan8RavsHpIQLuZy3p6u8SJtPJsg/daLJaVo5?= =?us-ascii?Q?f7sEZAWuTyGZNJ8PjeOqZ8ii86KSmRUOvL70FTpROVqNErUdNK/ngLkjk+eP?= =?us-ascii?Q?0Cn+uAVZuk7lnLtXyRFVRwNMaez1u8K0aLKp79BdHOyJlLupGZBN4bavmqw/?= =?us-ascii?Q?I2o+3qzHSbhs0LazBrToh1Ju21ICXWO5NSh4oY+1K201MNoA+uvGYWB630lo?= =?us-ascii?Q?biOwRQ9tG71LfOkWuOmo8eqUSqwZj6dkaM1EmKxdxLVZveiEp2K1XxEImr3p?= =?us-ascii?Q?56hNxK2ukK5VkDtI7kG8wlv8GKBmpI2ueFy63h6GMrMCX2JLnoEs+Uu6Azo+?= =?us-ascii?Q?YgKI+5Ca8naFuOEECEYz/WsVCgSDAmsz5j0Yy78wDM/IOee9lFfbtv/tPWqC?= =?us-ascii?Q?+HHAs+//DsiAjcMwr8qrUhnpmWieklSqd7cO+4TzXEQMepD6iQA+Pg4hiduR?= =?us-ascii?Q?wnogUbvFoAWC0BQ1DCzK70XPXu/+O4g12UgLhXB7hjZVFmmiI1c38kX1aFU3?= =?us-ascii?Q?Unxc9b3W2qZDabMSAudGRxMACmlYv36aHVjK5sWQGFoOoeZSqYpExQpI+nlw?= =?us-ascii?Q?aqXePQR30XCbP6FF3g1PhBCRxCJ4j71uBgsnXr+lhvRmTMRlnUlxMsVDjmYw?= =?us-ascii?Q?Lg3JYQtwWKeFWmgF8PArDab8jhzXbolZIFx3H/e5YLLBETwXH7kmEBqfNd7m?= =?us-ascii?Q?w8q/L8Dn5wxC1WoaM4JPvnTx3PYqmJ2/MgtRmWTTUsrT8Myvt8QfqOoXSnx6?= =?us-ascii?Q?zVVLRpXYJIzeBc9hb7EIuhUTSKuf09G+7F+wMFNmQ5GAHUmm0NXO3/K3o439?= =?us-ascii?Q?+GnRAhzKa/tloVt8XNNxvShqgl0Gd9KD7bkDRqfY?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3504.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8dd394e0-f2d3-4ed2-9a5d-08db21127fff X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2023 02:52:34.3330 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 183ZCfUwUMSPURMT4JNXTo/utrp7C5+++VnlkKmbBHZHN0dpqMPexfffASUwqnuq+Xs1K3nT/ad4lh5ZzUZsuw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR11MB5116 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Maxime Coquelin > Sent: Thursday, March 9, 2023 7:37 PM > To: dev@dpdk.org; mkp@redhat.com; Xia, Chenbo ; > david.marchand@redhat.com > Cc: Maxime Coquelin > Subject: [PATCH] vhost: fix possible null pointer dereference >=20 > When handling VHOST_USER_SET_MEM_TABLE request ending > up in changing existing memory map, a device's memory > pointer may ends up being dereference while being NULL in > IOTLB cache flush function. >=20 > Coverity issue: 383646 > Fixes: dea092d0addb ("vhost: fix madvise arguments alignment") >=20 > Signed-off-by: Maxime Coquelin > --- > lib/vhost/vhost_user.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) >=20 > diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c > index 9e361082dc..23a6a4e2bd 100644 > --- a/lib/vhost/vhost_user.c > +++ b/lib/vhost/vhost_user.c > @@ -1355,16 +1355,16 @@ vhost_user_set_mem_table(struct virtio_net **pdev= , > async_notify =3D true; > } >=20 > + /* Flush IOTLB cache as previous HVAs are now invalid */ > + if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM)) > + for (i =3D 0; i < dev->nr_vring; i++) > + vhost_user_iotlb_flush_all(dev, dev->virtqueue[i]); > + > free_mem_region(dev); > rte_free(dev->mem); > dev->mem =3D NULL; > } >=20 > - /* Flush IOTLB cache as previous HVAs are now invalid */ > - if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM)) > - for (i =3D 0; i < dev->nr_vring; i++) > - vhost_user_iotlb_flush_all(dev, dev->virtqueue[i]); > - > /* > * If VQ 0 has already been allocated, try to allocate on the same > * NUMA node. It can be reallocated later in numa_realloc(). > -- > 2.39.2 Reviewed-by: Chenbo Xia =20