From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yuanhan.liu@linux.intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by dpdk.org (Postfix) with ESMTP id AD5BC7CE3;
 Fri,  2 Jun 2017 02:13:57 +0200 (CEST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 01 Jun 2017 17:13:56 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.39,281,1493708400"; d="scan'208";a="94594242"
Received: from yliu-dev.sh.intel.com ([10.239.67.162])
 by orsmga002.jf.intel.com with ESMTP; 01 Jun 2017 17:13:55 -0700
From: Yuanhan Liu <yuanhan.liu@linux.intel.com>
To: dev@dpdk.org
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>,
 Yuanhan Liu <yuanhan.liu@linux.intel.com>, stable@dpdk.org
Date: Fri,  2 Jun 2017 08:14:46 +0800
Message-Id: <1496362486-1741-1-git-send-email-yuanhan.liu@linux.intel.com>
X-Mailer: git-send-email 1.9.0
Subject: [dpdk-stable] [PATCH] vhost: fix crash on NUMA
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 00:13:58 -0000

The queue allocation was changed, from allocating one queue-pair at a
time to one queue at a time. Most of the changes have been done, but
just with one being missed: the size of coping the old queue is still
based on queue-pair at numa_realloc(), which leads to overwritten issue.
As a result, crash may happen.

Fix it by specifying the right copy size. Also, the net queue macros
are not used any more. Remove them.

Fixes: ab4d7b9f1afc ("vhost: turn queue pair to vring")

Cc: stable@dpdk.org
Reported-by: Ciara Loftus <ciara.loftus@intel.com>
Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
---
 lib/librte_vhost/vhost_user.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 5c8058b..e486b78 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -238,8 +238,6 @@ numa_realloc(struct virtio_net *dev, int index)
 	struct vhost_virtqueue *old_vq, *vq;
 	int ret;
 
-	enum {VIRTIO_RXQ, VIRTIO_TXQ, VIRTIO_QNUM};
-
 	old_dev = dev;
 	vq = old_vq = dev->virtqueue[index];
 
@@ -261,7 +259,7 @@ numa_realloc(struct virtio_net *dev, int index)
 		if (!vq)
 			return dev;
 
-		memcpy(vq, old_vq, sizeof(*vq) * VIRTIO_QNUM);
+		memcpy(vq, old_vq, sizeof(*vq));
 		rte_free(old_vq);
 	}
 
-- 
2.8.1