From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) by dpdk.org (Postfix) with ESMTP id 046D9235 for ; Tue, 21 Nov 2017 14:25:05 +0100 (CET) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id ABC4B20AE6; Tue, 21 Nov 2017 08:25:04 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Tue, 21 Nov 2017 08:25:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux.org; h=cc:date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=1M2iaca0Zr7NmKt1c 0aoZa8baLqx7cMDKj93WYqrR7M=; b=i+lqanP3mZBYYW2gMee4MznuDLWUUITe2 qyNryfW21rX85H8GGjucU3BY6gg5fgfTccAG/HzTr72h67RPkw1Ndf2Pq8JI8M+Q NA23XN1Hs1kNvlAfnjvrKt5cvAeKbIS8HJjKvnbiotMGi9ZMs5YmT9yy+3lHXLiO L+rxBm4T/B+4bzhugIoe9USLFaPyoQ3PcUuVReQBcJSq/XEWSjpk3q+oTQH6kZwK KU3uukBvr9PvGTqAxO/lWB8ITJsIEoRcQ6Qz4R8dVFW5+Q7AQCVzMflYdU7oeMjP 1rWmoH92gTJjKXM5DGqRAl8qPGCAYkWS6myWqsETSBPKXg98iMBng== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=1M2iaca0Zr7NmKt1c0aoZa8baLqx7cMDKj93WYqrR7M=; b=qj5ukVSJ A+FXIO1J9v/WrGJ/K8oqJXfJq28+dIKVDn01aZvTjPxzmRr1E8xqhshP/lw+GvyU PE1DmSB6bdKIQlHIVAtvou7tE5gCmdgeII+1NdzkkhgQiMigoNKA78/YXzP/I4bU KDPg7WmO5lX7aE0VB43jUeEjf9ozDSgcUazB1JvyYsnpi+pXOwzRqukpiokeefXX dAM4UAOD57BM2sL1y6O7WR7mwGAW0v7zGViRkcQwRMgxI30bOeI0RWPox6jTEFb+ Cm/bSWMyuEBZAq//35+KdU1fipGO1MOE45MF0XXuuZIkue37aU8MiCcdQLUDlXwR BAIk1aZAiSKOqw== X-ME-Sender: Received: from localhost.localdomain (unknown [180.158.62.0]) by mail.messagingengine.com (Postfix) with ESMTPA id 57EA424810; Tue, 21 Nov 2017 08:24:59 -0500 (EST) From: Yuanhan Liu To: Maxime Coquelin Cc: Yuanhan Liu , dpdk stable Date: Tue, 21 Nov 2017 21:17:11 +0800 Message-Id: <1511270333-31002-89-git-send-email-yliu@fridaylinux.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1511270333-31002-1-git-send-email-yliu@fridaylinux.org> References: <1511270333-31002-1-git-send-email-yliu@fridaylinux.org> Subject: [dpdk-stable] patch 'vhost: fix dereferencing invalid pointer after realloc' has been queued to stable release 17.08.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 13:25:05 -0000 Hi, FYI, your patch has been queued to stable release 17.08.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/24/17. So please shout if anyone has objections. Thanks. --yliu --- >>From 5b94b247775e9de7849f2df088d407024f348210 Mon Sep 17 00:00:00 2001 From: Maxime Coquelin Date: Thu, 5 Oct 2017 10:36:22 +0200 Subject: [PATCH] vhost: fix dereferencing invalid pointer after realloc [ upstream commit b0098b5e2174bd4ac901043e1c4dcaad1c19d9d5 ] numa_realloc() reallocates the virtio_net device structure and updates the vhost_devices[] table with the new pointer if the rings are allocated different NUMA node. Problem is that vhost_user_msg_handler() still dereferences old pointer afterward. This patch prevents this by fetching again the dev pointer in vhost_devices[] after messages have been handled. Fixes: af295ad4698c ("vhost: realloc device and queues to same numa node as vring desc") Signed-off-by: Maxime Coquelin Acked-by: Yuanhan Liu --- lib/librte_vhost/vhost_user.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index ad2e8d3..d8b84e2 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1102,6 +1102,12 @@ vhost_user_msg_handler(int vid, int fd) } + /* + * The virtio_net struct might have been reallocated on a different + * NUMA node, so dev pointer might no more be valid. + */ + dev = get_device(vid); + if (msg.flags & VHOST_USER_NEED_REPLY) { msg.payload.u64 = !!ret; msg.size = sizeof(msg.payload.u64); -- 2.7.4