From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 1A8DD1B454; Tue, 27 Nov 2018 10:55:07 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 59F0E30DDBD5; Tue, 27 Nov 2018 09:55:06 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-53.ams2.redhat.com [10.36.112.53]) by smtp.corp.redhat.com (Postfix) with ESMTP id 51C4760C68; Tue, 27 Nov 2018 09:54:53 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, tiwei.bie@intel.com, zhihong.wang@intel.com, jfreimann@redhat.com Cc: stable@dpdk.org, Maxime Coquelin Date: Tue, 27 Nov 2018 10:54:51 +0100 Message-Id: <20181127095451.18217-1-maxime.coquelin@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Tue, 27 Nov 2018 09:55:06 +0000 (UTC) Subject: [dpdk-stable] [PATCH v2] vhost: fix possible null pointer dereferencing X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2018 09:55:07 -0000 If mmap() call fails in vhost_user_set_mem_table, dev->mem is set to NULL. If later, qva_to_vva() is called, a segfault occurs. Fixes: 8f972312b8f4 ("vhost: support vhost-user") Cc: stable@dpdk.org Reviewed-by: Tiwei Bie Signed-off-by: Maxime Coquelin --- lib/librte_vhost/vhost_user.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index 3ea64eba6..9fdd16172 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -489,6 +489,12 @@ qva_to_vva(struct virtio_net *dev, uint64_t qva, uint64_t *len) struct rte_vhost_mem_region *r; uint32_t i; + if (unlikely(!dev || !dev->mem)) { + *len = 0; + + return 0; + } + /* Find the region where the address lives. */ for (i = 0; i < dev->mem->nregions; i++) { r = &dev->mem->regions[i]; -- 2.17.2