From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 24E84A04B6 for ; Tue, 12 Nov 2019 16:19:42 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 092C12BE9; Tue, 12 Nov 2019 16:19:42 +0100 (CET) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by dpdk.org (Postfix) with ESMTP id 7EE422BF5 for ; Tue, 12 Nov 2019 16:19:40 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573571980; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NzcVwVkejZFzPakZs7pgJCuN8KCaXFlAaf566Ul7v/c=; b=JjK2T/FCcqTowJRFt3Mm/RaPIVBB7Sq/Oijxtb2MHQzanryysA33+bvInhkfd9w5L9Gm9t IDbOIFtQXbam4RWGwvtE0Lm3oaVmSZ1kk6ZemJBl137nFTBkLlOK/NwGO8fyrWhhiBMZ0n TL1IfAoH24FwbwVZId032Q73DlQaquk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-156-F5LWUebmM1W7B7Ooa01xXg-1; Tue, 12 Nov 2019 10:19:38 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6A3C510D4E5F; Tue, 12 Nov 2019 15:19:37 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-39.ams2.redhat.com [10.36.112.39]) by smtp.corp.redhat.com (Postfix) with ESMTP id 597AF5E244; Tue, 12 Nov 2019 15:19:30 +0000 (UTC) From: Maxime Coquelin To: dev@dpdk.org, stable@dpdk.org Cc: Stefan Hajnoczi , Maxime Coquelin Date: Tue, 12 Nov 2019 16:19:24 +0100 Message-Id: <20191112151927.27418-1-maxime.coquelin@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: F5LWUebmM1W7B7Ooa01xXg-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Subject: [dpdk-stable] [v17.11 PATCH v2 1/4] vhost: validate virtqueue size X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" From: Stefan Hajnoczi [ backported from upstream commit eb7c574b21cc92792ea5a1f219ddf6dd3cf3b1e1 = ] Check the virtqueue size constraints so that invalid values don't cause bugs later on in the code. For example, sometimes the virtqueue size is stored as unsigned int and sometimes as uint16_t, so bad things happen if it is ever larger than 65535. Signed-off-by: Stefan Hajnoczi Reviewed-by: Maxime Coquelin --- lib/librte_vhost/vhost_user.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index bb39999aa4..93e871c5bb 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -247,6 +247,17 @@ vhost_user_set_vring_num(struct virtio_net *dev, =20 =09vq->size =3D msg->payload.state.num; =20 +=09/* VIRTIO 1.0, 2.4 Virtqueues says: +=09 * +=09 * Queue Size value is always a power of 2. The maximum Queue Size +=09 * value is 32768. +=09 */ +=09if ((vq->size & (vq->size - 1)) || vq->size > 32768) { +=09=09RTE_LOG(ERR, VHOST_CONFIG, +=09=09=09"invalid virtqueue size %u\n", vq->size); +=09=09return -1; +=09} + =09if (dev->dequeue_zero_copy) { =09=09vq->nr_zmbuf =3D 0; =09=09vq->last_zmbuf_idx =3D 0; --=20 2.21.0