From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7D905A054C for ; Fri, 14 Feb 2020 18:06:12 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 71F13F72; Fri, 14 Feb 2020 18:06:12 +0100 (CET) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by dpdk.org (Postfix) with ESMTP id BF6031F28 for ; Fri, 14 Feb 2020 18:06:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1581699970; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y/vxEj5SKGHm8r/viGTKc9EcJcppI4rXXlgbyyunE9U=; b=DH8uMfljia7R2RVpVYpTLy80CVqWqTrzH2kAz8EyzZdmGoahZ4N1mubKg39eAvW06qxKkg ki+4eECH9g92gh2N285rAclWFHA/WBTQg/RP5AgNXC7WaXHNgmJmWg//nmroWmAf+m2tZS FpkfR0e2GzTG7iZYyTq8IOyd0sKaPSI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-214-SxNcDBXjPB26VDbfNcmf5g-1; Fri, 14 Feb 2020 12:06:06 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5AABFDB20; Fri, 14 Feb 2020 17:06:05 +0000 (UTC) Received: from rh.redhat.com (unknown [10.33.36.13]) by smtp.corp.redhat.com (Postfix) with ESMTP id 31D7E84BCD; Fri, 14 Feb 2020 17:06:02 +0000 (UTC) From: Kevin Traynor To: Maxime Coquelin Cc: Ilja Van Sprundel , Tiwei Bie , dpdk stable Date: Fri, 14 Feb 2020 17:03:29 +0000 Message-Id: <20200214170337.25093-35-ktraynor@redhat.com> In-Reply-To: <20200214170337.25093-1-ktraynor@redhat.com> References: <20200214170337.25093-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: SxNcDBXjPB26VDbfNcmf5g-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Subject: [dpdk-stable] patch 'vhost: catch overflow causing mmap of size 0' has been queued to LTS release 18.11.7 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.7 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 02/20/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasi= ng (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/6b3e0aa1624e47893c= 67e67900dcec586ebf0d99 Thanks. Kevin. --- >From 6b3e0aa1624e47893c67e67900dcec586ebf0d99 Mon Sep 17 00:00:00 2001 From: Maxime Coquelin Date: Thu, 16 Jan 2020 11:44:27 +0100 Subject: [PATCH] vhost: catch overflow causing mmap of size 0 [ upstream commit c6420a36328b9c6b71770aaa982abacd0e2440b8 ] This patch catches an overflow that could happen if an invalid region size or page alignment is provided by the guest via the VHOST_USER_SET_MEM_TABLE request. If the sum of the size to mmap and the alignment overflows uint64_t, then RTE_ALIGN_CEIL(mmap_size, alignment) macro will return 0. This value was passed as is as size argument to mmap(). While kernel handling of mmap() syscall returns an error if size is 0, it is better to catch it earlier and provide a meaningful error log. Fixes: ec09c280b839 ("vhost: fix mmap not aligned with hugepage size") Reported-by: Ilja Van Sprundel Signed-off-by: Maxime Coquelin Reviewed-by: Tiwei Bie --- lib/librte_vhost/vhost_user.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index b9ecec5ba7..4c58880f8c 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1118,4 +1118,19 @@ vhost_user_set_mem_table(struct virtio_net **pdev, s= truct VhostUserMsg *msg, =09=09} =09=09mmap_size =3D RTE_ALIGN_CEIL(mmap_size, alignment); +=09=09if (mmap_size =3D=3D 0) { +=09=09=09/* +=09=09=09 * It could happen if initial mmap_size + alignment +=09=09=09 * overflows the sizeof uint64, which could happen if +=09=09=09 * either mmap_size or alignment value is wrong. +=09=09=09 * +=09=09=09 * mmap() kernel implementation would return an error, +=09=09=09 * but better catch it before and provide useful info +=09=09=09 * in the logs. +=09=09=09 */ +=09=09=09RTE_LOG(ERR, VHOST_CONFIG, "mmap size (0x%" PRIx64 ") " +=09=09=09=09=09"or alignment (0x%" PRIx64 ") is invalid\n", +=09=09=09=09=09reg->size + mmap_offset, alignment); +=09=09=09goto err_mmap; +=09=09} =20 =09=09populate =3D (dev->dequeue_zero_copy) ? MAP_POPULATE : 0; --=20 2.21.1 --- Diff of the applied patch vs upstream commit (please double-check if non-= empty: --- --- -=092020-02-14 17:02:39.009405344 +0000 +++ 0035-vhost-catch-overflow-causing-mmap-of-size-0.patch=092020-02-14 17:= 02:37.048405914 +0000 @@ -1 +1 @@ -From c6420a36328b9c6b71770aaa982abacd0e2440b8 Mon Sep 17 00:00:00 2001 +From 6b3e0aa1624e47893c67e67900dcec586ebf0d99 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit c6420a36328b9c6b71770aaa982abacd0e2440b8 ] + @@ -20 +21,0 @@ -Cc: stable@dpdk.org @@ -30 +31 @@ -index c9cc4d6489..9f14ea6676 100644 +index b9ecec5ba7..4c58880f8c 100644 @@ -33 +34 @@ -@@ -1146,4 +1146,19 @@ vhost_user_set_mem_table(struct virtio_net **pdev, = struct VhostUserMsg *msg, +@@ -1118,4 +1118,19 @@ vhost_user_set_mem_table(struct virtio_net **pdev, = struct VhostUserMsg *msg, @@ -46 +47 @@ -+=09=09=09VHOST_LOG_CONFIG(ERR, "mmap size (0x%" PRIx64 ") " ++=09=09=09RTE_LOG(ERR, VHOST_CONFIG, "mmap size (0x%" PRIx64 ") "