From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 45F24A00C5 for ; Wed, 22 Jun 2022 03:07:13 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 39B0340DDB; Wed, 22 Jun 2022 03:07:13 +0200 (CEST) Received: from m12-14.163.com (m12-14.163.com [220.181.12.14]) by mails.dpdk.org (Postfix) with ESMTP id 9F22340151; Wed, 22 Jun 2022 03:07:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=/YOV1 lbCnahQJOU4smohnJ7D7HZnUpFZxIpi1qDxo3M=; b=Xmcn7xI19tvNr4cBcdwMf n1C9+OhpzflUzgT6qlSP6Q1dQDAxumEXVpvBgIaQ+5JQ6YmVuegGxtC1aRNySix1 zgbuf8NEdvOXGFe7EXt3Q3/+PuSq3haKvL60YCEKYSfaUoHfitq3b23EYalHstho O9kUcxZQqmKfnHsXmGNnnM= Received: from DESKTOP-ONA2IA7.localdomain (unknown [223.104.244.95]) by smtp10 (Coremail) with SMTP id DsCowABXJj8ra7JizyeKJA--.13366S4; Wed, 22 Jun 2022 09:07:04 +0800 (CST) From: Gaoxiang Liu To: maxime.coquelin@redhat.com, chenbo.xia@intel.com Cc: dev@dpdk.org, liugaoxiang@huawei.com, Gaoxiang Liu , stable@dpdk.org Subject: [PATCH v2] vhost: fix avail idx update error when desc copy failed Date: Wed, 22 Jun 2022 09:06:48 +0800 Message-Id: <20220622010648.6058-1-gaoxiangliu0@163.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: DsCowABXJj8ra7JizyeKJA--.13366S4 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZF45Jr1kAr4fZr1UCw48WFg_yoW8JFW7pF WayFWUuFySgr1IgaykWrn7u34vka97K3W7JFsrXF47uFW3J3Z7tFy8K3WFyr1UurZ3Ar18 ZF10gry5Cw4Uu3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0pizBT8UUUUU= X-Originating-IP: [223.104.244.95] X-CM-SenderInfo: xjdr5xxdqjzxjxq6il2tof0z/xtbBORgoOl-POEeVmwAAsS X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org When copy_desc_to_mbuf function failed, i added 1. And last_avail_idx added i, other than i - 1. It may cause that the first mbuf in mbuf-list is dropped, the second mbuf in mbuf-list is received in the following rx procedure. And The pkt_len of the second mbuf is zero, resulting in segment fault when parsing the mbuf. Fixes: 0fd5608ef97f ("vhost: handle mbuf allocation failure") Cc: stable@dpdk.org Signed-off-by: Gaoxiang Liu --- v2: * Fixed other idx update errors. --- lib/vhost/virtio_net.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c index 68a26eb17d..eb254e1024 100644 --- a/lib/vhost/virtio_net.c +++ b/lib/vhost/virtio_net.c @@ -2850,11 +2850,11 @@ virtio_dev_tx_split(struct virtio_net *dev, struct vhost_virtqueue *vq, if (dropped) rte_pktmbuf_free_bulk(&pkts[i - 1], count - i + 1); - vq->last_avail_idx += i; + vq->last_avail_idx += i - dropped; do_data_copy_dequeue(vq); - if (unlikely(i < count)) - vq->shadow_used_idx = i; + if (unlikely((i - dropped) < count)) + vq->shadow_used_idx = i - dropped; if (likely(vq->shadow_used_idx)) { flush_shadow_used_ring_split(dev, vq); vhost_vring_call_split(dev, vq); -- 2.32.0