From: Wenwu Ma <wenwux.ma@intel.com>
To: maxime.coquelin@redhat.com, chenbo.xia@intel.com, stable@dpdk.org
Cc: jiayu.hu@intel.com, yinan.wang@intel.com, xingguang.he@intel.com,
Wenwu Ma <wenwux.ma@intel.com>
Subject: [PATCH] net/vhost: fix null pointer dereference
Date: Fri, 5 Aug 2022 10:21:27 +0800 [thread overview]
Message-ID: <20220805022127.757324-1-wenwux.ma@intel.com> (raw)
Because the async member of the vhost_virtqueue struct
can be freed in controlpath, so it should be protected
by spinlock in datapath, or, it may cause null pointer
dereference in the following vhost_poll_enqueue_completed().
Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
lib/vhost/virtio_net.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index eed43658cf..858187d1b0 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -1911,16 +1911,22 @@ rte_vhost_poll_enqueue_completed(int vid, uint16_t queue_id,
vq = dev->virtqueue[queue_id];
+ if (!rte_spinlock_trylock(&vq->access_lock)) {
+ VHOST_LOG_DATA(DEBUG,
+ "%s: virtqueue %u is busy.\n",
+ __func__, queue_id);
+ return 0;
+ }
+
if (unlikely(!vq->async)) {
VHOST_LOG_DATA(ERR, "(%d) %s: async not registered for queue id %d.\n",
dev->vid, __func__, queue_id);
- return 0;
+ goto out;
}
- rte_spinlock_lock(&vq->access_lock);
-
n_pkts_cpl = vhost_poll_enqueue_completed(dev, queue_id, pkts, count);
+out:
rte_spinlock_unlock(&vq->access_lock);
return n_pkts_cpl;
--
2.25.1
next reply other threads:[~2022-08-05 2:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-05 2:21 Wenwu Ma [this message]
2022-08-05 10:03 ` Luca Boccassi
2022-08-05 10:12 ` Ma, WenwuX
2022-08-05 15:09 ` Luca Boccassi
2022-08-08 1:00 ` Ma, WenwuX
2022-08-08 13:02 ` Luca Boccassi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220805022127.757324-1-wenwux.ma@intel.com \
--to=wenwux.ma@intel.com \
--cc=chenbo.xia@intel.com \
--cc=jiayu.hu@intel.com \
--cc=maxime.coquelin@redhat.com \
--cc=stable@dpdk.org \
--cc=xingguang.he@intel.com \
--cc=yinan.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).