From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1B63C432DA for ; Wed, 8 Nov 2023 20:25:56 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1446540EE3; Wed, 8 Nov 2023 20:25:56 +0100 (CET) Received: from mail-lf1-f47.google.com (mail-lf1-f47.google.com [209.85.167.47]) by mails.dpdk.org (Postfix) with ESMTP id 99B6840395 for ; Wed, 8 Nov 2023 20:25:54 +0100 (CET) Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-507a3b8b113so41672e87.0 for ; Wed, 08 Nov 2023 11:25:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699471554; x=1700076354; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gwHcNvM+Y/RT0b9ACFhLRlP/1R+IVrSvTSR6kGVAkd8=; b=WNI4H9PdnZ37XK7Ge+uWAsdjheb7bgcFdZLpXhmi/aKmxqiE557tHAvb0jLWZR5Q+v V6psBYmZUo8pFIqNnFA6umj0YMG3rF/c1rZ8d/JhSNI2Hmb2VMsauC4T/u2ZXlX5/ygw nGboEDKaV4jONWuHiLHVFRXFc6ElDi3eouUprXfQulJzl3nG10g0LBh2A/6FQOmmo0bK PcbqeTb3dzU3bKtEyQ/9uZ3mBdU3SjZC1JWevGqru8QWjIishe10mstNAPjbdYmYeWSo QjCirtuzakndN4O1aSUSbUroHEY2ViZrV+od1CIH0oWbdGCii3oTu8WkGt8bDIExl4Gv AeNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699471554; x=1700076354; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gwHcNvM+Y/RT0b9ACFhLRlP/1R+IVrSvTSR6kGVAkd8=; b=S88G3QfCQjskwqY9u1IOS94C6PVHkKJ+C5vDW+pQMKw2gBGRinMSHv3kwML7v4eL4J xdpSM0Xb/fpqGYalj/sNDvLXpES8DVC/9Y3vEuYB6aaNFG9itv+JQmUvaXr6BiVDJpr/ YRPseFNi2OL6M04lJ4kQTaS0gM2Hge3phFTG+Ppue0UVU2nzcuhev8NVrB5B3bDGDs9g CUfGHkDieUAwgZv3KxSIteaN4bUkc4cnzHxOCTxeEubia7+9nU52QZguZ3Dv7tW/m4mR soLj2Df6yuEoSAVA4nbuPlxa5wlecqne2vCWiXzV3YN87T91tavjC7u0fgzEN8mK6ZWb dkxw== X-Gm-Message-State: AOJu0YxTkrFTii0oQooRB+zyO9XZOqppgbgppKGNvAGd+iwJKb1AyQbs v0ipYNWVRdh77X8hThYrnFBnOczgh+m4Tw== X-Google-Smtp-Source: AGHT+IGeOHWfs1N07lV/JJsRroQadI0xkKhQvwu3se9028aGKUtUP2+TI5exR+z9rHS7TYuMn7yQ/g== X-Received: by 2002:ac2:43da:0:b0:509:48ad:27fe with SMTP id u26-20020ac243da000000b0050948ad27femr1935949lfl.16.1699471554020; Wed, 08 Nov 2023 11:25:54 -0800 (PST) Received: from localhost ([137.220.119.58]) by smtp.gmail.com with ESMTPSA id e10-20020a05600c4e4a00b00406447b798bsm20709797wmq.37.2023.11.08.11.25.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Nov 2023 11:25:53 -0800 (PST) From: luca.boccassi@gmail.com To: Maxime Coquelin Cc: Li Feng , David Marchand , dpdk stable Subject: patch 'vhost: fix missing vring call check on virtqueue access' has been queued to stable release 20.11.10 Date: Wed, 8 Nov 2023 19:25:04 +0000 Message-Id: <20231108192535.922238-6-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231108192535.922238-1-luca.boccassi@gmail.com> References: <20231018235930.3144-41-luca.boccassi@gmail.com> <20231108192535.922238-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 20.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 11/10/23. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/db07b9fe92fb159e54b74a80be7ad12e6336c9eb Thanks. Luca Boccassi --- >From db07b9fe92fb159e54b74a80be7ad12e6336c9eb Mon Sep 17 00:00:00 2001 From: Maxime Coquelin Date: Fri, 20 Oct 2023 10:47:58 +0200 Subject: [PATCH] vhost: fix missing vring call check on virtqueue access [ upstream commit af7f683615244675fc4f472a2aa42880896476ad ] Acquiring the access lock is not enough to ensure virtqueue's metadata such as vring pointers are valid. The access status must also be checked. Fixes: 6c299bb7322f ("vhost: introduce vring call API") Fixes: c5736998305d ("vhost: fix missing virtqueue lock protection") Fixes: 830f7e790732 ("vhost: add non-blocking API for posting interrupt") Reported-by: Li Feng Signed-off-by: Maxime Coquelin Acked-by: David Marchand --- lib/librte_vhost/vhost.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c index cc5855ecfd..cb3ede8942 100644 --- a/lib/librte_vhost/vhost.c +++ b/lib/librte_vhost/vhost.c @@ -1253,6 +1253,7 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx) { struct virtio_net *dev; struct vhost_virtqueue *vq; + int ret = 0; dev = get_device(vid); if (!dev) @@ -1267,14 +1268,20 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx) rte_spinlock_lock(&vq->access_lock); + if (unlikely(!vq->access_ok)) { + ret = -1; + goto out_unlock; + } + if (vq_is_packed(dev)) vhost_vring_call_packed(dev, vq); else vhost_vring_call_split(dev, vq); +out_unlock: rte_spinlock_unlock(&vq->access_lock); - return 0; + return ret; } int @@ -1282,6 +1289,7 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx) { struct virtio_net *dev; struct vhost_virtqueue *vq; + int ret = 0; dev = get_device(vid); if (!dev) @@ -1297,14 +1305,20 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx) if (!rte_spinlock_trylock(&vq->access_lock)) return -EAGAIN; + if (unlikely(!vq->access_ok)) { + ret = -1; + goto out_unlock; + } + if (vq_is_packed(dev)) vhost_vring_call_packed(dev, vq); else vhost_vring_call_split(dev, vq); +out_unlock: rte_spinlock_unlock(&vq->access_lock); - return 0; + return ret; } uint16_t -- 2.39.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2023-11-08 19:23:52.223159935 +0000 +++ 0006-vhost-fix-missing-vring-call-check-on-virtqueue-acce.patch 2023-11-08 19:23:51.733395465 +0000 @@ -1 +1 @@ -From af7f683615244675fc4f472a2aa42880896476ad Mon Sep 17 00:00:00 2001 +From db07b9fe92fb159e54b74a80be7ad12e6336c9eb Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit af7f683615244675fc4f472a2aa42880896476ad ] + @@ -14 +15,0 @@ -Cc: stable@dpdk.org @@ -20 +21 @@ - lib/vhost/vhost.c | 18 ++++++++++++++++-- + lib/librte_vhost/vhost.c | 18 ++++++++++++++++-- @@ -23,5 +24,5 @@ -diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c -index bdcf85bece..b438330063 100644 ---- a/lib/vhost/vhost.c -+++ b/lib/vhost/vhost.c -@@ -1332,6 +1332,7 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx) +diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c +index cc5855ecfd..cb3ede8942 100644 +--- a/lib/librte_vhost/vhost.c ++++ b/lib/librte_vhost/vhost.c +@@ -1253,6 +1253,7 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx) @@ -35 +36 @@ -@@ -1346,14 +1347,20 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx) +@@ -1267,14 +1268,20 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx) @@ -37 +38 @@ - rte_rwlock_read_lock(&vq->access_lock); + rte_spinlock_lock(&vq->access_lock); @@ -50 +51 @@ - rte_rwlock_read_unlock(&vq->access_lock); + rte_spinlock_unlock(&vq->access_lock); @@ -57 +58 @@ -@@ -1361,6 +1368,7 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx) +@@ -1282,6 +1289,7 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx) @@ -65,2 +66,2 @@ -@@ -1376,14 +1384,20 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx) - if (rte_rwlock_read_trylock(&vq->access_lock)) +@@ -1297,14 +1305,20 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx) + if (!rte_spinlock_trylock(&vq->access_lock)) @@ -80 +81 @@ - rte_rwlock_read_unlock(&vq->access_lock); + rte_spinlock_unlock(&vq->access_lock);