From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 1B63C432DA
	for <public@inbox.dpdk.org>; Wed,  8 Nov 2023 20:25:56 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1446540EE3;
	Wed,  8 Nov 2023 20:25:56 +0100 (CET)
Received: from mail-lf1-f47.google.com (mail-lf1-f47.google.com
 [209.85.167.47]) by mails.dpdk.org (Postfix) with ESMTP id 99B6840395
 for <stable@dpdk.org>; Wed,  8 Nov 2023 20:25:54 +0100 (CET)
Received: by mail-lf1-f47.google.com with SMTP id
 2adb3069b0e04-507a3b8b113so41672e87.0
 for <stable@dpdk.org>; Wed, 08 Nov 2023 11:25:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1699471554; x=1700076354; darn=dpdk.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=gwHcNvM+Y/RT0b9ACFhLRlP/1R+IVrSvTSR6kGVAkd8=;
 b=WNI4H9PdnZ37XK7Ge+uWAsdjheb7bgcFdZLpXhmi/aKmxqiE557tHAvb0jLWZR5Q+v
 V6psBYmZUo8pFIqNnFA6umj0YMG3rF/c1rZ8d/JhSNI2Hmb2VMsauC4T/u2ZXlX5/ygw
 nGboEDKaV4jONWuHiLHVFRXFc6ElDi3eouUprXfQulJzl3nG10g0LBh2A/6FQOmmo0bK
 PcbqeTb3dzU3bKtEyQ/9uZ3mBdU3SjZC1JWevGqru8QWjIishe10mstNAPjbdYmYeWSo
 QjCirtuzakndN4O1aSUSbUroHEY2ViZrV+od1CIH0oWbdGCii3oTu8WkGt8bDIExl4Gv
 AeNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1699471554; x=1700076354;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=gwHcNvM+Y/RT0b9ACFhLRlP/1R+IVrSvTSR6kGVAkd8=;
 b=S88G3QfCQjskwqY9u1IOS94C6PVHkKJ+C5vDW+pQMKw2gBGRinMSHv3kwML7v4eL4J
 xdpSM0Xb/fpqGYalj/sNDvLXpES8DVC/9Y3vEuYB6aaNFG9itv+JQmUvaXr6BiVDJpr/
 YRPseFNi2OL6M04lJ4kQTaS0gM2Hge3phFTG+Ppue0UVU2nzcuhev8NVrB5B3bDGDs9g
 CUfGHkDieUAwgZv3KxSIteaN4bUkc4cnzHxOCTxeEubia7+9nU52QZguZ3Dv7tW/m4mR
 soLj2Df6yuEoSAVA4nbuPlxa5wlecqne2vCWiXzV3YN87T91tavjC7u0fgzEN8mK6ZWb
 dkxw==
X-Gm-Message-State: AOJu0YxTkrFTii0oQooRB+zyO9XZOqppgbgppKGNvAGd+iwJKb1AyQbs
 v0ipYNWVRdh77X8hThYrnFBnOczgh+m4Tw==
X-Google-Smtp-Source: AGHT+IGeOHWfs1N07lV/JJsRroQadI0xkKhQvwu3se9028aGKUtUP2+TI5exR+z9rHS7TYuMn7yQ/g==
X-Received: by 2002:ac2:43da:0:b0:509:48ad:27fe with SMTP id
 u26-20020ac243da000000b0050948ad27femr1935949lfl.16.1699471554020; 
 Wed, 08 Nov 2023 11:25:54 -0800 (PST)
Received: from localhost ([137.220.119.58]) by smtp.gmail.com with ESMTPSA id
 e10-20020a05600c4e4a00b00406447b798bsm20709797wmq.37.2023.11.08.11.25.53
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 08 Nov 2023 11:25:53 -0800 (PST)
From: luca.boccassi@gmail.com
To: Maxime Coquelin <maxime.coquelin@redhat.com>
Cc: Li Feng <fengli@smartx.com>, David Marchand <david.marchand@redhat.com>,
 dpdk stable <stable@dpdk.org>
Subject: patch 'vhost: fix missing vring call check on virtqueue access' has
 been queued to stable release 20.11.10
Date: Wed,  8 Nov 2023 19:25:04 +0000
Message-Id: <20231108192535.922238-6-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20231108192535.922238-1-luca.boccassi@gmail.com>
References: <20231018235930.3144-41-luca.boccassi@gmail.com>
 <20231108192535.922238-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 20.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/10/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/db07b9fe92fb159e54b74a80be7ad12e6336c9eb

Thanks.

Luca Boccassi

---
>From db07b9fe92fb159e54b74a80be7ad12e6336c9eb Mon Sep 17 00:00:00 2001
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Fri, 20 Oct 2023 10:47:58 +0200
Subject: [PATCH] vhost: fix missing vring call check on virtqueue access

[ upstream commit af7f683615244675fc4f472a2aa42880896476ad ]

Acquiring the access lock is not enough to ensure
virtqueue's metadata such as vring pointers are valid.

The access status must also be checked.

Fixes: 6c299bb7322f ("vhost: introduce vring call API")
Fixes: c5736998305d ("vhost: fix missing virtqueue lock protection")
Fixes: 830f7e790732 ("vhost: add non-blocking API for posting interrupt")

Reported-by: Li Feng <fengli@smartx.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: David Marchand <david.marchand@redhat.com>
---
 lib/librte_vhost/vhost.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index cc5855ecfd..cb3ede8942 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -1253,6 +1253,7 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx)
 {
 	struct virtio_net *dev;
 	struct vhost_virtqueue *vq;
+	int ret = 0;
 
 	dev = get_device(vid);
 	if (!dev)
@@ -1267,14 +1268,20 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx)
 
 	rte_spinlock_lock(&vq->access_lock);
 
+	if (unlikely(!vq->access_ok)) {
+		ret = -1;
+		goto out_unlock;
+	}
+
 	if (vq_is_packed(dev))
 		vhost_vring_call_packed(dev, vq);
 	else
 		vhost_vring_call_split(dev, vq);
 
+out_unlock:
 	rte_spinlock_unlock(&vq->access_lock);
 
-	return 0;
+	return ret;
 }
 
 int
@@ -1282,6 +1289,7 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx)
 {
 	struct virtio_net *dev;
 	struct vhost_virtqueue *vq;
+	int ret = 0;
 
 	dev = get_device(vid);
 	if (!dev)
@@ -1297,14 +1305,20 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx)
 	if (!rte_spinlock_trylock(&vq->access_lock))
 		return -EAGAIN;
 
+	if (unlikely(!vq->access_ok)) {
+		ret = -1;
+		goto out_unlock;
+	}
+
 	if (vq_is_packed(dev))
 		vhost_vring_call_packed(dev, vq);
 	else
 		vhost_vring_call_split(dev, vq);
 
+out_unlock:
 	rte_spinlock_unlock(&vq->access_lock);
 
-	return 0;
+	return ret;
 }
 
 uint16_t
-- 
2.39.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-11-08 19:23:52.223159935 +0000
+++ 0006-vhost-fix-missing-vring-call-check-on-virtqueue-acce.patch	2023-11-08 19:23:51.733395465 +0000
@@ -1 +1 @@
-From af7f683615244675fc4f472a2aa42880896476ad Mon Sep 17 00:00:00 2001
+From db07b9fe92fb159e54b74a80be7ad12e6336c9eb Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit af7f683615244675fc4f472a2aa42880896476ad ]
+
@@ -14 +15,0 @@
-Cc: stable@dpdk.org
@@ -20 +21 @@
- lib/vhost/vhost.c | 18 ++++++++++++++++--
+ lib/librte_vhost/vhost.c | 18 ++++++++++++++++--
@@ -23,5 +24,5 @@
-diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c
-index bdcf85bece..b438330063 100644
---- a/lib/vhost/vhost.c
-+++ b/lib/vhost/vhost.c
-@@ -1332,6 +1332,7 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx)
+diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
+index cc5855ecfd..cb3ede8942 100644
+--- a/lib/librte_vhost/vhost.c
++++ b/lib/librte_vhost/vhost.c
+@@ -1253,6 +1253,7 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx)
@@ -35 +36 @@
-@@ -1346,14 +1347,20 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx)
+@@ -1267,14 +1268,20 @@ rte_vhost_vring_call(int vid, uint16_t vring_idx)
@@ -37 +38 @@
- 	rte_rwlock_read_lock(&vq->access_lock);
+ 	rte_spinlock_lock(&vq->access_lock);
@@ -50 +51 @@
- 	rte_rwlock_read_unlock(&vq->access_lock);
+ 	rte_spinlock_unlock(&vq->access_lock);
@@ -57 +58 @@
-@@ -1361,6 +1368,7 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx)
+@@ -1282,6 +1289,7 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx)
@@ -65,2 +66,2 @@
-@@ -1376,14 +1384,20 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx)
- 	if (rte_rwlock_read_trylock(&vq->access_lock))
+@@ -1297,14 +1305,20 @@ rte_vhost_vring_call_nonblock(int vid, uint16_t vring_idx)
+ 	if (!rte_spinlock_trylock(&vq->access_lock))
@@ -80 +81 @@
- 	rte_rwlock_read_unlock(&vq->access_lock);
+ 	rte_spinlock_unlock(&vq->access_lock);