* [PATCH] net/vhost: fix null pointer dereference
@ 2022-08-05 2:21 Wenwu Ma
2022-08-05 10:03 ` Luca Boccassi
0 siblings, 1 reply; 6+ messages in thread
From: Wenwu Ma @ 2022-08-05 2:21 UTC (permalink / raw)
To: maxime.coquelin, chenbo.xia, stable
Cc: jiayu.hu, yinan.wang, xingguang.he, Wenwu Ma
Because the async member of the vhost_virtqueue struct
can be freed in controlpath, so it should be protected
by spinlock in datapath, or, it may cause null pointer
dereference in the following vhost_poll_enqueue_completed().
Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
lib/vhost/virtio_net.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index eed43658cf..858187d1b0 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -1911,16 +1911,22 @@ rte_vhost_poll_enqueue_completed(int vid, uint16_t queue_id,
vq = dev->virtqueue[queue_id];
+ if (!rte_spinlock_trylock(&vq->access_lock)) {
+ VHOST_LOG_DATA(DEBUG,
+ "%s: virtqueue %u is busy.\n",
+ __func__, queue_id);
+ return 0;
+ }
+
if (unlikely(!vq->async)) {
VHOST_LOG_DATA(ERR, "(%d) %s: async not registered for queue id %d.\n",
dev->vid, __func__, queue_id);
- return 0;
+ goto out;
}
- rte_spinlock_lock(&vq->access_lock);
-
n_pkts_cpl = vhost_poll_enqueue_completed(dev, queue_id, pkts, count);
+out:
rte_spinlock_unlock(&vq->access_lock);
return n_pkts_cpl;
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma @ 2022-08-05 10:03 ` Luca Boccassi 2022-08-05 10:12 ` Ma, WenwuX 0 siblings, 1 reply; 6+ messages in thread From: Luca Boccassi @ 2022-08-05 10:03 UTC (permalink / raw) To: Wenwu Ma Cc: Maxime Coquelin, Chenbo Xia, dpdk stable, Jiayu Hu, Yinan Wang, He, Xingguang On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > Because the async member of the vhost_virtqueue struct > can be freed in controlpath, so it should be protected > by spinlock in datapath, or, it may cause null pointer > dereference in the following vhost_poll_enqueue_completed(). > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > --- > lib/vhost/virtio_net.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) Hi, Is this for a stable branch? If so, which one? Please use --subject-prefix next time to clearly identify it. Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 10:03 ` Luca Boccassi @ 2022-08-05 10:12 ` Ma, WenwuX 2022-08-05 15:09 ` Luca Boccassi 0 siblings, 1 reply; 6+ messages in thread From: Ma, WenwuX @ 2022-08-05 10:12 UTC (permalink / raw) To: Luca Boccassi Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang > -----Original Message----- > From: Luca Boccassi <luca.boccassi@gmail.com> > Sent: 2022年8月5日 18:04 > To: Ma, WenwuX <wenwux.ma@intel.com> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > <xingguang.he@intel.com> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > Because the async member of the vhost_virtqueue struct can be freed in > > controlpath, so it should be protected by spinlock in datapath, or, it > > may cause null pointer dereference in the following > > vhost_poll_enqueue_completed(). > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > --- > > lib/vhost/virtio_net.c | 12 +++++++++--- > > 1 file changed, 9 insertions(+), 3 deletions(-) > > Hi, > > Is this for a stable branch? If so, which one? Please use --subject-prefix next > time to clearly identify it. > Sorry, it is 21.11 > Kind regards, > Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 10:12 ` Ma, WenwuX @ 2022-08-05 15:09 ` Luca Boccassi 2022-08-08 1:00 ` Ma, WenwuX 0 siblings, 1 reply; 6+ messages in thread From: Luca Boccassi @ 2022-08-05 15:09 UTC (permalink / raw) To: Ma, WenwuX Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote: > > > -----Original Message----- > > From: Luca Boccassi <luca.boccassi@gmail.com> > > Sent: 2022年8月5日 18:04 > > To: Ma, WenwuX <wenwux.ma@intel.com> > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > > <xingguang.he@intel.com> > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > > > Because the async member of the vhost_virtqueue struct can be freed in > > > controlpath, so it should be protected by spinlock in datapath, or, it > > > may cause null pointer dereference in the following > > > vhost_poll_enqueue_completed(). > > > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") > > > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > > --- > > > lib/vhost/virtio_net.c | 12 +++++++++--- > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > Hi, > > > > Is this for a stable branch? If so, which one? Please use --subject-prefix next > > time to clearly identify it. > > > Sorry, it is 21.11 Does this issue affect only 21.11? Or main as well? -- Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 15:09 ` Luca Boccassi @ 2022-08-08 1:00 ` Ma, WenwuX 2022-08-08 13:02 ` Luca Boccassi 0 siblings, 1 reply; 6+ messages in thread From: Ma, WenwuX @ 2022-08-08 1:00 UTC (permalink / raw) To: Luca Boccassi Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang > -----Original Message----- > From: Luca Boccassi <bluca@debian.org> > Sent: 2022年8月5日 23:09 > To: Ma, WenwuX <wenwux.ma@intel.com> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > <xingguang.he@intel.com> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote: > > > > > -----Original Message----- > > > From: Luca Boccassi <luca.boccassi@gmail.com> > > > Sent: 2022年8月5日 18:04 > > > To: Ma, WenwuX <wenwux.ma@intel.com> > > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, > > > Xingguang <xingguang.he@intel.com> > > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > > > > > Because the async member of the vhost_virtqueue struct can be > > > > freed in controlpath, so it should be protected by spinlock in > > > > datapath, or, it may cause null pointer dereference in the > > > > following vhost_poll_enqueue_completed(). > > > > > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear > > > > packets") > > > > > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > > > --- > > > > lib/vhost/virtio_net.c | 12 +++++++++--- > > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > > > Hi, > > > > > > Is this for a stable branch? If so, which one? Please use > > > --subject-prefix next time to clearly identify it. > > > > > Sorry, it is 21.11 > > Does this issue affect only 21.11? Or main as well? > Only 21.11 > -- > Kind regards, > Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference 2022-08-08 1:00 ` Ma, WenwuX @ 2022-08-08 13:02 ` Luca Boccassi 0 siblings, 0 replies; 6+ messages in thread From: Luca Boccassi @ 2022-08-08 13:02 UTC (permalink / raw) To: Ma, WenwuX Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang On Mon, 8 Aug 2022 at 02:01, Ma, WenwuX <wenwux.ma@intel.com> wrote: > > > > > -----Original Message----- > > From: Luca Boccassi <bluca@debian.org> > > Sent: 2022年8月5日 23:09 > > To: Ma, WenwuX <wenwux.ma@intel.com> > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > > <xingguang.he@intel.com> > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote: > > > > > > > -----Original Message----- > > > > From: Luca Boccassi <luca.boccassi@gmail.com> > > > > Sent: 2022年8月5日 18:04 > > > > To: Ma, WenwuX <wenwux.ma@intel.com> > > > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, > > > > Xingguang <xingguang.he@intel.com> > > > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > > > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > > > > > > > Because the async member of the vhost_virtqueue struct can be > > > > > freed in controlpath, so it should be protected by spinlock in > > > > > datapath, or, it may cause null pointer dereference in the > > > > > following vhost_poll_enqueue_completed(). > > > > > > > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear > > > > > packets") > > > > > > > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > > > > --- > > > > > lib/vhost/virtio_net.c | 12 +++++++++--- > > > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > > > > > Hi, > > > > > > > > Is this for a stable branch? If so, which one? Please use > > > > --subject-prefix next time to clearly identify it. > > > > > > > Sorry, it is 21.11 > > > > Does this issue affect only 21.11? Or main as well? > > > Only 21.11 Thanks, applied and pushed. Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-08 13:02 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-08-05 2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma 2022-08-05 10:03 ` Luca Boccassi 2022-08-05 10:12 ` Ma, WenwuX 2022-08-05 15:09 ` Luca Boccassi 2022-08-08 1:00 ` Ma, WenwuX 2022-08-08 13:02 ` Luca Boccassi
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).