[PATCH] net/vhost: fix null pointer dereference

patches for DPDK stable branches
 help / color / mirror / Atom feed

* [PATCH] net/vhost: fix null pointer dereference
@ 2022-08-05  2:21 Wenwu Ma
  2022-08-05 10:03 ` Luca Boccassi
  0 siblings, 1 reply; 6+ messages in thread
From: Wenwu Ma @ 2022-08-05  2:21 UTC (permalink / raw)
  To: maxime.coquelin, chenbo.xia, stable
  Cc: jiayu.hu, yinan.wang, xingguang.he, Wenwu Ma

Because the async member of the vhost_virtqueue struct
can be freed in controlpath, so it should be protected
by spinlock in datapath, or, it may cause null pointer
dereference in the following vhost_poll_enqueue_completed().

Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")

Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
 lib/vhost/virtio_net.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index eed43658cf..858187d1b0 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -1911,16 +1911,22 @@ rte_vhost_poll_enqueue_completed(int vid, uint16_t queue_id,
 
 	vq = dev->virtqueue[queue_id];
 
+	if (!rte_spinlock_trylock(&vq->access_lock)) {
+		VHOST_LOG_DATA(DEBUG,
+			"%s: virtqueue %u is busy.\n",
+			__func__, queue_id);
+		return 0;
+	}
+
 	if (unlikely(!vq->async)) {
 		VHOST_LOG_DATA(ERR, "(%d) %s: async not registered for queue id %d.\n",
 			dev->vid, __func__, queue_id);
-		return 0;
+		goto out;
 	}
 
-	rte_spinlock_lock(&vq->access_lock);
-
 	n_pkts_cpl = vhost_poll_enqueue_completed(dev, queue_id, pkts, count);
 
+out:
 	rte_spinlock_unlock(&vq->access_lock);
 
 	return n_pkts_cpl;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] net/vhost: fix null pointer dereference
  2022-08-05  2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma
@ 2022-08-05 10:03 ` Luca Boccassi
  2022-08-05 10:12   ` Ma, WenwuX
  0 siblings, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2022-08-05 10:03 UTC (permalink / raw)
  To: Wenwu Ma
  Cc: Maxime Coquelin, Chenbo Xia, dpdk stable, Jiayu Hu, Yinan Wang,
	He, Xingguang

On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
>
> Because the async member of the vhost_virtqueue struct
> can be freed in controlpath, so it should be protected
> by spinlock in datapath, or, it may cause null pointer
> dereference in the following vhost_poll_enqueue_completed().
>
> Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
>
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> ---
>  lib/vhost/virtio_net.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)

Hi,

Is this for a stable branch? If so, which one? Please use
--subject-prefix next time to clearly identify it.

Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [PATCH] net/vhost: fix null pointer dereference
  2022-08-05 10:03 ` Luca Boccassi
@ 2022-08-05 10:12   ` Ma, WenwuX
  2022-08-05 15:09     ` Luca Boccassi
  0 siblings, 1 reply; 6+ messages in thread
From: Ma, WenwuX @ 2022-08-05 10:12 UTC (permalink / raw)
  To: Luca Boccassi
  Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
	Yinan, He, Xingguang



> -----Original Message-----
> From: Luca Boccassi <luca.boccassi@gmail.com>
> Sent: 2022年8月5日 18:04
> To: Ma, WenwuX <wenwux.ma@intel.com>
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> <xingguang.he@intel.com>
> Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> 
> On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> >
> > Because the async member of the vhost_virtqueue struct can be freed in
> > controlpath, so it should be protected by spinlock in datapath, or, it
> > may cause null pointer dereference in the following
> > vhost_poll_enqueue_completed().
> >
> > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
> >
> > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > ---
> >  lib/vhost/virtio_net.c | 12 +++++++++---
> >  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> Hi,
> 
> Is this for a stable branch? If so, which one? Please use --subject-prefix next
> time to clearly identify it.
> 
Sorry, it is 21.11

> Kind regards,
> Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] net/vhost: fix null pointer dereference
  2022-08-05 10:12   ` Ma, WenwuX
@ 2022-08-05 15:09     ` Luca Boccassi
  2022-08-08  1:00       ` Ma, WenwuX
  0 siblings, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2022-08-05 15:09 UTC (permalink / raw)
  To: Ma, WenwuX
  Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
	Yinan, He, Xingguang

On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote:
> 
> > -----Original Message-----
> > From: Luca Boccassi <luca.boccassi@gmail.com>
> > Sent: 2022年8月5日 18:04
> > To: Ma, WenwuX <wenwux.ma@intel.com>
> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> > <xingguang.he@intel.com>
> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> > 
> > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> > > 
> > > Because the async member of the vhost_virtqueue struct can be freed in
> > > controlpath, so it should be protected by spinlock in datapath, or, it
> > > may cause null pointer dereference in the following
> > > vhost_poll_enqueue_completed().
> > > 
> > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
> > > 
> > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > > ---
> > >  lib/vhost/virtio_net.c | 12 +++++++++---
> > >  1 file changed, 9 insertions(+), 3 deletions(-)
> > 
> > Hi,
> > 
> > Is this for a stable branch? If so, which one? Please use --subject-prefix next
> > time to clearly identify it.
> > 
> Sorry, it is 21.11

Does this issue affect only 21.11? Or main as well?

-- 
Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [PATCH] net/vhost: fix null pointer dereference
  2022-08-05 15:09     ` Luca Boccassi
@ 2022-08-08  1:00       ` Ma, WenwuX
  2022-08-08 13:02         ` Luca Boccassi
  0 siblings, 1 reply; 6+ messages in thread
From: Ma, WenwuX @ 2022-08-08  1:00 UTC (permalink / raw)
  To: Luca Boccassi
  Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
	Yinan, He, Xingguang



> -----Original Message-----
> From: Luca Boccassi <bluca@debian.org>
> Sent: 2022年8月5日 23:09
> To: Ma, WenwuX <wenwux.ma@intel.com>
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> <xingguang.he@intel.com>
> Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> 
> On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote:
> >
> > > -----Original Message-----
> > > From: Luca Boccassi <luca.boccassi@gmail.com>
> > > Sent: 2022年8月5日 18:04
> > > To: Ma, WenwuX <wenwux.ma@intel.com>
> > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He,
> > > Xingguang <xingguang.he@intel.com>
> > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> > >
> > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> > > >
> > > > Because the async member of the vhost_virtqueue struct can be
> > > > freed in controlpath, so it should be protected by spinlock in
> > > > datapath, or, it may cause null pointer dereference in the
> > > > following vhost_poll_enqueue_completed().
> > > >
> > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear
> > > > packets")
> > > >
> > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > > > ---
> > > >  lib/vhost/virtio_net.c | 12 +++++++++---
> > > >  1 file changed, 9 insertions(+), 3 deletions(-)
> > >
> > > Hi,
> > >
> > > Is this for a stable branch? If so, which one? Please use
> > > --subject-prefix next time to clearly identify it.
> > >
> > Sorry, it is 21.11
> 
> Does this issue affect only 21.11? Or main as well?
> 
Only 21.11
> --
> Kind regards,
> Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] net/vhost: fix null pointer dereference
  2022-08-08  1:00       ` Ma, WenwuX
@ 2022-08-08 13:02         ` Luca Boccassi
  0 siblings, 0 replies; 6+ messages in thread
From: Luca Boccassi @ 2022-08-08 13:02 UTC (permalink / raw)
  To: Ma, WenwuX
  Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
	Yinan, He, Xingguang

On Mon, 8 Aug 2022 at 02:01, Ma, WenwuX <wenwux.ma@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Luca Boccassi <bluca@debian.org>
> > Sent: 2022年8月5日 23:09
> > To: Ma, WenwuX <wenwux.ma@intel.com>
> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> > <xingguang.he@intel.com>
> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> >
> > On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote:
> > >
> > > > -----Original Message-----
> > > > From: Luca Boccassi <luca.boccassi@gmail.com>
> > > > Sent: 2022年8月5日 18:04
> > > > To: Ma, WenwuX <wenwux.ma@intel.com>
> > > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He,
> > > > Xingguang <xingguang.he@intel.com>
> > > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> > > >
> > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> > > > >
> > > > > Because the async member of the vhost_virtqueue struct can be
> > > > > freed in controlpath, so it should be protected by spinlock in
> > > > > datapath, or, it may cause null pointer dereference in the
> > > > > following vhost_poll_enqueue_completed().
> > > > >
> > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear
> > > > > packets")
> > > > >
> > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > > > > ---
> > > > >  lib/vhost/virtio_net.c | 12 +++++++++---
> > > > >  1 file changed, 9 insertions(+), 3 deletions(-)
> > > >
> > > > Hi,
> > > >
> > > > Is this for a stable branch? If so, which one? Please use
> > > > --subject-prefix next time to clearly identify it.
> > > >
> > > Sorry, it is 21.11
> >
> > Does this issue affect only 21.11? Or main as well?
> >
> Only 21.11

Thanks, applied and pushed.

Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-08-08 13:02 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-05  2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma
2022-08-05 10:03 ` Luca Boccassi
2022-08-05 10:12   ` Ma, WenwuX
2022-08-05 15:09     ` Luca Boccassi
2022-08-08  1:00       ` Ma, WenwuX
2022-08-08 13:02         ` Luca Boccassi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).