* [PATCH] net/vhost: fix null pointer dereference
@ 2022-08-05 2:21 Wenwu Ma
2022-08-05 10:03 ` Luca Boccassi
0 siblings, 1 reply; 6+ messages in thread
From: Wenwu Ma @ 2022-08-05 2:21 UTC (permalink / raw)
To: maxime.coquelin, chenbo.xia, stable
Cc: jiayu.hu, yinan.wang, xingguang.he, Wenwu Ma
Because the async member of the vhost_virtqueue struct
can be freed in controlpath, so it should be protected
by spinlock in datapath, or, it may cause null pointer
dereference in the following vhost_poll_enqueue_completed().
Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
---
lib/vhost/virtio_net.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index eed43658cf..858187d1b0 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -1911,16 +1911,22 @@ rte_vhost_poll_enqueue_completed(int vid, uint16_t queue_id,
vq = dev->virtqueue[queue_id];
+ if (!rte_spinlock_trylock(&vq->access_lock)) {
+ VHOST_LOG_DATA(DEBUG,
+ "%s: virtqueue %u is busy.\n",
+ __func__, queue_id);
+ return 0;
+ }
+
if (unlikely(!vq->async)) {
VHOST_LOG_DATA(ERR, "(%d) %s: async not registered for queue id %d.\n",
dev->vid, __func__, queue_id);
- return 0;
+ goto out;
}
- rte_spinlock_lock(&vq->access_lock);
-
n_pkts_cpl = vhost_poll_enqueue_completed(dev, queue_id, pkts, count);
+out:
rte_spinlock_unlock(&vq->access_lock);
return n_pkts_cpl;
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference
2022-08-05 2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma
@ 2022-08-05 10:03 ` Luca Boccassi
2022-08-05 10:12 ` Ma, WenwuX
0 siblings, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2022-08-05 10:03 UTC (permalink / raw)
To: Wenwu Ma
Cc: Maxime Coquelin, Chenbo Xia, dpdk stable, Jiayu Hu, Yinan Wang,
He, Xingguang
On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
>
> Because the async member of the vhost_virtqueue struct
> can be freed in controlpath, so it should be protected
> by spinlock in datapath, or, it may cause null pointer
> dereference in the following vhost_poll_enqueue_completed().
>
> Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
>
> Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> ---
> lib/vhost/virtio_net.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
Hi,
Is this for a stable branch? If so, which one? Please use
--subject-prefix next time to clearly identify it.
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] net/vhost: fix null pointer dereference
2022-08-05 10:03 ` Luca Boccassi
@ 2022-08-05 10:12 ` Ma, WenwuX
2022-08-05 15:09 ` Luca Boccassi
0 siblings, 1 reply; 6+ messages in thread
From: Ma, WenwuX @ 2022-08-05 10:12 UTC (permalink / raw)
To: Luca Boccassi
Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
Yinan, He, Xingguang
> -----Original Message-----
> From: Luca Boccassi <luca.boccassi@gmail.com>
> Sent: 2022年8月5日 18:04
> To: Ma, WenwuX <wenwux.ma@intel.com>
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> <xingguang.he@intel.com>
> Subject: Re: [PATCH] net/vhost: fix null pointer dereference
>
> On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> >
> > Because the async member of the vhost_virtqueue struct can be freed in
> > controlpath, so it should be protected by spinlock in datapath, or, it
> > may cause null pointer dereference in the following
> > vhost_poll_enqueue_completed().
> >
> > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
> >
> > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > ---
> > lib/vhost/virtio_net.c | 12 +++++++++---
> > 1 file changed, 9 insertions(+), 3 deletions(-)
>
> Hi,
>
> Is this for a stable branch? If so, which one? Please use --subject-prefix next
> time to clearly identify it.
>
Sorry, it is 21.11
> Kind regards,
> Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference
2022-08-05 10:12 ` Ma, WenwuX
@ 2022-08-05 15:09 ` Luca Boccassi
2022-08-08 1:00 ` Ma, WenwuX
0 siblings, 1 reply; 6+ messages in thread
From: Luca Boccassi @ 2022-08-05 15:09 UTC (permalink / raw)
To: Ma, WenwuX
Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
Yinan, He, Xingguang
On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote:
>
> > -----Original Message-----
> > From: Luca Boccassi <luca.boccassi@gmail.com>
> > Sent: 2022年8月5日 18:04
> > To: Ma, WenwuX <wenwux.ma@intel.com>
> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> > <xingguang.he@intel.com>
> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> >
> > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> > >
> > > Because the async member of the vhost_virtqueue struct can be freed in
> > > controlpath, so it should be protected by spinlock in datapath, or, it
> > > may cause null pointer dereference in the following
> > > vhost_poll_enqueue_completed().
> > >
> > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets")
> > >
> > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > > ---
> > > lib/vhost/virtio_net.c | 12 +++++++++---
> > > 1 file changed, 9 insertions(+), 3 deletions(-)
> >
> > Hi,
> >
> > Is this for a stable branch? If so, which one? Please use --subject-prefix next
> > time to clearly identify it.
> >
> Sorry, it is 21.11
Does this issue affect only 21.11? Or main as well?
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] net/vhost: fix null pointer dereference
2022-08-05 15:09 ` Luca Boccassi
@ 2022-08-08 1:00 ` Ma, WenwuX
2022-08-08 13:02 ` Luca Boccassi
0 siblings, 1 reply; 6+ messages in thread
From: Ma, WenwuX @ 2022-08-08 1:00 UTC (permalink / raw)
To: Luca Boccassi
Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
Yinan, He, Xingguang
> -----Original Message-----
> From: Luca Boccassi <bluca@debian.org>
> Sent: 2022年8月5日 23:09
> To: Ma, WenwuX <wenwux.ma@intel.com>
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> <xingguang.he@intel.com>
> Subject: Re: [PATCH] net/vhost: fix null pointer dereference
>
> On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote:
> >
> > > -----Original Message-----
> > > From: Luca Boccassi <luca.boccassi@gmail.com>
> > > Sent: 2022年8月5日 18:04
> > > To: Ma, WenwuX <wenwux.ma@intel.com>
> > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He,
> > > Xingguang <xingguang.he@intel.com>
> > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> > >
> > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> > > >
> > > > Because the async member of the vhost_virtqueue struct can be
> > > > freed in controlpath, so it should be protected by spinlock in
> > > > datapath, or, it may cause null pointer dereference in the
> > > > following vhost_poll_enqueue_completed().
> > > >
> > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear
> > > > packets")
> > > >
> > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > > > ---
> > > > lib/vhost/virtio_net.c | 12 +++++++++---
> > > > 1 file changed, 9 insertions(+), 3 deletions(-)
> > >
> > > Hi,
> > >
> > > Is this for a stable branch? If so, which one? Please use
> > > --subject-prefix next time to clearly identify it.
> > >
> > Sorry, it is 21.11
>
> Does this issue affect only 21.11? Or main as well?
>
Only 21.11
> --
> Kind regards,
> Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference
2022-08-08 1:00 ` Ma, WenwuX
@ 2022-08-08 13:02 ` Luca Boccassi
0 siblings, 0 replies; 6+ messages in thread
From: Luca Boccassi @ 2022-08-08 13:02 UTC (permalink / raw)
To: Ma, WenwuX
Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang,
Yinan, He, Xingguang
On Mon, 8 Aug 2022 at 02:01, Ma, WenwuX <wenwux.ma@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: Luca Boccassi <bluca@debian.org>
> > Sent: 2022年8月5日 23:09
> > To: Ma, WenwuX <wenwux.ma@intel.com>
> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang
> > <xingguang.he@intel.com>
> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> >
> > On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote:
> > >
> > > > -----Original Message-----
> > > > From: Luca Boccassi <luca.boccassi@gmail.com>
> > > > Sent: 2022年8月5日 18:04
> > > > To: Ma, WenwuX <wenwux.ma@intel.com>
> > > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo
> > > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu
> > > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He,
> > > > Xingguang <xingguang.he@intel.com>
> > > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference
> > > >
> > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote:
> > > > >
> > > > > Because the async member of the vhost_virtqueue struct can be
> > > > > freed in controlpath, so it should be protected by spinlock in
> > > > > datapath, or, it may cause null pointer dereference in the
> > > > > following vhost_poll_enqueue_completed().
> > > > >
> > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear
> > > > > packets")
> > > > >
> > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com>
> > > > > ---
> > > > > lib/vhost/virtio_net.c | 12 +++++++++---
> > > > > 1 file changed, 9 insertions(+), 3 deletions(-)
> > > >
> > > > Hi,
> > > >
> > > > Is this for a stable branch? If so, which one? Please use
> > > > --subject-prefix next time to clearly identify it.
> > > >
> > > Sorry, it is 21.11
> >
> > Does this issue affect only 21.11? Or main as well?
> >
> Only 21.11
Thanks, applied and pushed.
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-08 13:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-05 2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma
2022-08-05 10:03 ` Luca Boccassi
2022-08-05 10:12 ` Ma, WenwuX
2022-08-05 15:09 ` Luca Boccassi
2022-08-08 1:00 ` Ma, WenwuX
2022-08-08 13:02 ` Luca Boccassi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).