* [PATCH] net/vhost: fix null pointer dereference @ 2022-08-05 2:21 Wenwu Ma 2022-08-05 10:03 ` Luca Boccassi 0 siblings, 1 reply; 6+ messages in thread From: Wenwu Ma @ 2022-08-05 2:21 UTC (permalink / raw) To: maxime.coquelin, chenbo.xia, stable Cc: jiayu.hu, yinan.wang, xingguang.he, Wenwu Ma Because the async member of the vhost_virtqueue struct can be freed in controlpath, so it should be protected by spinlock in datapath, or, it may cause null pointer dereference in the following vhost_poll_enqueue_completed(). Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> --- lib/vhost/virtio_net.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c index eed43658cf..858187d1b0 100644 --- a/lib/vhost/virtio_net.c +++ b/lib/vhost/virtio_net.c @@ -1911,16 +1911,22 @@ rte_vhost_poll_enqueue_completed(int vid, uint16_t queue_id, vq = dev->virtqueue[queue_id]; + if (!rte_spinlock_trylock(&vq->access_lock)) { + VHOST_LOG_DATA(DEBUG, + "%s: virtqueue %u is busy.\n", + __func__, queue_id); + return 0; + } + if (unlikely(!vq->async)) { VHOST_LOG_DATA(ERR, "(%d) %s: async not registered for queue id %d.\n", dev->vid, __func__, queue_id); - return 0; + goto out; } - rte_spinlock_lock(&vq->access_lock); - n_pkts_cpl = vhost_poll_enqueue_completed(dev, queue_id, pkts, count); +out: rte_spinlock_unlock(&vq->access_lock); return n_pkts_cpl; -- 2.25.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma @ 2022-08-05 10:03 ` Luca Boccassi 2022-08-05 10:12 ` Ma, WenwuX 0 siblings, 1 reply; 6+ messages in thread From: Luca Boccassi @ 2022-08-05 10:03 UTC (permalink / raw) To: Wenwu Ma Cc: Maxime Coquelin, Chenbo Xia, dpdk stable, Jiayu Hu, Yinan Wang, He, Xingguang On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > Because the async member of the vhost_virtqueue struct > can be freed in controlpath, so it should be protected > by spinlock in datapath, or, it may cause null pointer > dereference in the following vhost_poll_enqueue_completed(). > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > --- > lib/vhost/virtio_net.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) Hi, Is this for a stable branch? If so, which one? Please use --subject-prefix next time to clearly identify it. Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 10:03 ` Luca Boccassi @ 2022-08-05 10:12 ` Ma, WenwuX 2022-08-05 15:09 ` Luca Boccassi 0 siblings, 1 reply; 6+ messages in thread From: Ma, WenwuX @ 2022-08-05 10:12 UTC (permalink / raw) To: Luca Boccassi Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang > -----Original Message----- > From: Luca Boccassi <luca.boccassi@gmail.com> > Sent: 2022年8月5日 18:04 > To: Ma, WenwuX <wenwux.ma@intel.com> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > <xingguang.he@intel.com> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > Because the async member of the vhost_virtqueue struct can be freed in > > controlpath, so it should be protected by spinlock in datapath, or, it > > may cause null pointer dereference in the following > > vhost_poll_enqueue_completed(). > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > --- > > lib/vhost/virtio_net.c | 12 +++++++++--- > > 1 file changed, 9 insertions(+), 3 deletions(-) > > Hi, > > Is this for a stable branch? If so, which one? Please use --subject-prefix next > time to clearly identify it. > Sorry, it is 21.11 > Kind regards, > Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 10:12 ` Ma, WenwuX @ 2022-08-05 15:09 ` Luca Boccassi 2022-08-08 1:00 ` Ma, WenwuX 0 siblings, 1 reply; 6+ messages in thread From: Luca Boccassi @ 2022-08-05 15:09 UTC (permalink / raw) To: Ma, WenwuX Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote: > > > -----Original Message----- > > From: Luca Boccassi <luca.boccassi@gmail.com> > > Sent: 2022年8月5日 18:04 > > To: Ma, WenwuX <wenwux.ma@intel.com> > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > > <xingguang.he@intel.com> > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > > > Because the async member of the vhost_virtqueue struct can be freed in > > > controlpath, so it should be protected by spinlock in datapath, or, it > > > may cause null pointer dereference in the following > > > vhost_poll_enqueue_completed(). > > > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear packets") > > > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > > --- > > > lib/vhost/virtio_net.c | 12 +++++++++--- > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > Hi, > > > > Is this for a stable branch? If so, which one? Please use --subject-prefix next > > time to clearly identify it. > > > Sorry, it is 21.11 Does this issue affect only 21.11? Or main as well? -- Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [PATCH] net/vhost: fix null pointer dereference 2022-08-05 15:09 ` Luca Boccassi @ 2022-08-08 1:00 ` Ma, WenwuX 2022-08-08 13:02 ` Luca Boccassi 0 siblings, 1 reply; 6+ messages in thread From: Ma, WenwuX @ 2022-08-08 1:00 UTC (permalink / raw) To: Luca Boccassi Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang > -----Original Message----- > From: Luca Boccassi <bluca@debian.org> > Sent: 2022年8月5日 23:09 > To: Ma, WenwuX <wenwux.ma@intel.com> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > <xingguang.he@intel.com> > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote: > > > > > -----Original Message----- > > > From: Luca Boccassi <luca.boccassi@gmail.com> > > > Sent: 2022年8月5日 18:04 > > > To: Ma, WenwuX <wenwux.ma@intel.com> > > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, > > > Xingguang <xingguang.he@intel.com> > > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > > > > > Because the async member of the vhost_virtqueue struct can be > > > > freed in controlpath, so it should be protected by spinlock in > > > > datapath, or, it may cause null pointer dereference in the > > > > following vhost_poll_enqueue_completed(). > > > > > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear > > > > packets") > > > > > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > > > --- > > > > lib/vhost/virtio_net.c | 12 +++++++++--- > > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > > > Hi, > > > > > > Is this for a stable branch? If so, which one? Please use > > > --subject-prefix next time to clearly identify it. > > > > > Sorry, it is 21.11 > > Does this issue affect only 21.11? Or main as well? > Only 21.11 > -- > Kind regards, > Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] net/vhost: fix null pointer dereference 2022-08-08 1:00 ` Ma, WenwuX @ 2022-08-08 13:02 ` Luca Boccassi 0 siblings, 0 replies; 6+ messages in thread From: Luca Boccassi @ 2022-08-08 13:02 UTC (permalink / raw) To: Ma, WenwuX Cc: Maxime Coquelin, Xia, Chenbo, dpdk stable, Hu, Jiayu, Wang, Yinan, He, Xingguang On Mon, 8 Aug 2022 at 02:01, Ma, WenwuX <wenwux.ma@intel.com> wrote: > > > > > -----Original Message----- > > From: Luca Boccassi <bluca@debian.org> > > Sent: 2022年8月5日 23:09 > > To: Ma, WenwuX <wenwux.ma@intel.com> > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, Xingguang > > <xingguang.he@intel.com> > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > On Fri, 2022-08-05 at 10:12 +0000, Ma, WenwuX wrote: > > > > > > > -----Original Message----- > > > > From: Luca Boccassi <luca.boccassi@gmail.com> > > > > Sent: 2022年8月5日 18:04 > > > > To: Ma, WenwuX <wenwux.ma@intel.com> > > > > Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; Xia, Chenbo > > > > <chenbo.xia@intel.com>; dpdk stable <stable@dpdk.org>; Hu, Jiayu > > > > <jiayu.hu@intel.com>; Wang, Yinan <yinan.wang@intel.com>; He, > > > > Xingguang <xingguang.he@intel.com> > > > > Subject: Re: [PATCH] net/vhost: fix null pointer dereference > > > > > > > > On Fri, 5 Aug 2022 at 03:22, Wenwu Ma <wenwux.ma@intel.com> wrote: > > > > > > > > > > Because the async member of the vhost_virtqueue struct can be > > > > > freed in controlpath, so it should be protected by spinlock in > > > > > datapath, or, it may cause null pointer dereference in the > > > > > following vhost_poll_enqueue_completed(). > > > > > > > > > > Fixes: b737fd613969 ("vhost: add unsafe async API to clear > > > > > packets") > > > > > > > > > > Signed-off-by: Wenwu Ma <wenwux.ma@intel.com> > > > > > --- > > > > > lib/vhost/virtio_net.c | 12 +++++++++--- > > > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > > > > > Hi, > > > > > > > > Is this for a stable branch? If so, which one? Please use > > > > --subject-prefix next time to clearly identify it. > > > > > > > Sorry, it is 21.11 > > > > Does this issue affect only 21.11? Or main as well? > > > Only 21.11 Thanks, applied and pushed. Kind regards, Luca Boccassi ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-08-08 13:02 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-08-05 2:21 [PATCH] net/vhost: fix null pointer dereference Wenwu Ma 2022-08-05 10:03 ` Luca Boccassi 2022-08-05 10:12 ` Ma, WenwuX 2022-08-05 15:09 ` Luca Boccassi 2022-08-08 1:00 ` Ma, WenwuX 2022-08-08 13:02 ` Luca Boccassi
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).