[dpdk-stable] [PATCH 15/21] vhost: don't dereference invalid dev pointer after its reallocation

[dpdk-stable] [PATCH 15/21] vhost: don't dereference invalid dev pointer after its reallocation

[Maxime Coquelin]

numa_realloc() reallocates the virtio_net device structure and
updates the vhost_devices[] table with the new pointer if the rings
are allocated different NUMA node.

Problem is that vhost_user_msg_handler() still derenferences old
pointer afterward.

This patch prevents this by fetching again the dev pointer in
vhost_devices[] after messages have been handled.

Cc: stable@dpdk.org
Fixes: af295ad4698c ("vhost: realloc device and queues to same numa node as vring desc")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost_user.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 4f9273fe7..a0c7c2f86 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1158,6 +1158,12 @@ vhost_user_msg_handler(int vid, int fd)
 
 	}
 
+	/*
+	 * The virtio_net struct might have been reallocated on a different
+	 * NUMA node, so dev pointer might no more be valid.
+	 */
+	dev = get_device(vid);
+
 	if (msg.flags & VHOST_USER_NEED_REPLY) {
 		msg.payload.u64 = !!ret;
 		msg.size = sizeof(msg.payload.u64);
-- 
2.13.3

Re: [dpdk-stable] [dpdk-dev] [PATCH 15/21] vhost: don't dereference invalid dev pointer after its reallocation

[Remy Horton]

On 31/08/2017 10:50, Maxime Coquelin wrote:
[..]
> Problem is that vhost_user_msg_handler() still derenferences old
> pointer afterward.

Spelling.. :)

Code itself looks OK.