From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id CDCC41BEC1 for ; Tue, 3 Jul 2018 06:45:50 +0200 (CEST) X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Jul 2018 21:45:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.51,302,1526367600"; d="scan'208";a="71817206" Received: from debian.sh.intel.com (HELO debian) ([10.67.104.228]) by orsmga002.jf.intel.com with ESMTP; 02 Jul 2018 21:45:34 -0700 Date: Tue, 3 Jul 2018 12:45:36 +0800 From: Tiwei Bie To: Maxime Coquelin Cc: zhihong.wang@intel.com, dev@dpdk.org Message-ID: <20180703044535.GB3041@debian> References: <20180627144959.17277-1-maxime.coquelin@redhat.com> <20180627144959.17277-3-maxime.coquelin@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180627144959.17277-3-maxime.coquelin@redhat.com> User-Agent: Mutt/1.9.5 (2018-04-13) Subject: Re: [dpdk-dev] [PATCH v3 2/7] vhost: make gpa to hpa failure an error X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 04:45:51 -0000 On Wed, Jun 27, 2018 at 04:49:54PM +0200, Maxime Coquelin wrote: > CVE-2018-1059 fix makes sure gpa contiguous memory is > also contiguous in hva space. Incidentally, it also makes > sure it is contiguous in hpa space. > > So we can simplify the code by making gpa contiguous memory > discontiguous in hpa space an error. Does it mean that when guest virtio driver using gpa contiguous but hpa discontiguous memory, vhost won't be able to process the corresponding desc? And in this case, should vhost skip this desc? Best regards, Tiwei Bie > > Signed-off-by: Maxime Coquelin > --- > lib/librte_vhost/virtio_net.c | 14 +++++++------- > 1 file changed, 7 insertions(+), 7 deletions(-) > > diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c > index 7e70a927f..ec4bcc400 100644 > --- a/lib/librte_vhost/virtio_net.c > +++ b/lib/librte_vhost/virtio_net.c > @@ -884,13 +884,13 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, > > cpy_len = RTE_MIN(desc_chunck_len, mbuf_avail); > > - /* > - * A desc buf might across two host physical pages that are > - * not continuous. In such case (gpa_to_hpa returns 0), data > - * will be copied even though zero copy is enabled. > - */ > - if (unlikely(dev->dequeue_zero_copy && (hpa = gpa_to_hpa(dev, > - desc_gaddr + desc_offset, cpy_len)))) { > + if (unlikely(dev->dequeue_zero_copy)) { > + hpa = gpa_to_hpa(dev, > + desc_gaddr + desc_offset, cpy_len); > + if (unlikely(!hpa)) { > + error = -1; > + goto out; > + } > cur->data_len = cpy_len; > cur->data_off = 0; > cur->buf_addr = (void *)(uintptr_t)(desc_addr > -- > 2.14.4 >