From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tiwei.bie@intel.com>
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by dpdk.org (Postfix) with ESMTP id ACB622BD5;
 Tue, 27 Nov 2018 10:46:00 +0100 (CET)
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 27 Nov 2018 01:45:59 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,286,1539673200"; d="scan'208";a="114057934"
Received: from btwcube1.sh.intel.com (HELO debian) ([10.67.104.173])
 by fmsmga001.fm.intel.com with ESMTP; 27 Nov 2018 01:45:58 -0800
Date: Tue, 27 Nov 2018 17:44:10 +0800
From: Tiwei Bie <tiwei.bie@intel.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>
Cc: dev@dpdk.org, zhihong.wang@intel.com, jfreimann@redhat.com, stable@dpdk.org
Message-ID: <20181127094409.GA20896@debian>
References: <20181127092325.25758-1-maxime.coquelin@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20181127092325.25758-1-maxime.coquelin@redhat.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Subject: Re: [dpdk-dev] [PATCH] vhost: fix possible null pointer
	dereferencing
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 09:46:01 -0000

On Tue, Nov 27, 2018 at 10:23:25AM +0100, Maxime Coquelin wrote:
> If mmap() call fails in vhost_user_set_mem_table, dev->mem
> is set to NULL. If later, qva_to_vva() is called, a segfault
> occurs.
> 
> Fixes: 8f972312b8f4 ("vhost: support vhost-user")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
>  lib/librte_vhost/vhost_user.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 3ea64eba6..c44fef9cc 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -489,6 +489,9 @@ qva_to_vva(struct virtio_net *dev, uint64_t qva, uint64_t *len)
>  	struct rte_vhost_mem_region *r;
>  	uint32_t i;
>  
> +	if (unlikely(!dev || !dev->mem))
> +		return 0;

Better to also zero *len.

Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>

> +
>  	/* Find the region where the address lives. */
>  	for (i = 0; i < dev->mem->nregions; i++) {
>  		r = &dev->mem->regions[i];
> -- 
> 2.17.2
>