[dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing

DPDK patches and discussions
 help / color / mirror / Atom feed

* [dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing
@ 2018-11-27  9:23 Maxime Coquelin
  2018-11-27  9:44 ` Tiwei Bie
  0 siblings, 1 reply; 3+ messages in thread
From: Maxime Coquelin @ 2018-11-27  9:23 UTC (permalink / raw)
  To: dev, tiwei.bie, zhihong.wang, jfreimann; +Cc: stable, Maxime Coquelin

If mmap() call fails in vhost_user_set_mem_table, dev->mem
is set to NULL. If later, qva_to_vva() is called, a segfault
occurs.

Fixes: 8f972312b8f4 ("vhost: support vhost-user")
Cc: stable@dpdk.org

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost_user.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 3ea64eba6..c44fef9cc 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -489,6 +489,9 @@ qva_to_vva(struct virtio_net *dev, uint64_t qva, uint64_t *len)
 	struct rte_vhost_mem_region *r;
 	uint32_t i;
 
+	if (unlikely(!dev || !dev->mem))
+		return 0;
+
 	/* Find the region where the address lives. */
 	for (i = 0; i < dev->mem->nregions; i++) {
 		r = &dev->mem->regions[i];
-- 
2.17.2

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing
  2018-11-27  9:23 [dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing Maxime Coquelin
@ 2018-11-27  9:44 ` Tiwei Bie
  2018-11-27  9:52   ` Maxime Coquelin
  0 siblings, 1 reply; 3+ messages in thread
From: Tiwei Bie @ 2018-11-27  9:44 UTC (permalink / raw)
  To: Maxime Coquelin; +Cc: dev, zhihong.wang, jfreimann, stable

On Tue, Nov 27, 2018 at 10:23:25AM +0100, Maxime Coquelin wrote:
> If mmap() call fails in vhost_user_set_mem_table, dev->mem
> is set to NULL. If later, qva_to_vva() is called, a segfault
> occurs.
> 
> Fixes: 8f972312b8f4 ("vhost: support vhost-user")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
>  lib/librte_vhost/vhost_user.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 3ea64eba6..c44fef9cc 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -489,6 +489,9 @@ qva_to_vva(struct virtio_net *dev, uint64_t qva, uint64_t *len)
>  	struct rte_vhost_mem_region *r;
>  	uint32_t i;
>  
> +	if (unlikely(!dev || !dev->mem))
> +		return 0;

Better to also zero *len.

Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>

> +
>  	/* Find the region where the address lives. */
>  	for (i = 0; i < dev->mem->nregions; i++) {
>  		r = &dev->mem->regions[i];
> -- 
> 2.17.2
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing
  2018-11-27  9:44 ` Tiwei Bie
@ 2018-11-27  9:52   ` Maxime Coquelin
  0 siblings, 0 replies; 3+ messages in thread
From: Maxime Coquelin @ 2018-11-27  9:52 UTC (permalink / raw)
  To: Tiwei Bie; +Cc: dev, zhihong.wang, jfreimann, stable



On 11/27/18 10:44 AM, Tiwei Bie wrote:
> On Tue, Nov 27, 2018 at 10:23:25AM +0100, Maxime Coquelin wrote:
>> If mmap() call fails in vhost_user_set_mem_table, dev->mem
>> is set to NULL. If later, qva_to_vva() is called, a segfault
>> occurs.
>>
>> Fixes: 8f972312b8f4 ("vhost: support vhost-user")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
>> ---
>>   lib/librte_vhost/vhost_user.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
>> index 3ea64eba6..c44fef9cc 100644
>> --- a/lib/librte_vhost/vhost_user.c
>> +++ b/lib/librte_vhost/vhost_user.c
>> @@ -489,6 +489,9 @@ qva_to_vva(struct virtio_net *dev, uint64_t qva, uint64_t *len)
>>   	struct rte_vhost_mem_region *r;
>>   	uint32_t i;
>>   
>> +	if (unlikely(!dev || !dev->mem))
>> +		return 0;
> 
> Better to also zero *len.
> 
> Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>

Right, I'll post a v2 zeroing *len.

Thanks,
Maxime

> 
>> +
>>   	/* Find the region where the address lives. */
>>   	for (i = 0; i < dev->mem->nregions; i++) {
>>   		r = &dev->mem->regions[i];
>> -- 
>> 2.17.2
>>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-11-27  9:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-27  9:23 [dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing Maxime Coquelin
2018-11-27  9:44 ` Tiwei Bie
2018-11-27  9:52   ` Maxime Coquelin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).