From: Maxime Coquelin <maxime.coquelin@redhat.com>
To: dev@dpdk.org, stable@dpdk.org
Cc: Stefan Hajnoczi <stefanha@redhat.com>,
Maxime Coquelin <maxime.coquelin@redhat.com>
Subject: [dpdk-dev] [v16.11 PATCH v2 1/4] vhost: validate virtqueue size
Date: Tue, 12 Nov 2019 16:18:49 +0100 [thread overview]
Message-ID: <20191112151852.27341-1-maxime.coquelin@redhat.com> (raw)
In-Reply-To: <b45c3416-0b1d-0ee4-89eb-c23a69e7cef3@intel.com>
From: Stefan Hajnoczi <stefanha@redhat.com>
[ backported from upstream commit eb7c574b21cc92792ea5a1f219ddf6dd3cf3b1e1 ]
Check the virtqueue size constraints so that invalid values don't cause
bugs later on in the code. For example, sometimes the virtqueue size is
stored as unsigned int and sometimes as uint16_t, so bad things happen
if it is ever larger than 65535.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/librte_vhost/vhost_user.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 618d413fe1..8a01c295e7 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -189,6 +189,17 @@ vhost_user_set_vring_num(struct virtio_net *dev,
vq->size = state->num;
+ /* VIRTIO 1.0, 2.4 Virtqueues says:
+ *
+ * Queue Size value is always a power of 2. The maximum Queue Size
+ * value is 32768.
+ */
+ if ((vq->size & (vq->size - 1)) || vq->size > 32768) {
+ RTE_LOG(ERR, VHOST_CONFIG,
+ "invalid virtqueue size %u\n", vq->size);
+ return -1;
+ }
+
if (dev->dequeue_zero_copy) {
vq->nr_zmbuf = 0;
vq->last_zmbuf_idx = 0;
--
2.21.0
next prev parent reply other threads:[~2019-11-12 15:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 15:15 [dpdk-dev] DPDK security advisory: CVE-2019-14818 Ferruh Yigit
2019-11-12 15:18 ` Maxime Coquelin [this message]
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 2/4] vhost: add number of fds to vhost-user messages Maxime Coquelin
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 3/4] vhost: fix possible denial of service on SET_VRING_NUM Maxime Coquelin
2019-11-12 15:18 ` [dpdk-dev] [v16.11 PATCH v2 4/4] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 1/4] vhost: validate virtqueue size Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 2/4] vhost: add number of fds to vhost-user messages Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 3/4] vhost: fix possible denial of service on SET_VRING_NUM Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v17.11 PATCH v2 4/4] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v18.11 PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [v18.11 PATCH v2 2/2] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:29 ` [dpdk-dev] [dpdk-stable] " Kevin Traynor
2019-11-12 15:29 ` [dpdk-dev] [dpdk-stable] [v18.11 PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM Kevin Traynor
2019-11-12 15:19 ` [dpdk-dev] [master " Maxime Coquelin
2019-11-12 15:19 ` [dpdk-dev] [master PATCH v2 2/2] vhost: fix possible denial of service by leaking FDs Maxime Coquelin
2019-11-12 15:23 ` David Marchand
2019-11-12 15:23 ` [dpdk-dev] [master PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM David Marchand
2019-11-12 15:35 ` [dpdk-dev] DPDK security advisory: CVE-2019-14818 Ferruh Yigit
2019-11-14 11:25 ` [dpdk-dev] [dpdk-security] " Ferruh Yigit
2019-11-15 18:19 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191112151852.27341-1-maxime.coquelin@redhat.com \
--to=maxime.coquelin@redhat.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).