From: Maxime Coquelin <maxime.coquelin@redhat.com>
To: dev@dpdk.org, chenbo.xia@intel.com, amorenoz@redhat.com
Cc: Maxime Coquelin <maxime.coquelin@redhat.com>
Subject: [dpdk-dev] [PATCH 7/7] vhost: check virtqueue metadata pointer
Date: Mon, 19 Oct 2020 19:34:15 +0200
Message-ID: <20201019173415.582407-8-maxime.coquelin@redhat.com> (raw)
In-Reply-To: <20201019173415.582407-1-maxime.coquelin@redhat.com>
This patch checks whether the virtqueue metadata pointer
is valid before dereferencing it. It is not considered
a fix as earlier patch ensures there are no holes in the
array of virtqueue metadata pointers.
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/librte_vhost/vhost.c | 11 +++++++++++
lib/librte_vhost/vhost_user.c | 12 ++++++++++++
2 files changed, 23 insertions(+)
diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index e92ff618ac..8a151a9c1d 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -544,6 +544,11 @@ init_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
}
vq = dev->virtqueue[vring_idx];
+ if (!vq) {
+ VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n",
+ vring_idx);
+ return;
+ }
memset(vq, 0, sizeof(struct vhost_virtqueue));
@@ -570,6 +575,12 @@ reset_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
}
vq = dev->virtqueue[vring_idx];
+ if (!vq) {
+ VHOST_LOG_CONFIG(ERR, "Virtqueue not allocated (%d)\n",
+ vring_idx);
+ return;
+ }
+
callfd = vq->callfd;
init_vring_queue(dev, vring_idx);
vq->callfd = callfd;
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index d20c8c57ad..8a8726f8b8 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -1235,6 +1235,9 @@ vhost_user_set_mem_table(struct virtio_net **pdev, struct VhostUserMsg *msg,
for (i = 0; i < dev->nr_vring; i++) {
struct vhost_virtqueue *vq = dev->virtqueue[i];
+ if (!vq)
+ continue;
+
if (vq->desc || vq->avail || vq->used) {
/*
* If the memory table got updated, the ring addresses
@@ -1556,6 +1559,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
for (i = 0; i < num_queues; i++) {
vq = dev->virtqueue[i];
+ if (!vq)
+ continue;
+
if (vq_is_packed(dev)) {
vq->inflight_packed = addr;
vq->inflight_packed->desc_num = queue_size;
@@ -2310,6 +2316,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
for (i = 0; i < dev->nr_vring; i++) {
struct vhost_virtqueue *vq = dev->virtqueue[i];
+ if (!vq)
+ continue;
+
vhost_user_iotlb_cache_insert(vq, imsg->iova, vva,
len, imsg->perm);
@@ -2321,6 +2330,9 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg,
for (i = 0; i < dev->nr_vring; i++) {
struct vhost_virtqueue *vq = dev->virtqueue[i];
+ if (!vq)
+ continue;
+
vhost_user_iotlb_cache_remove(vq, imsg->iova,
imsg->size);
--
2.26.2
next prev parent reply other threads:[~2020-10-19 17:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-19 17:34 [dpdk-dev] [PATCH 0/7] vhost: make VQ metadata dereferencing robust Maxime Coquelin
2020-10-19 17:34 ` [dpdk-dev] [PATCH 1/7] vhost: fix virtqueues metadata allocation Maxime Coquelin
2020-10-21 11:10 ` Xia, Chenbo
2020-10-21 12:06 ` Maxime Coquelin
2020-10-22 11:00 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 2/7] vhost: validate index in available entries API Maxime Coquelin
2020-10-21 11:28 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 3/7] vhost: validate index in guest notification API Maxime Coquelin
2020-10-21 11:30 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 4/7] vhost: validate index in live-migration API Maxime Coquelin
2020-10-21 11:30 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 5/7] vhost: validate index in inflight API Maxime Coquelin
2020-10-21 11:30 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 6/7] vhost: validate index in async API Maxime Coquelin
2020-10-21 11:31 ` Xia, Chenbo
2020-10-19 17:34 ` Maxime Coquelin [this message]
2020-10-21 11:32 ` [dpdk-dev] [PATCH 7/7] vhost: check virtqueue metadata pointer Xia, Chenbo
2020-10-23 11:21 ` [dpdk-dev] [PATCH 0/7] vhost: make VQ metadata dereferencing robust Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201019173415.582407-8-maxime.coquelin@redhat.com \
--to=maxime.coquelin@redhat.com \
--cc=amorenoz@redhat.com \
--cc=chenbo.xia@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
DPDK patches and discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
dev@dpdk.org
public-inbox-index dev
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://inbox.dpdk.org/inbox.dpdk.dev
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git