From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by dpdk.org (Postfix) with ESMTP id 3EA401BE1F for ; Tue, 3 Jul 2018 07:51:36 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5D8CA87927; Tue, 3 Jul 2018 05:51:35 +0000 (UTC) Received: from [10.36.112.21] (ovpn-112-21.ams2.redhat.com [10.36.112.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 919EA178BD; Tue, 3 Jul 2018 05:51:34 +0000 (UTC) To: Tiwei Bie Cc: zhihong.wang@intel.com, dev@dpdk.org References: <20180627144959.17277-1-maxime.coquelin@redhat.com> <20180627144959.17277-3-maxime.coquelin@redhat.com> <20180703044535.GB3041@debian> From: Maxime Coquelin Message-ID: <3988e6b4-f7db-9f48-cb33-f859b39398d0@redhat.com> Date: Tue, 3 Jul 2018 07:51:33 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180703044535.GB3041@debian> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Tue, 03 Jul 2018 05:51:35 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Tue, 03 Jul 2018 05:51:35 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'maxime.coquelin@redhat.com' RCPT:'' Subject: Re: [dpdk-dev] [PATCH v3 2/7] vhost: make gpa to hpa failure an error X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 05:51:36 -0000 On 07/03/2018 06:45 AM, Tiwei Bie wrote: > On Wed, Jun 27, 2018 at 04:49:54PM +0200, Maxime Coquelin wrote: >> CVE-2018-1059 fix makes sure gpa contiguous memory is >> also contiguous in hva space. Incidentally, it also makes >> sure it is contiguous in hpa space. >> >> So we can simplify the code by making gpa contiguous memory >> discontiguous in hpa space an error. > > Does it mean that when guest virtio driver using > gpa contiguous but hpa discontiguous memory, vhost > won't be able to process the corresponding desc? > And in this case, should vhost skip this desc? No, I think that's a mistake from my side, I mixed hpa and hva, and so thought that this case would never happen as we already manage buffers discontiguous in hva space. I'll revert to the old behaviour. Thanks! Maxime > Best regards, > Tiwei Bie > >> >> Signed-off-by: Maxime Coquelin >> --- >> lib/librte_vhost/virtio_net.c | 14 +++++++------- >> 1 file changed, 7 insertions(+), 7 deletions(-) >> >> diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c >> index 7e70a927f..ec4bcc400 100644 >> --- a/lib/librte_vhost/virtio_net.c >> +++ b/lib/librte_vhost/virtio_net.c >> @@ -884,13 +884,13 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, >> >> cpy_len = RTE_MIN(desc_chunck_len, mbuf_avail); >> >> - /* >> - * A desc buf might across two host physical pages that are >> - * not continuous. In such case (gpa_to_hpa returns 0), data >> - * will be copied even though zero copy is enabled. >> - */ >> - if (unlikely(dev->dequeue_zero_copy && (hpa = gpa_to_hpa(dev, >> - desc_gaddr + desc_offset, cpy_len)))) { >> + if (unlikely(dev->dequeue_zero_copy)) { >> + hpa = gpa_to_hpa(dev, >> + desc_gaddr + desc_offset, cpy_len); >> + if (unlikely(!hpa)) { >> + error = -1; >> + goto out; >> + } >> cur->data_len = cpy_len; >> cur->data_off = 0; >> cur->buf_addr = (void *)(uintptr_t)(desc_addr >> -- >> 2.14.4 >>