From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 2BAAF5A1F for ; Thu, 26 Mar 2015 09:00:12 +0100 (CET) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP; 26 Mar 2015 01:00:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.11,470,1422950400"; d="scan'208";a="546556664" Received: from kmsmsx152.gar.corp.intel.com ([172.21.73.87]) by orsmga003.jf.intel.com with ESMTP; 26 Mar 2015 01:00:11 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by KMSMSX152.gar.corp.intel.com (172.21.73.87) with Microsoft SMTP Server (TLS) id 14.3.224.2; Thu, 26 Mar 2015 15:58:18 +0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.36]) by shsmsx102.ccr.corp.intel.com ([169.254.2.198]) with mapi id 14.03.0224.002; Thu, 26 Mar 2015 15:58:17 +0800 From: "Qiu, Michael" To: "Xie, Huawei" Thread-Topic: [PATCH] vhost: Fix Segmentation fault of NULL address Thread-Index: AQHQZ5M8mqUlC/P2f0+YB6KFESvNSw== Date: Thu, 26 Mar 2015 07:58:16 +0000 Message-ID: <533710CFB86FA344BFBF2D6802E60286D18871@SHSMSX101.ccr.corp.intel.com> References: <1427353496-21965-1-git-send-email-michael.qiu@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2015 08:00:13 -0000 On 3/26/2015 3:52 PM, Xie, Huawei wrote:=0A= > On 3/26/2015 3:05 PM, Qiu, Michael wrote:=0A= >> Function gpa_to_vva() could return zero, while this will lead=0A= >> a Segmentation fault.=0A= >>=0A= >> This patch is to fix this issue.=0A= >>=0A= >> Signed-off-by: Michael Qiu =0A= >> ---=0A= >> lib/librte_vhost/vhost_rxtx.c | 3 +++=0A= >> 1 file changed, 3 insertions(+)=0A= >>=0A= >> diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx= .c=0A= >> index 535c7a1..23c8acb 100644=0A= >> --- a/lib/librte_vhost/vhost_rxtx.c=0A= >> +++ b/lib/librte_vhost/vhost_rxtx.c=0A= >> @@ -587,6 +587,9 @@ rte_vhost_dequeue_burst(struct virtio_net *dev, uint= 16_t queue_id,=0A= >> =0A= >> /* Buffer address translation. */=0A= >> vb_addr =3D gpa_to_vva(dev, desc->addr);=0A= >> + if (!vb_addr)=0A= >> + return entry_success;=0A= >> +=0A= > Firstly we should add check for all gpa_to_vva translation, and do=0A= > reporting and cleanup on error. We should avoid the case that some buggy= =0A= > or malicious guest virtio driver gives us an invalid GPA(for example,=0A= > GPA for some MMIO space) and crash our vhost process.=0A= =0A= Yes, agree, I will do this for next version.=0A= =0A= > As we discuss, you meet segfault here, but our virtio PMD shouldn't give= =0A= > us the GPA that has no translation, so we should root cause first and=0A= =0A= Yes, root cause is very important, but it will spend lots time, and I=0A= think we could be possible to apply this first(All check version).=0A= =0A= Thanks,=0A= Michael=0A= > fix the problem, and then submit the patch checking all gpa_to_vva=0A= > translation.=0A= >=0A= > -Huawei=0A= >> /* Prefetch buffer address. */=0A= >> rte_prefetch0((void *)(uintptr_t)vb_addr);=0A= >> =0A= >=0A= =0A=