From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id EFF775A7B for ; Fri, 27 Mar 2015 09:46:33 +0100 (CET) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga103.fm.intel.com with ESMTP; 27 Mar 2015 01:46:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.11,477,1422950400"; d="scan'208";a="547150023" Received: from pgsmsx102.gar.corp.intel.com ([10.221.44.80]) by orsmga003.jf.intel.com with ESMTP; 27 Mar 2015 01:46:31 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by PGSMSX102.gar.corp.intel.com (10.221.44.80) with Microsoft SMTP Server (TLS) id 14.3.224.2; Fri, 27 Mar 2015 16:45:25 +0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.36]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.149]) with mapi id 14.03.0224.002; Fri, 27 Mar 2015 16:45:21 +0800 From: "Qiu, Michael" To: Linhaifeng , "Xie, Huawei" Thread-Topic: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address Thread-Index: AQHQZ5M8mqUlC/P2f0+YB6KFESvNSw== Date: Fri, 27 Mar 2015 08:45:20 +0000 Message-ID: <533710CFB86FA344BFBF2D6802E60286D18E94@SHSMSX101.ccr.corp.intel.com> References: <1427353496-21965-1-git-send-email-michael.qiu@intel.com> <533710CFB86FA344BFBF2D6802E60286D18871@SHSMSX101.ccr.corp.intel.com> <5513C350.9090609@huawei.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2015 08:46:34 -0000 On 3/26/2015 4:29 PM, Linhaifeng wrote:=0A= >=0A= > On 2015/3/26 15:58, Qiu, Michael wrote:=0A= >> On 3/26/2015 3:52 PM, Xie, Huawei wrote:=0A= >>> On 3/26/2015 3:05 PM, Qiu, Michael wrote:=0A= >>>> Function gpa_to_vva() could return zero, while this will lead=0A= >>>> a Segmentation fault.=0A= >>>>=0A= >>>> This patch is to fix this issue.=0A= >>>>=0A= >>>> Signed-off-by: Michael Qiu =0A= >>>> ---=0A= >>>> lib/librte_vhost/vhost_rxtx.c | 3 +++=0A= >>>> 1 file changed, 3 insertions(+)=0A= >>>>=0A= >>>> diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rx= tx.c=0A= >>>> index 535c7a1..23c8acb 100644=0A= >>>> --- a/lib/librte_vhost/vhost_rxtx.c=0A= >>>> +++ b/lib/librte_vhost/vhost_rxtx.c=0A= >>>> @@ -587,6 +587,9 @@ rte_vhost_dequeue_burst(struct virtio_net *dev, ui= nt16_t queue_id,=0A= >>>> =0A= >>>> /* Buffer address translation. */=0A= >>>> vb_addr =3D gpa_to_vva(dev, desc->addr);=0A= >>>> + if (!vb_addr)=0A= >>>> + return entry_success;=0A= >>>> +=0A= >>> Firstly we should add check for all gpa_to_vva translation, and do=0A= >>> reporting and cleanup on error. We should avoid the case that some bugg= y=0A= >>> or malicious guest virtio driver gives us an invalid GPA(for example,= =0A= >>> GPA for some MMIO space) and crash our vhost process.=0A= >> Yes, agree, I will do this for next version.=0A= >>=0A= >>> As we discuss, you meet segfault here, but our virtio PMD shouldn't giv= e=0A= >>> us the GPA that has no translation, so we should root cause first and= =0A= >> Yes, root cause is very important, but it will spend lots time, and I=0A= >> think we could be possible to apply this first(All check version).=0A= >>=0A= > How to deal with invalid address but not NULL?=0A= =0A= The problem is how do you know if it is a valid addres?=0A= =0A= Thanks,=0A= Michael=0A= >=0A= >> Thanks,=0A= >> Michael=0A= >>> fix the problem, and then submit the patch checking all gpa_to_vva=0A= >>> translation.=0A= >>>=0A= >>> -Huawei=0A= >>>> /* Prefetch buffer address. */=0A= >>>> rte_prefetch0((void *)(uintptr_t)vb_addr);=0A= >>>> =0A= >>=0A= >>=0A= >=0A= =0A=