From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 5A02E2B9E; Tue, 27 Nov 2018 10:52:08 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9C7DB80F83; Tue, 27 Nov 2018 09:52:07 +0000 (UTC) Received: from [10.36.112.53] (ovpn-112-53.ams2.redhat.com [10.36.112.53]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DFD8D60BF6; Tue, 27 Nov 2018 09:52:02 +0000 (UTC) To: Tiwei Bie Cc: dev@dpdk.org, zhihong.wang@intel.com, jfreimann@redhat.com, stable@dpdk.org References: <20181127092325.25758-1-maxime.coquelin@redhat.com> <20181127094409.GA20896@debian> From: Maxime Coquelin Message-ID: <79b2ea77-302d-9ca4-491f-408de32eeb29@redhat.com> Date: Tue, 27 Nov 2018 10:52:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <20181127094409.GA20896@debian> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 27 Nov 2018 09:52:07 +0000 (UTC) Subject: Re: [dpdk-dev] [PATCH] vhost: fix possible null pointer dereferencing X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2018 09:52:08 -0000 On 11/27/18 10:44 AM, Tiwei Bie wrote: > On Tue, Nov 27, 2018 at 10:23:25AM +0100, Maxime Coquelin wrote: >> If mmap() call fails in vhost_user_set_mem_table, dev->mem >> is set to NULL. If later, qva_to_vva() is called, a segfault >> occurs. >> >> Fixes: 8f972312b8f4 ("vhost: support vhost-user") >> Cc: stable@dpdk.org >> >> Signed-off-by: Maxime Coquelin >> --- >> lib/librte_vhost/vhost_user.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c >> index 3ea64eba6..c44fef9cc 100644 >> --- a/lib/librte_vhost/vhost_user.c >> +++ b/lib/librte_vhost/vhost_user.c >> @@ -489,6 +489,9 @@ qva_to_vva(struct virtio_net *dev, uint64_t qva, uint64_t *len) >> struct rte_vhost_mem_region *r; >> uint32_t i; >> >> + if (unlikely(!dev || !dev->mem)) >> + return 0; > > Better to also zero *len. > > Reviewed-by: Tiwei Bie Right, I'll post a v2 zeroing *len. Thanks, Maxime > >> + >> /* Find the region where the address lives. */ >> for (i = 0; i < dev->mem->nregions; i++) { >> r = &dev->mem->regions[i]; >> -- >> 2.17.2 >>