From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 2FB0E37A4 for ; Thu, 26 Mar 2015 08:52:08 +0100 (CET) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP; 26 Mar 2015 00:52:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.11,469,1422950400"; d="scan'208";a="698035436" Received: from pgsmsx108.gar.corp.intel.com ([10.221.44.103]) by fmsmga002.fm.intel.com with ESMTP; 26 Mar 2015 00:52:06 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by PGSMSX108.gar.corp.intel.com (10.221.44.103) with Microsoft SMTP Server (TLS) id 14.3.224.2; Thu, 26 Mar 2015 15:52:05 +0800 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.36]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.111]) with mapi id 14.03.0224.002; Thu, 26 Mar 2015 15:52:03 +0800 From: "Xie, Huawei" To: "Qiu, Michael" Thread-Topic: [PATCH] vhost: Fix Segmentation fault of NULL address Thread-Index: AdBnmb8743+GWx+CR+mbV/sWT2DULg== Date: Thu, 26 Mar 2015 07:52:03 +0000 Message-ID: References: <1427353496-21965-1-git-send-email-michael.qiu@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] [PATCH] vhost: Fix Segmentation fault of NULL address X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2015 07:52:08 -0000 On 3/26/2015 3:05 PM, Qiu, Michael wrote:=0A= > Function gpa_to_vva() could return zero, while this will lead=0A= > a Segmentation fault.=0A= >=0A= > This patch is to fix this issue.=0A= >=0A= > Signed-off-by: Michael Qiu =0A= > ---=0A= > lib/librte_vhost/vhost_rxtx.c | 3 +++=0A= > 1 file changed, 3 insertions(+)=0A= >=0A= > diff --git a/lib/librte_vhost/vhost_rxtx.c b/lib/librte_vhost/vhost_rxtx.= c=0A= > index 535c7a1..23c8acb 100644=0A= > --- a/lib/librte_vhost/vhost_rxtx.c=0A= > +++ b/lib/librte_vhost/vhost_rxtx.c=0A= > @@ -587,6 +587,9 @@ rte_vhost_dequeue_burst(struct virtio_net *dev, uint1= 6_t queue_id,=0A= > =0A= > /* Buffer address translation. */=0A= > vb_addr =3D gpa_to_vva(dev, desc->addr);=0A= > + if (!vb_addr)=0A= > + return entry_success;=0A= > +=0A= =0A= Firstly we should add check for all gpa_to_vva translation, and do=0A= reporting and cleanup on error. We should avoid the case that some buggy=0A= or malicious guest virtio driver gives us an invalid GPA(for example,=0A= GPA for some MMIO space) and crash our vhost process.=0A= =0A= As we discuss, you meet segfault here, but our virtio PMD shouldn't give=0A= us the GPA that has no translation, so we should root cause first and=0A= fix the problem, and then submit the patch checking all gpa_to_vva=0A= translation.=0A= =0A= -Huawei=0A= > /* Prefetch buffer address. */=0A= > rte_prefetch0((void *)(uintptr_t)vb_addr);=0A= > =0A= =0A=