From: "Xia, Chenbo" <chenbo.xia@intel.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"amorenoz@redhat.com" <amorenoz@redhat.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 1/7] vhost: fix virtqueues metadata allocation
Date: Thu, 22 Oct 2020 11:00:16 +0000 [thread overview]
Message-ID: <MN2PR11MB4063D4583C9DBF43557280089C1D0@MN2PR11MB4063.namprd11.prod.outlook.com> (raw)
In-Reply-To: <cdfd2baf-88dc-a7b8-1df9-96bca4404871@redhat.com>
> -----Original Message-----
> From: Maxime Coquelin <maxime.coquelin@redhat.com>
> Sent: Wednesday, October 21, 2020 8:07 PM
> To: Xia, Chenbo <chenbo.xia@intel.com>; dev@dpdk.org; amorenoz@redhat.com
> Cc: stable@dpdk.org
> Subject: Re: [PATCH 1/7] vhost: fix virtqueues metadata allocation
>
> Hi Chenbon
>
> On 10/21/20 1:10 PM, Xia, Chenbo wrote:
> > Hi Maxime,
> >
> >> -----Original Message-----
> >> From: Maxime Coquelin <maxime.coquelin@redhat.com>
> >> Sent: Tuesday, October 20, 2020 1:34 AM
> >> To: dev@dpdk.org; Xia, Chenbo <chenbo.xia@intel.com>;
> amorenoz@redhat.com
> >> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>; stable@dpdk.org
> >> Subject: [PATCH 1/7] vhost: fix virtqueues metadata allocation
> >>
> >> The Vhost-user backend implementation assumes there will be
> >> no holes in the device's array of virtqueues metadata
> >> pointers.
> >>
> >> It can happen though, and would cause segmentation faults,
> >> memory leaks or undefined behaviour.
> >
> > Could I ask when will this happen?
> >
> > When QEMU does not configure all virtqueues? I'm not very sure.
> > Could you point that out for me?
>
> It has been reported by our QE when doing reconnect with multiqueue with
> vIOMMU enabled:
> https://bugzilla.redhat.com/show_bug.cgi?id=1880299
>
> Regards,
> Maxime
>
> > Thanks!
> > Chenbo
> >
> >>
> >> This patch keep the assumption that there is no holes in this
> >> array, and allocate all uninitialized virtqueues metadata up
> >> to requested index.
> >>
> >> Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation")
> >> Cc: stable@dpdk.org
> >>
> >> Suggested-by: Adrian Moreno <amorenoz@redhat.com>
> >> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> >> ---
> >> lib/librte_vhost/vhost.c | 33 ++++++++++++++++++++-------------
> >> 1 file changed, 20 insertions(+), 13 deletions(-)
> >>
> >> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> >> index 6068c38ec6..0c9ba3b3af 100644
> >> --- a/lib/librte_vhost/vhost.c
> >> +++ b/lib/librte_vhost/vhost.c
> >> @@ -579,22 +579,29 @@ int
> >> alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
> >> {
> >> struct vhost_virtqueue *vq;
> >> + uint32_t i;
> >>
> >> - vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0);
> >> - if (vq == NULL) {
> >> - VHOST_LOG_CONFIG(ERR,
> >> - "Failed to allocate memory for vring:%u.\n", vring_idx);
> >> - return -1;
> >> - }
> >> + /* Also allocate holes, if any, up to requested vring index. */
> >> + for (i = 0; i <= vring_idx; i++) {
> >> + if (dev->virtqueue[i])
> >> + continue;
> >>
> >> - dev->virtqueue[vring_idx] = vq;
> >> - init_vring_queue(dev, vring_idx);
> >> - rte_spinlock_init(&vq->access_lock);
> >> - vq->avail_wrap_counter = 1;
> >> - vq->used_wrap_counter = 1;
> >> - vq->signalled_used_valid = false;
> >> + vq = rte_malloc(NULL, sizeof(struct vhost_virtqueue), 0);
> >> + if (vq == NULL) {
> >> + VHOST_LOG_CONFIG(ERR,
> >> + "Failed to allocate memory for vring:%u.\n", i);
> >> + return -1;
> >> + }
> >> +
> >> + dev->virtqueue[i] = vq;
> >> + init_vring_queue(dev, vring_idx);
> >> + rte_spinlock_init(&vq->access_lock);
> >> + vq->avail_wrap_counter = 1;
> >> + vq->used_wrap_counter = 1;
> >> + vq->signalled_used_valid = false;
> >> + }
> >>
> >> - dev->nr_vring += 1;
> >> + dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1);
> >>
> >> return 0;
> >> }
> >> --
> >> 2.26.2
> >
Reviewed-by: Chenbo Xia <chenbo.xia@intel.com>
next prev parent reply other threads:[~2020-10-22 11:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-19 17:34 [dpdk-dev] [PATCH 0/7] vhost: make VQ metadata dereferencing robust Maxime Coquelin
2020-10-19 17:34 ` [dpdk-dev] [PATCH 1/7] vhost: fix virtqueues metadata allocation Maxime Coquelin
2020-10-21 11:10 ` Xia, Chenbo
2020-10-21 12:06 ` Maxime Coquelin
2020-10-22 11:00 ` Xia, Chenbo [this message]
2020-10-19 17:34 ` [dpdk-dev] [PATCH 2/7] vhost: validate index in available entries API Maxime Coquelin
2020-10-21 11:28 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 3/7] vhost: validate index in guest notification API Maxime Coquelin
2020-10-21 11:30 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 4/7] vhost: validate index in live-migration API Maxime Coquelin
2020-10-21 11:30 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 5/7] vhost: validate index in inflight API Maxime Coquelin
2020-10-21 11:30 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 6/7] vhost: validate index in async API Maxime Coquelin
2020-10-21 11:31 ` Xia, Chenbo
2020-10-19 17:34 ` [dpdk-dev] [PATCH 7/7] vhost: check virtqueue metadata pointer Maxime Coquelin
2020-10-21 11:32 ` Xia, Chenbo
2020-10-23 11:21 ` [dpdk-dev] [PATCH 0/7] vhost: make VQ metadata dereferencing robust Maxime Coquelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR11MB4063D4583C9DBF43557280089C1D0@MN2PR11MB4063.namprd11.prod.outlook.com \
--to=chenbo.xia@intel.com \
--cc=amorenoz@redhat.com \
--cc=dev@dpdk.org \
--cc=maxime.coquelin@redhat.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).