From: Maxime Coquelin <maxime.coquelin@redhat.com>
To: Claudio Fontana <cfontana@suse.de>, Chenbo Xia <chenbo.xia@intel.com>
Cc: dev@dpdk.org
Subject: Re: [PATCH v3 2/2] vhost: improve error handling in desc_to_mbuf
Date: Wed, 5 Oct 2022 14:57:36 +0200 [thread overview]
Message-ID: <a72e8bca-108b-ae84-f30a-880d416631d9@redhat.com> (raw)
In-Reply-To: <20220802004938.23670-3-cfontana@suse.de>
On 8/2/22 02:49, Claudio Fontana wrote:
> check when increasing vec_idx that it is still valid
> in the (buf_len < dev->vhost_hlen) case too.
>
> Tested-by: Claudio Fontana <cfontana@suse.de>
> Signed-off-by: Claudio Fontana <cfontana@suse.de>
> ---
> lib/vhost/virtio_net.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
> index eb19e54c2b..20ed951979 100644
> --- a/lib/vhost/virtio_net.c
> +++ b/lib/vhost/virtio_net.c
> @@ -2704,12 +2704,15 @@ desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
> if (unlikely(buf_len < dev->vhost_hlen)) {
> buf_offset = dev->vhost_hlen - buf_len;
> vec_idx++;
> + if (unlikely(vec_idx >= nr_vec))
> + goto error;
> buf_addr = buf_vec[vec_idx].buf_addr;
> buf_iova = buf_vec[vec_idx].buf_iova;
> buf_len = buf_vec[vec_idx].buf_len;
> buf_avail = buf_len - buf_offset;
> } else if (buf_len == dev->vhost_hlen) {
> - if (unlikely(++vec_idx >= nr_vec))
> + vec_idx++;
> + if (unlikely(vec_idx >= nr_vec))
> goto error;
> buf_addr = buf_vec[vec_idx].buf_addr;
> buf_iova = buf_vec[vec_idx].buf_iova;
This patch is no more required since fixes for CVE-2022-2132 takes care
of this:
dc1516e260a0 ("vhost: fix header spanned across more than two descriptors")
71bd0cc536ad ("vhost: discard too small descriptor chains")
Maxime
next prev parent reply other threads:[~2022-10-05 12:57 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-02 0:49 [PATCH v3 0/2] vhost fixes for OVS SIGSEGV in PMD Claudio Fontana
2022-08-02 0:49 ` [PATCH v3 1/2] vhost: check for nr_vec == 0 in desc_to_mbuf, mbuf_to_desc Claudio Fontana
2022-08-02 1:34 ` Stephen Hemminger
2022-09-28 14:37 ` Maxime Coquelin
2022-09-28 15:21 ` Claudio Fontana
2022-09-28 16:03 ` Thomas Monjalon
2022-09-30 10:22 ` Maxime Coquelin
2022-10-05 15:06 ` Maxime Coquelin
2022-11-02 10:34 ` Claudio Fontana
2022-12-20 12:23 ` Claudio Fontana
2022-08-02 0:49 ` [PATCH v3 2/2] vhost: improve error handling in desc_to_mbuf Claudio Fontana
2022-10-05 12:57 ` Maxime Coquelin [this message]
2022-08-02 1:40 ` [PATCH v3 0/2] vhost fixes for OVS SIGSEGV in PMD Stephen Hemminger
2022-08-02 17:20 ` Claudio Fontana
2022-08-04 10:32 ` Claudio Fontana
2022-08-09 12:39 ` Claudio Fontana
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a72e8bca-108b-ae84-f30a-880d416631d9@redhat.com \
--to=maxime.coquelin@redhat.com \
--cc=cfontana@suse.de \
--cc=chenbo.xia@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).