From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id A1C321B51F for ; Mon, 24 Dec 2018 02:39:14 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Dec 2018 17:39:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,390,1539673200"; d="scan'208";a="100983720" Received: from jim-aorus.sh.intel.com ([10.67.102.207]) by orsmga007.jf.intel.com with ESMTP; 23 Dec 2018 17:39:11 -0800 From: Yahui Cao To: Jiayu Hu , Yuanhan Liu , Maxime Coquelin Cc: stable@dpdk.org, Yongseok Koh Date: Mon, 24 Dec 2018 09:37:22 +0800 Message-Id: <20181224013722.28856-1-yahui.cao@intel.com> X-Mailer: git-send-email 2.17.1 Subject: [dpdk-stable] [PATCH 17.11] vhost: fix corner case for enqueue operation X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2018 01:39:15 -0000 [ backported from upstream commit 729199397f9fc4ba265e94d492c792244e8c364b ] When performing enqueue operations on the split and packed rings, if the reserved buffer length from the descriptor table exceeds 65535, the returned length by fill_vec_buf_split/_packed() overflows. This patch is to avoid this corner case. Fixes: f689586bc060 ("vhost: shadow used ring update") Fixes: fd68b4739d2c ("vhost: use buffer vectors in dequeue path") Fixes: 2f3225a7d69b ("vhost: add vector filling support for packed ring") Fixes: 37f5e79a271d ("vhost: add shadow used ring support for packed rings") Fixes: a922401f35cc ("vhost: add Rx support for packed ring") Fixes: ae999ce49dcb ("vhost: add Tx support for packed ring") Signed-off-by: Jiayu Hu Reviewed-by: Maxime Coquelin Signed-off-by: Yahui Cao --- lib/librte_vhost/virtio_net.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c index bde360f3d..8c0c1b4bb 100644 --- a/lib/librte_vhost/virtio_net.c +++ b/lib/librte_vhost/virtio_net.c @@ -144,7 +144,7 @@ flush_shadow_used_ring(struct virtio_net *dev, struct vhost_virtqueue *vq) static __rte_always_inline void update_shadow_used_ring(struct vhost_virtqueue *vq, - uint16_t desc_idx, uint16_t len) + uint16_t desc_idx, uint32_t len) { uint16_t i = vq->shadow_used_idx++; @@ -560,7 +560,7 @@ static __rte_always_inline int fill_vec_buf(struct virtio_net *dev, struct vhost_virtqueue *vq, uint32_t avail_idx, uint32_t *vec_idx, struct buf_vector *buf_vec, uint16_t *desc_chain_head, - uint16_t *desc_chain_len) + uint32_t *desc_chain_len) { uint16_t idx = vq->avail->ring[avail_idx & (vq->size - 1)]; uint32_t vec_id = *vec_idx; @@ -635,7 +635,7 @@ reserve_avail_buf_mergeable(struct virtio_net *dev, struct vhost_virtqueue *vq, uint16_t tries = 0; uint16_t head_idx = 0; - uint16_t len = 0; + uint32_t len = 0; *num_buffers = 0; cur_idx = vq->last_avail_idx; -- 2.17.1