From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by dpdk.space (Postfix) with ESMTP id 4A3E2A0096
	for <public@inbox.dpdk.org>; Wed,  8 May 2019 12:16:22 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 42BEB49DF;
	Wed,  8 May 2019 12:16:22 +0200 (CEST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id DF1982862
 for <stable@dpdk.org>; Wed,  8 May 2019 12:16:20 +0200 (CEST)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 513C63082AF4;
 Wed,  8 May 2019 10:16:20 +0000 (UTC)
Received: from rh.redhat.com (ovpn-117-210.ams2.redhat.com [10.36.117.210])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 29AA31A267;
 Wed,  8 May 2019 10:16:18 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Cc: Tiwei Bie <tiwei.bie@intel.com>,
	dpdk stable <stable@dpdk.org>
Date: Wed,  8 May 2019 11:14:59 +0100
Message-Id: <20190508101534.8984-17-ktraynor@redhat.com>
In-Reply-To: <20190508101534.8984-1-ktraynor@redhat.com>
References: <20190508101534.8984-1-ktraynor@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.45]); Wed, 08 May 2019 10:16:20 +0000 (UTC)
Subject: [dpdk-stable] patch 'vhost: fix null pointer checking' has been
	queued to LTS release 18.11.2
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to LTS release 18.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/13/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/cee8e7e8d04eb6ef8b7235c05e4d82341ab55378

Thanks.

Kevin Traynor

---
>From cee8e7e8d04eb6ef8b7235c05e4d82341ab55378 Mon Sep 17 00:00:00 2001
From: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Date: Thu, 11 Apr 2019 15:48:40 +0100
Subject: [PATCH] vhost: fix null pointer checking

[ upstream commit b045785f92d9a59d2ed3d27891201d1f07c051b3 ]

Null value for parameters will cause segfault.

Fixes: d7280c9fffcb ("vhost: support selective datapath")
Fixes: 72e8543093df ("vhost: add API to get MTU value")
Fixes: a277c7159876 ("vhost: refactor code structure")
Fixes: ca33faf9ef10 ("vhost: introduce API to fetch negotiated features")
Fixes: eb32247457fe ("vhost: export guest memory regions")
Fixes: 40ef286f236a ("vhost: export vhost vring info")
Fixes: bd2e0c3fe5ac ("vhost: add APIs for live migration")
Fixes: 0b8572a0c101 ("vhost: add external message handling to the API")
Fixes: b4953225cea4 ("vhost: add APIs for datapath configuration")
Fixes: 5fbb3941da9f ("vhost: introduce driver features related APIs")
Fixes: 292959c71961 ("vhost: cleanup unix socket")

Signed-off-by: Mohammad Abdul Awal <mohammad.abdul.awal@intel.com>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
---
 lib/librte_vhost/socket.c |  8 +++++++-
 lib/librte_vhost/vdpa.c   |  5 ++++-
 lib/librte_vhost/vhost.c  | 16 ++++++++--------
 3 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
index c2bf023d1..4007d9d56 100644
--- a/lib/librte_vhost/socket.c
+++ b/lib/librte_vhost/socket.c
@@ -550,4 +550,7 @@ find_vhost_user_socket(const char *path)
 	int i;
 
+	if (path == NULL)
+		return NULL;
+
 	for (i = 0; i < vhost_user.vsocket_cnt; i++) {
 		struct vhost_user_socket *vsocket = vhost_user.vsockets[i];
@@ -565,5 +568,5 @@ rte_vhost_driver_attach_vdpa_device(const char *path, int did)
 	struct vhost_user_socket *vsocket;
 
-	if (rte_vdpa_get_device(did) == NULL)
+	if (rte_vdpa_get_device(did) == NULL || path == NULL)
 		return -1;
 
@@ -964,4 +967,7 @@ rte_vhost_driver_unregister(const char *path)
 	struct vhost_user_connection *conn, *next;
 
+	if (path == NULL)
+		return -1;
+
 again:
 	pthread_mutex_lock(&vhost_user.mutex);
diff --git a/lib/librte_vhost/vdpa.c b/lib/librte_vhost/vdpa.c
index ae721e06b..f560419b1 100644
--- a/lib/librte_vhost/vdpa.c
+++ b/lib/librte_vhost/vdpa.c
@@ -50,5 +50,5 @@ rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
 	int i;
 
-	if (vdpa_device_num >= MAX_VHOST_DEVICE)
+	if (vdpa_device_num >= MAX_VHOST_DEVICE || addr == NULL || ops == NULL)
 		return -1;
 
@@ -100,4 +100,7 @@ rte_vdpa_find_device_id(struct rte_vdpa_dev_addr *addr)
 	int i;
 
+	if (addr == NULL)
+		return -1;
+
 	for (i = 0; i < MAX_VHOST_DEVICE; ++i) {
 		dev = vdpa_devices[i];
diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
index 70ac6bc9c..488cf1694 100644
--- a/lib/librte_vhost/vhost.c
+++ b/lib/librte_vhost/vhost.c
@@ -461,5 +461,5 @@ rte_vhost_get_mtu(int vid, uint16_t *mtu)
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (dev == NULL || mtu == NULL)
 		return -ENODEV;
 
@@ -529,5 +529,5 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
 	struct virtio_net *dev = get_device(vid);
 
-	if (dev == NULL)
+	if (dev == NULL || buf == NULL)
 		return -1;
 
@@ -546,5 +546,5 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
 
 	dev = get_device(vid);
-	if (!dev)
+	if (dev == NULL || features == NULL)
 		return -1;
 
@@ -561,5 +561,5 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
 
 	dev = get_device(vid);
-	if (!dev)
+	if (dev == NULL || mem == NULL)
 		return -1;
 
@@ -584,5 +584,5 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
 
 	dev = get_device(vid);
-	if (!dev)
+	if (dev == NULL || vring == NULL)
 		return -1;
 
@@ -777,5 +777,5 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (dev == NULL || log_base == NULL || log_size == NULL)
 		return -1;
 
@@ -798,5 +798,5 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (dev == NULL || last_avail_idx == NULL || last_used_idx == NULL)
 		return -1;
 
@@ -819,5 +819,5 @@ int rte_vhost_set_vring_base(int vid, uint16_t queue_id,
 	struct virtio_net *dev = get_device(vid);
 
-	if (!dev)
+	if (dev == NULL)
 		return -1;
 
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-05-08 11:05:06.710360401 +0100
+++ 0017-vhost-fix-null-pointer-checking.patch	2019-05-08 11:05:05.793933515 +0100
@@ -1 +1 @@
-From b045785f92d9a59d2ed3d27891201d1f07c051b3 Mon Sep 17 00:00:00 2001
+From cee8e7e8d04eb6ef8b7235c05e4d82341ab55378 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit b045785f92d9a59d2ed3d27891201d1f07c051b3 ]
+
@@ -19 +20,0 @@
-Cc: stable@dpdk.org
@@ -30 +31 @@
-index f0fdb83f7..c7a77a5d5 100644
+index c2bf023d1..4007d9d56 100644
@@ -48 +49 @@
-@@ -978,4 +981,7 @@ rte_vhost_driver_unregister(const char *path)
+@@ -964,4 +967,7 @@ rte_vhost_driver_unregister(const char *path)
@@ -57 +58 @@
-index 321e11f17..e91548843 100644
+index ae721e06b..f560419b1 100644
@@ -76 +77 @@
-index e480aeac9..163f4595e 100644
+index 70ac6bc9c..488cf1694 100644
@@ -79 +80 @@
-@@ -448,5 +448,5 @@ rte_vhost_get_mtu(int vid, uint16_t *mtu)
+@@ -461,5 +461,5 @@ rte_vhost_get_mtu(int vid, uint16_t *mtu)
@@ -86 +87 @@
-@@ -516,5 +516,5 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
+@@ -529,5 +529,5 @@ rte_vhost_get_ifname(int vid, char *buf, size_t len)
@@ -93 +94 @@
-@@ -533,5 +533,5 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
+@@ -546,5 +546,5 @@ rte_vhost_get_negotiated_features(int vid, uint64_t *features)
@@ -100 +101 @@
-@@ -548,5 +548,5 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
+@@ -561,5 +561,5 @@ rte_vhost_get_mem_table(int vid, struct rte_vhost_memory **mem)
@@ -107 +108 @@
-@@ -571,5 +571,5 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
+@@ -584,5 +584,5 @@ rte_vhost_get_vhost_vring(int vid, uint16_t vring_idx,
@@ -114 +115 @@
-@@ -764,5 +764,5 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
+@@ -777,5 +777,5 @@ int rte_vhost_get_log_base(int vid, uint64_t *log_base,
@@ -121 +122 @@
-@@ -778,5 +778,5 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
+@@ -798,5 +798,5 @@ int rte_vhost_get_vring_base(int vid, uint16_t queue_id,
@@ -128 +129 @@
-@@ -806,5 +806,5 @@ int rte_vhost_extern_callback_register(int vid,
+@@ -819,5 +819,5 @@ int rte_vhost_set_vring_base(int vid, uint16_t queue_id,
@@ -132 +133 @@
-+	if (dev == NULL || ops == NULL)
++	if (dev == NULL)